In 2018, AT&T, Sprint, T-Mobile and Verizon were guilty of selling their users' location data. They then were pressured by both the US government and the public to stop their actions, so they promised to change, but whether they upheld that promise is in question today.
The four companies (AT&T, Sprint, T-Mobile and Verizon) were found to have sold their customer's data to "LocationSmart", a location-as-a-service company based in Carlsbad, California that provides location APIs to enterprises and operates a secure, cloud-based and privacy-protected platform. LocationSmart then sold the information to other companies and other third parties, who then used this information to track people's location in real time however they liked. You can read about this issue in more detail here.
The Surprise Today
In an article in January by reporter Joseph Cox, he revealed that he had paid a bounty hunter $300 to locate his phone, who succeeded in doing so through accessing location data from the aforementioned four companies. In fact, the hunter responded with a screenshot of Google Maps, containing a blue circle indicating the phone’s current location, approximate to a few hundred metres. This serves as direct proof that the four companies had refused to follow their promise in the first place. You can read more about this issue here.
Another company Zumigo, which provides mobile location and identity services for clients around the world, also claimed to have bought location data from T-mobile and sold the data to another company named Microbilt. Microbilt then sold the data to a bail bond company, who was then able to find Cox's phone location almost instantaneously.
When confronted with these statements, T-Mobile denied any allegations thrown at the company and said that they did not cooperate with Microbilt, contradicting Microbilt's finding and essentially disproving their promise made last year.
As a result of Cox's findings, AT&T said they would cut off any ties to any location aggregators.
T-Mobile then claimed that they will cease any responding to location seekers by March.
Sure, these two phone companies have made yet another promise to cease their user location data sharing, but how will we, as the consumers, be sure that such incidents will not happen again? This concern will remain by our side as long as scandals like these keep popping up.
Ultimately, there is little to do other than to contact your service provider directly and express your concern. Privacy should be our main concern, and you can contact your Congress members to remind them of this issue.