Case Study 12.2: Your Phone Knows Where You've Been
Background
In December 2018, The New York Times published a groundbreaking investigation into the location data industry. The reporting team obtained a dataset from a location data company containing more than 50 billion location "pings" from the phones of over 12 million Americans, collected over several months. The data was supposed to be anonymous — no names, just device identifiers tied to GPS coordinates and timestamps.
It was not anonymous at all.
By analyzing the patterns — which device spent nighttime hours at a particular residential address, which device traveled to a particular office building during work hours, which device visited a particular school for pickup at 3:15 PM every weekday — the reporters could identify specific individuals with startling ease. They tracked a senior Defense Department official. They identified a Microsoft engineer. They followed a woman as she visited a Weight Watchers location and then an ex-boyfriend's apartment.
The investigation revealed an industry that most people had never heard of: a network of apps, data brokers, and analytics companies that silently collect, buy, sell, and analyze the precise location of hundreds of millions of people, in real time, continuously.
How Location Data Gets Collected
Most people do not realize how many apps on their phone request — and receive — access to precise location data. The weather app needs your location to give you a forecast. The maps app needs your location for navigation. Those requests make intuitive sense.
But many other apps request location access for less obvious reasons. A flashlight app. A mobile game. A coupon app. A wallpaper app. Why does a wallpaper app need to know where you are?
The answer, in most cases, is that the app's developer has a business relationship with a location data company. The app collects your GPS coordinates and transmits them to the data company in exchange for revenue. The data company aggregates location data from hundreds of apps across millions of devices, creating a vast, continuously updated map of human movement.
This is not a bug in the system. It is the business model.
The Data Pipeline
The pipeline works like this:
-
Collection: An app on your phone requests location permission. You grant it, perhaps because the app's stated function seems to require it. The app collects your GPS coordinates at regular intervals — sometimes every few seconds.
-
Transmission: The app sends your coordinates, along with a unique device identifier, to a location data company. Your name is not attached, but the device ID is consistent, which means all your movements are linked to a single profile.
-
Aggregation: The location data company combines your data with data from millions of other devices, creating a massive dataset of human movement patterns.
-
Sale: The aggregated data is sold to a range of buyers: advertisers who want to target people who visit certain stores, hedge funds looking for retail foot traffic patterns, real estate developers assessing neighborhood activity, and — critically — government agencies that purchase location data rather than obtaining warrants.
-
Analysis: AI systems analyze the aggregated data to identify patterns, predict behavior, and generate insights that go far beyond the raw location coordinates.
What Location Data Reveals
Raw GPS coordinates — latitude and longitude, timestamped — might seem innocuous. But when you collect enough of them from a single device over time, the picture that emerges is extraordinarily detailed.
Your home address. Where your phone spends the night is almost certainly where you live. This single inference connects your "anonymous" device ID to a physical address, which can be cross-referenced with property records to identify you by name.
Your workplace. Where your phone spends weekday business hours reveals your employer, your work schedule, and your commute pattern.
Your relationships. When your phone regularly appears at the same locations as another phone, it suggests a relationship. When two phones spend the night at the same address, it suggests an intimate one.
Your health. Visits to medical facilities reveal your health concerns. Regular visits to an oncology center, a fertility clinic, or a mental health practice are visible in location data. A 2024 investigative report documented cases where data brokers sold datasets derived from people's visits to health clinics, including reproductive health facilities, after the Supreme Court's 2022 Dobbs decision made abortion illegal in many states.
Your religion. Regular visits to a mosque, synagogue, church, or temple reveal your religious practice.
Your politics. Attendance at political rallies, protests, campaign events, or specific organizations reveals your political leanings.
Your habits and vulnerabilities. Regular visits to a bar, a gambling establishment, or a support group meeting are all visible. So are departures from your normal patterns — an abrupt change in your routine might indicate a job loss, a health crisis, or a relationship breakup.
The Government Access Question
One of the most concerning dimensions of the location data industry involves government access.
In the United States, the Fourth Amendment generally requires law enforcement to obtain a warrant to search your property or seize your possessions. In 2018, the Supreme Court ruled in Carpenter v. United States that the government needs a warrant to access historical cell-site location information (the records your phone company keeps about which cell towers your phone connected to).
But here is the loophole: that ruling applies to data held by your phone company. Location data sold by data brokers is a commercial product available on the open market. Several government agencies — including the Department of Homeland Security, the IRS, U.S. Customs and Border Protection, and military intelligence — have purchased commercial location data from data brokers rather than obtaining warrants.
The legal reasoning is that if data is commercially available, the government is simply making a purchase, not conducting a search. Privacy advocates argue this is a massive end-run around constitutional protections — the government is doing indirectly (buying your location data) what it cannot do directly (tracking your movements without a warrant).
As of 2025, legislation to close this loophole has been proposed in Congress multiple times but has not passed.
The "Anonymity" Illusion
Location data companies consistently claim their data is "anonymous" because it uses device identifiers rather than names. But computer science research has repeatedly demonstrated that location data is nearly impossible to truly anonymize.
A 2013 study by researchers at MIT found that just four location data points — four timestamps paired with GPS coordinates — were sufficient to uniquely identify 95% of individuals in a dataset of 1.5 million people. Human mobility patterns are remarkably distinctive. Your daily pattern of movements — home, coffee shop, workplace, gym, grocery store, home — is almost certainly unique to you.
The practical implication is stark: any dataset containing detailed location traces of individuals is effectively identified data, regardless of whether names are attached. Removing the name does not protect your privacy when your movement pattern is itself a form of identification.
Recent Developments
The location data industry has faced increasing scrutiny:
-
The FTC has taken enforcement action against several data brokers, including Kochava (2022) and X-Mode Social/Outlogic (2024), for selling precise location data that could be used to track visits to sensitive locations including places of worship, domestic violence shelters, and reproductive health facilities.
-
Several states have passed or proposed legislation restricting the sale of geolocation data, particularly for sensitive locations like healthcare facilities and religious institutions.
-
Apple and Google have introduced app tracking transparency features that give users more control over which apps can access precise location data and share it with third parties. Apple's App Tracking Transparency framework, introduced in 2021, requires apps to ask permission before tracking users across other companies' apps and websites.
-
The European Union's GDPR treats location data as personal data, meaning companies need explicit consent to collect and process it, and individuals have the right to request deletion.
Discussion Questions
-
The anonymity question: Location data companies claim their data is anonymous. Based on the MIT research cited in this case study and the chapter's discussion of inference, evaluate this claim. Is location data ever truly anonymous? Should companies be allowed to market identifiable data as "anonymous"?
-
The warrant loophole: The U.S. government purchases commercial location data rather than obtaining warrants. Do you think this should be legal? How would you design a policy that addresses this practice while still allowing legitimate uses of commercial location data?
-
App permissions: Most people grant location permissions to apps without fully understanding how their data will be used. Is this a failure of individual responsibility (people should read permissions more carefully), app design (permissions should be clearer), regulation (the law should restrict what apps can do with location data), or all three? What changes would you propose?
-
The business model question: Location data collection is not a side effect — it is the business model for many "free" apps. If you could redesign the mobile app economy so that apps did not need to sell user data to survive, what would that look like? What trade-offs would be involved?
-
Sensitive locations: The FTC has focused enforcement on data brokers selling data about visits to "sensitive" locations (healthcare facilities, places of worship, domestic violence shelters). Is this the right approach? Who decides which locations are "sensitive"? Is there a principled way to draw the line, or should all location data receive equal protection?
Connection to Chapter Themes
This case study brings together several of the chapter's central themes:
- Inference from metadata: Location data — coordinates and timestamps — is metadata about your movements. The case demonstrates how AI-powered analysis can infer deeply personal information (health conditions, relationships, religious practice) from this metadata alone.
- Privacy as power: The people whose location data is collected and sold have no power over how it is used. The companies and government agencies that buy it have enormous power — the power to track, profile, and potentially target individuals and groups.
- The limits of consent: Even users who grant location permissions to individual apps do not meaningfully consent to their data being aggregated, sold, and analyzed across the entire data broker ecosystem.
- The limits of individual action: You can turn off location services, but your phone still connects to cell towers. You can avoid apps that track you, but you cannot avoid being near other people's phones. Individual privacy measures are necessary but fundamentally limited.
- Regulatory gaps: The United States' sector-specific, patchwork approach to privacy regulation has left location data largely unprotected at the federal level, creating a gap that government agencies and commercial interests actively exploit.