Your Cell Phone knows everything about you. And that data may be out there
Your metadata is being sold by service providers as well as being hacked in cyber attacks
Telecommunications providers are immensely important in this day and age where everyone has a cell phone and uses it for entertainment, work and more. Many people do not have traditional desktop computers anymore and rely mostly on their cell phone for all their daily activities and needs. Mobile devices even account for over 50% of traffic on the internet. Needless to say, mobile devices and more importantly, the services it relies on, is vital in this era.
The largest mobile service providers in the United States include Verizon, AT&T, and T-Mobile. All three of them not only charge for the service they provide but they all also sell their customers metadata to advertisers as an additional source of revenue. While the data they sell is ‘anonymized’, the data along with some other pieces of information makes it easy to reveal who each person is.
This metadata is able to be sold because it is not covered under rules written for mobile service providers as protected data they are not allowed to sell. The metadata can include general internet use, web and search history, app usage, location and more. This data can be pieced together to understand who you are, what you like to do, the places you go, and when you go there. As mobile usage increases, more and more about the lives of customers can be tracked, cataloged, and sold to advertisers, data aggregators and others.
While privacy suffers as a result of the sale of this data, it also suffers when providers or any of the many third parties they use get hacked in data breaches. Cyber attacks are increasingly common and it is no different for mobile service providers. AT&T suffered a data breach in the last few weeks and T-Mobile has been breached at least once every year since 2018. Many breaches are at third parties who are contracted with these providers in order to extract the value from customer metadata.
Companies get hacked all the time and the best way to protect yourself is to not give them any data to collect. To increase your privacy and to decrease the chances of your data being involved in a breach, there are ways to opt out of data collection. Sometimes the data collected is on an opt in basis, while other times you are opted in by default. These settings are called by different names by different providers and it is usually a series of settings buried in a menu that most people would not look into.
T-Mobile is an opt out process as by default they opt you into the data collection program. Business users and children are excluded however. T-Mobile has an especially ridiculous method of opt out as it is specific to the device and browser it is opted out of. This makes it nearly impossible to not leak any data using their settings. T-Mobile customers can opt out by logging into their account, heading to the profile page, and then to “Privacy and Notifications” and turning off the options to “Use my data for analytics and reporting” as well as “Use my data to make ads more relevant to me”.
Verizon and AT&T are opt in processes, however this does not mean you have not been enrolled at some point automatically. In 2021, users of Verizon found that they were being automatically enrolled in the program even after they had opted out of the program while it had a different name.
The Verizon program is called Custom Experience Plus and can be turned off by logging into their account and going to “Privacy Settings” on the web or “Manage Privacy Settings” on the app. All the options under that should be turned off or set to “don’t use” in order to ensure you are opted out.
The AT&T program is called Enhanced Relevant Advertising Program (sometimes called Personalized and Personalized Plus) and can be opted out by going to att.com/PrivacyChoices.
For any carrier, if the steps above don’t work, you can always reach out to them via their store or customer support line.
There is another option with which to protect your data, and that is through the use of VPNs. Use of a VPN encrypts your data to a data center where it joins the internet outside of the control of your mobile service provider. However this does shift the problem from your mobile service provider to the VPN company. Reputable VPN providers are few and far between and must be selected with care. VPNs are usable on mobile devices as well though it may come with caveats on certain devices.
The unfortunate reality of the world we live in is that we are almost always tracked in some way in order that advertisers have some way to entice us into purchasing a service or product. This can be especially unhelpful when this data is leaked during a breach for the use of hackers and nefarious people. Constant vigilance is the only answer to this problem. Thanks for reading!
For further information check out these links.
https://krebsonsecurity.com/2023/03/why-you-should-opt-out-of-sharing-data-with-your-mobile-provider/
https://www.axios.com/2023/03/17/telecom-data-breaches-t-mobile-att
https://www.fiercewireless.com/security/att-informs-9m-wireless-customers-security-breach
https://about.att.com/privacy/full_privacy_policy.html