For the thousands of people protesting and reporting on George Floyd’s death at the hands of the Minneapolis Police Department—or even for bystanders caught up in the demonstrations—arrests, injuries, and even death are becoming commonplace in this moment. And just like protests we’ve experienced within the past decade, confrontation with police comes coupled with risks to people’s lives through digital means, too. Federal authorities have more than proven that they aren’t above siphoning off nearly every digital footprint we make in the name of profiling and policing every person in the crowd.
This browser does not support the video element.
If you’re (rightfully) trying to fly under this radar while attending a protest of your own, the good news is that there are resources galore detailing some steps you can take to keep yourself from being surveilled. You can wrap your face in an old t-shirt to slip by facial recognition algorithms, and you can tighten the settings on your social media profiles to keep sensitive intel from slipping into the wrong hands. You can also—ideally—leave your phone at home altogether, or only bring a cheap, prepaid burner device to throw surveillance systems off your trail.
The bad news is that it’s damn near impossible to keep some sort of data from slipping through. In a sense, this is by design: For the past few years, tech companies have quietly been engineering labyrinthian backdoors meant to hoover nearly every piece of our digital data with little regard for the person whose data is being hoovered.
Put another way, turning off your phone’s location services alone doesn’t protect that data from advertisers, and it doesn’t protect that data from authorities. It just means that data’s getting mined from somewhere else.
Understanding how the data-hoovering happens—and how to protect yourself—requires a bit of background. While most of us think about location as just well, location, the truth is that our phone’s built-in GPS is only one part of the puzzle. When a person turns off location services on her phone but uses a credit card to buy a six-pack at her local drugstore, there are countless adtech orgs tapping into that single purchase to map out the coordinates of that store, and the beer-buyer in question. If, after that, she walks over to her friend’s house to, say, watch old Pokemon reruns, that same process happens: mapping out whose wifi network it is, where it’s located, and who’s the Poke-fan doing the connecting. Even though there’s no geolocation data explicitly changing hands here, if there’s any data leaking out, you can rest assured that there are hundreds, if not thousands, of organizations on the other end whose sole job is mapping that back to you.
We’d call that creepy as hell, but the adtech world just calls it “identity resolution”: the tech tying every digital breadcrumb back to the original human that left it. And for the most part, this isn’t a solo effort. You can expect that the point-of-sale data generated by our beer-buyer is going to pass from one data aggregator, to another, to another, piecing together different parts of her digital footprint gathered until then.
At the end of this chain are obscure companies like the data-mining behemoth Liveramp, which rakes in close to $400 million annually by watching our every move while many of us have no idea they even exist. The California Consumer Privacy Act (CCPA) that rolled out this year only mandates that if, say, a weather app wants to access our location, it should ask for consent before doing so. Because the legislation doesn’t do a damn thing about players further down the chain, they’re allowed to siphon this data with no questions asked. And because the CCPA’s definition of “selling data” is, to put it bluntly, complete trash, the Rube Goldberg happening behind our screens isn’t “selling” our identities as much as “sharing” them.
And when that data’s shared with advertisers, you can bet that it’ll reach local authorities just as easily. Cops that already have access to a library full of cell-snooping tech have dipped into these companies to—surprise, surprise—keep an eye on protestors. Back in 2016, the ACLU got ahold of documents that found one of these aggregators, called Geofeedia, was actively packaging data from the phones of people protesting the death of 25-year-old Freddie Gray at the hands of Baltimore police. Since then, we’ve seen similar data handed over to ICE agents for the purposes of finding where immigrants are sheltering at the border.
This type of surveillance is the result of laws that are entirely unequipped for dealing with the way tech just... works. Because adtech vendors are private companies, cops can sidestep the Fourth Amendment hurdles they’d typically encounter with this sort of data. Because these private companies aren’t dealing with any of us directly, they have no loyalty or legal obligation to let us know that they’re mining our data, compiling our data, and handing our data to the cops. And because there’s a virtual continent of companies in this space that’s only swelling overtime, it’s practically impossible to know who’s working with whom until it’s far too late.
In the sense that our legal system willingly leaves our identities up for digital grabs, yes. We’re also fucked in the sense that the sprawl and scope of these companies make it downright impossible to know if you’ve successfully gone off the grid. It’s wormholes like this that let companies like Facebook get away with preaching their commitment to privacy to you and me, while building out more of these backdoors for its partners. All of these companies know that lawmakers aren’t savvy enough to tackle these systems, and they also know that it’s a nightmare for anyone to crawl out.
All that said, there are some things you can do to limit your exposure. I’m not going to promise a guide to complete anonymity, but I can give some advice to get most of the way there—which, if you’re protesting, will give you a fighting chance at bypassing a federal watchlist.
- At the bare minimum, along with keeping your location and Bluetooth turned off as often as possible, you should be resetting your phone’s mobile adID—it’s a small string of code that comes prepackaged on Android and iOS devices, the sole purpose of which is tying all of the data generated from our normal human activities back to your personal device. It’s an incredibly invasive—but technically anonymous—tidbit because it’s tied to your phone, and not you. But because this is 2020, the two are one the same—maybe not legally, but practically. You can tell a lot about a person if they’re downloading apps explicitly targeted to frightened women, or to gay men, or anything else you can think of. And even if the apps themselves aren’t tying these details to something like your location, I can promise you that someone else will.
Meanwhile, these IDs are directly responsible for a ton of geolocation snitching. If an advertiser wants to keep track of the number of folks visiting his store, there are companies that will help him geofence the perimeter to keep track of all the people who might be sauntering in. In the context of our current hellscape, these sorts of geofences could be used by, say, police who want the digital data of everyone who’s centered around a given protest site. In that scenario, a person who’s wiped their ID before that protest would’ve wiped most of their digital paper trail along with it—and because you can wipe those IDs as often as you want, you can show up as a stranger to any future gathering you might be—rightfully!—wary of. Wiping the adID on an iPhone is more effective than on Android for reasons we’ll get more into below. Thanks to Google’s sweeping advertising business, however, Android users are going to have to take additional precautions.
That said, it’s ridiculously easy to deanonymize your adID-wiped phone—which is kind of by design since these IDs were created for that purpose. Overall, there are two major flavors of data responsible for letting your real self slip, but both can be tricked with a bit of legwork.
- The biggest culprit here is “deterministic data” that links together a given device based on some sort of personal identifier, like an email address or a social media account. If you’re someone who regularly logs into a Twitter or other social media account on your phone, and logs into that same account on your computer, eventually there’s going to be someone behind the scenes that’ll realize these are both your devices. If you’re wiping your ID for privacy purposes, either log out of or delete any social media apps before you wipe it—and don’t log back in on that device until you feel safe to do so.
- Thanks to these linkages, screwing with any advertising identifiers on an Android device is next to impossible, since the phone comes baked in with your Google account from the get-go. The only way around it is, unfortunately, a hard reset on your phone under a new Google account—something I’d strongly recommend for activists who are using an Android device.
If this sounds like a step too far, I’d recommend keeping it on airplane mode for the duration of the protest; data is still monitored here, but it’ll only be shared with Google, rather than Google and every third party, up to and including the cops. (If you’re on an iOS device but are logged into any Google apps, or use a Gmail address, delete those apps—honestly, delete every app you can—and log out of any Google or Gmail account.)
The silver lining here is that Google might be a privacy shitshow, but it’s a privacy shitshow that’s under a massive spotlight from every federal agency you can name, not to mention dogged reporters here and abroad. If the company slyly tried to slide some sort of protestor data over to the feds, the details of that deal have an infinitely higher chance of seeing the light of day than if those deals were happening between some small, shadowy third party and the feds instead.
- Outside of online accounts, it’s also important to keep an eye on any sort of “probabilistic data” that could let someone infer your identity without you offering it outright. The frustrating (and scary) thing here is that there are no hard and fast rules for what kind of data you need to cut off, nor any standard for how long it takes a given algorithm to run this kind of guesstimate about who you are—so I’m gonna through things as if we’re living in a full-on Minority Report-type of hell. The steps below might be a bit overkill for some, and might just be realistic for others.
Assuming you’ve attended a protest with your phone (and your phone’s shiny new adID) that may have been actively monitored by some sort of surveillance dragnet, the best thing you can do is immediately wipe that ID again and replace it with a new one. By taking that step—and by scrapping any sort of sneaky apps from your phone beforehand, which, again, you should’ve done long before reading this—you’ve created an identifier that lives and dies in the protest.
Otherwise, you’ve tagged your phone (and thus yourself) with an ID that was definitively at the scene of the action, and—assuming the Minority Report reality here—will keep being tracked with a frankly bonkers degree of accuracy.
Most major cities—including Minneapolis—are running some sort of digital ad display in their public transportation, on their streets, at their gas stations, or just about anywhere else you can think of. These screens are built to scan for any ad identifiers in their immediate surroundings—meaning that, in this case, your phone can be confirmed not only at the protest but during your commute. And that’s not even mentioning the rideshare vehicles or taxicabs that are driving through these same cities while outfitted with similar ID-sniffing screens.
- Let’s say you get home, and let’s say you immediately pass out for some brief respite from the current hellworld we live in. Depending on a boggling array of details about the way you run your phone and the apps you have downloaded, there’s a good chance that any nearby tech—your laptop, for example, which is still registered to you, with your email addresses and social media profiles—will get a silent ping from your phone. These sorts of cross-device handshakes happen all the time in adtech since they’re key to creating “household-level” data that can be used to discern specifics like whether, say, two folks in the same space are husband and wife, roommates, or just chill bros being chill bros.
Because most tech companies have their own special sauce when it comes to your “identity,” the time it takes to link devices together in this way can vary. Your friend’s phone might be doing a silent jig with your connected TV when she comes to visit, but unless she’s visiting frequently—and that jig continues—you’ll probably be regarded as two different people with two different lives, rather than a couple who’s planning to get engaged and spend a lot of money on a wedding.
A ping from your clean protestor phone to your actual, IRL laptop won’t immediately register you as the same person, but it will put some sort of link between the two. And if that keeps happening, again and again, one of those companies will catch on and link this phone and laptop together under the same owner. Assuming the worst-case scenario here, that relationship might wind its way up from one aggregator to another until it inevitably lands on one with ties to the cops you were trying to escape in the first place.
Granted, this is an absurdly specific scenario—one of the literally countless variables that can happen when every device you own is geared to be a snitch. But if you have enough to lose, it’s not a bad idea to either keep your phone off when you’re at home and wipe your ad identifier pre- and post-protest.
- On the same note, it’s not a bad idea to turn your phone off or put it into airplane mode while riding buses and subways, since they (and just about any place with a digital screen or billboard running an ad), can be just as snitchy, too. Better yet, if you know your neighborhood has roads that are frequented by vehicles with digital screens, you might want to just do this every time you walk outside.
- If you can, keep web browsing and news reading to a minimum. It might be tough in the current climate, but every mobile ad that pops up is engineered to send back a wave of “bidstream” data about your device—and sometimes your device’s location—to a trove of tech companies on the other side.
I know this all sounds weird and scary and, frankly, like a giant pain in the ass—which is why a cheap, protest-ready burner device is always your best bet if you’re going to any protests. But it’s weird and scary for other reasons, too. It’s weird and scary that an industry as profitable and pervasive as adtech is allowed to run wild without these companies offering the folks they work with—or any of us—some sort of transparency into their process. It’s weird and scary to hear that the lawmakers in charge of punching back against these systems are patting themselves on the back for their progress while, in reality, barely doing anything at all. It’s weird and scary that this ecosystem encourages unchecked surveillance against protestors, who are frequently being beaten and sometimes killed by police.
Before joining Gizmodo, I had a job reporting on this sort of adtech stuff, but for the advertisers themselves, rather than the public. Whenever I’d ask players in the various cogs of the system about where the responsibility for educating that side ultimately fell, the answer was always the same: anyone but them. The excuses changed with time, but they all boiled down to the notion that this stuff is either too complicated, or they’d be misinterpreted by a less-savvy audience, so why even try.
The thing is, we’re already seeing that happen regardless. By and large, the stories we read about “digital privacy”—like the stunning work done by the New York Times on the topic—only scrape the surface of the way these systems operate. But these inch-deep stories are ultimately the only thing a lawmaker knows to reference when fighting against someone like Mark Zuckerberg in court. And when the ensuing regulations only scratch the surface, the systems we’re trying to control just continue to fester in an industry that’s only getting more crowded every year with more companies coming up with more ways to exploit us (or at least keep an eye on us) at every turn.
I really, really want to believe that lawmakers are misinformed rather than deliberately looking away, even though they have every reason to. When the public sector and private companies partner together, be it for battling a pandemic or battling off protestors, a whiff of regulation could spook the other side and cause everything to crumble. Cracking down on digital ads would mean that, at the very least, officials are losing a fast track to tapping whatever data they want with as little oversight as possible, whenever and wherever they want.
I’m probably in denial, but I still think it’s a problem of education. And I hope that this helps.
Looking for ways to advocate for black lives? Check out this list of resources by our sister site Lifehacker for ways to get involved.
Clarification: An earlier version of this article stated that the CCPA requires apps to request user permission before collecting location data. The law isn’t quite that strong—we wish it were. Instead, it’s more of a suggestion. We’ve updated the story above to make that clear.
I cover the business of data for Gizmodo. Send your worst tips to firstname.lastname@example.org.