➡ The Rob Braxman Tech video discusses how companies like Anomaly Six use phone location data, often thought to be anonymous, to identify individuals, including spies and military personnel. This data, collected from apps and sold freely, can be used to track movements and behaviors, even without personal information. Anomaly Six, for example, can track 3 billion phones in real time, and has demonstrated its ability to identify intelligence personnel based on their frequent locations. The video warns of the potential misuse of such data, highlighting the need for greater awareness and caution when using location-based apps.

➡ This text discusses the potential uses and risks of location tracking technology. It can be used to monitor potential threats, identify military movements, and protect critical infrastructure. However, it also poses a risk to privacy, as it can profile individuals based on their location data, even when they think they’re anonymous. The text suggests using a de-Google phone and disabling location permissions as ways to protect oneself from being tracked.

This video is a heads up for those of you who take phone tracking for granted. I will show you a company called Anomaly Six that actually proved that they can identify spies just from phone location data. Phone data that most of you understand to be anonymous. So in spite of the anonymity of the data, you can see how vulnerable everyday people are. All the way to spies and military personnel who expose their actions just because they don’t understand the effects of the technology. Location data is now the backbone of surveillance, and Big Tech, specifically Apple and Google, has incredible amounts of this data.

But what I will reveal today is based not on the more detailed location and identification capability of Big Tech, but just data that is bought and sold freely outside of Big Tech, and this easily available data has no personally identifiable information in it. Yet if you don’t understand what’s in the raw data, you will miss the value of the data that can be captured. Today, I will go beyond the threats to the normal person and show how intelligence agencies from many countries can surveil people using this data and get advanced alerts of potential moves made by spies, special forces, or see military buildup, or otherwise notice suspicious behaviors.

It’s a pretty interesting topic, so stay right there! Anomaly 6 Anomaly 6 is an example of a company that uses global geolocation data for intelligence purposes. Their stated target markets are government projects which include national security, disaster response, and critical infrastructure protection. They claim that their technology allows them to track 3 billion phones in real time. Now, precisely how to do this is obviously a secret, but based on what I read, I can make some guesses. It appears that they’ve hooked themselves up to the ad-tech infrastructure so that they’re directly tied in to the auctioning of the ads in mobile apps.

They have done this by embedding some communication links in these software development kits that are utilized for ad delivery to perhaps forward the ad auction data directly to anomaly 6. Now, this is not that different from what FOG data science utilizes. If you remember my video about FOG, they use ad auction data, which has raw location data matched to an advertising ID. This advertising ID provides supposedly the only identity. This is often captured by other aggregators and then sold. As I’ve explained before, this ad auction data with location is being sold by hundreds of popular apps.

If you use any of these apps, then you’re likely generating this data. The only difference I can see here is that anomaly 6 itself has access to the original aggregator data. So in theory, it can get the information in a more timely manner, which I suppose is quite useful in real-time intelligence. In order to demonstrate their capabilities, anomaly 6 identified intelligence community employees simply by recording who was at the NSA facility in Fort Meade, Maryland, and the CIA facility in Langley, Virginia, based on location pings. This, as I explained before, is called geofencing. Just map out an area of interest on Google Earth, then see the hits from reported phone location data.

So now you have target devices based on the device ID, which in most cases is this advertising ID. Next step is to identify who these people are by seeing where they go home to. This should then be an easy task to find out their actual names and full identity from databases based on verified addresses like credit card history, government public records, and so on. Apparently, they were able to identify 183 devices of people they concluded to be intelligence personnel. But from here, you can reverse the action of the query. Since now you have a collection of potential intelligence agents identified based on their phone ID, you can proceed to track their actions.

We’ll get into that more later, but first, let’s delve into more detail on the specific data being used here. Ad tech, advertising ID, location. The source data of locations come from apps. If you make apps especially free ones, you will want to monetize the app, and the easiest way to do that is to allow ads to show up on your app. Some apps in particular require you to turn location on. Examples I’ve given are Weather Channel app, Craigslist, and Waze and Yelp. Yelp is particularly even more suspicious because it blocks VPNs, which implies it is selling IP address data as well.

But sticking to the standard app model for the moment, what happens is that when you are using an app, the space dedicated for ads in an app is put up for auction. Your device identity is specified by the advertising ID, which will indicate the delivery location of the ad. Now, some devices like iPhones allow you to opt out of the advertising ID, and Android allows you to change or opt out of your advertising ID as well. Don’t think that this takes you off the hook, because what happens is that the app is allowed to make up some other alternate ID, and this will automatically be done by software development kits that are embedded by the app developer.

So without the advertising ID, and depending on the permissions of the app, it could capture alternate identifiers like IMEI, MZ, MAC address, Google ID, email address, IP address, and so on. Alternatively, the app could just invent another identifier, and it could be in fact operate equivalently to an advertising ID, because it would persist for a long enough period of time. Persistence of a single day is sufficient to be of value, as I will explain later. This identifier, the advertising ID, is paired with the location data at auction so that in milliseconds, ad companies will decide to push a particular ad on your phone if they win the bid.

Now it should be noted that although this data is not on your phone, the advertising ID is collected by third parties, and they know what ads you click on or your other behaviors they have on file based on what you have done in the past. This means it becomes possible for advertisers to know your long term preferences based on what behaviors they’ve tracked on you, so this puts extra meaning to your device ID, even if they didn’t originally have your name or any other permanent identifier. Just keep that information in the back of your head, as that will be important later.

Fitbit Story This was in the news many years back. Concentrated use of Fitbit was found in particular military facilities like Camp Pendleton near San Diego. This was already a precursor of things to come, as today, Apple watches are now so common, and of course, these track locations as well. So use of fitness apps would be specific giveaways, as well as clumps of large numbers of people in very small areas using them. There was a story of a Russian commander that was assassinated in his hometown while on a morning jog. Apparently, the first responsible were Ukrainian agents.

The Russian used a smart watch and even made a public profile of his fitness patterns and used a real name. This made him an easy target with a predictable schedule and location just from device data. No need for physical surveillance. Identify Spies As Anomaly 6 shows, it is very easy to categorize people. In their case, all they had to do was target locations like the NSA and CIA buildings and track who went in and out of these locations. Then, just see where they go home to and match that to an address database to get a full identity.

And if the advertising ID or the device ID is not sticky enough, meaning if they opted out, then switch to tracking the households that housed the spies and then use that as an identity check. Meaning you keep honing the accuracy of this database based now on home addresses of known spies regardless of device they used. All it would take to do this is one single day of visiting a sensitive location, then seeing where that person went home to at the end of the day. As you can see, it is pretty hard to escape if you’re using a standard phone like an iPhone or Google Android.

By the way, many facilities now ban the use of phones within their building, like intelligence buildings. But look at how flawed this is. Track who goes into the parking lots. Fact of the matter is, proximity is enough to identify purpose, especially when driving to particular locations like Fort Meade. You don’t have to have a location inside a particular building to see intent. Identity motive Let’s say I’m looking for counterintelligence agents. We would first start with identifying all employees of foreign countries by geofencing people in their embassies. In fact, you can also just track people who move countries or come from targeted countries.

You already have a database of agents for your own country, let’s say US agents. Then you let an AI examine the history of locations of all these collections of people and see who appeared to have intersections of locations. This could imply intelligence drops and pickups occurring. Even assuming phones were turned off at the final location, patterns could provide clues that something is going on. Let’s say the government is building a database for surveilling potential Islamic terrorists. One could track associations with known imams that push more extremist views, so contacts of this nature could be identified. Then other patterns like interests in firearms or matching political activities in social media could provide clues for targeting.

Again, the location data and device ID is just a starting point. The advertising ID could reveal other patterns that could progress to using the more accurate data from Google databases. Google, for example, can identify practically every click you do on the internet. Military application Identify forces In a military setting, one could identify large masses of people in a military base and see if they’re moving. For example, this could be used to specifically see which particular units are being moved and could signify upcoming actions. You can also see if the numbers of soldiers change, if the numbers suddenly decrease at the base, for example, or if you can actually spot movements to different areas, assuming they left their phones on for some period of time.

There should be enough data to identify particular groups of forces by category to see if something is going on. One could watch the locations of special forces to see if something is about to happen, and if the data is in real time, like with anomaly 6, it could also be triggered by the sudden loss of all location data. Military application Identify military leadership In a wargames exercise conducted by the US military, the scenario they used assumed that the target was the US naval base in Japan. In the scenario, the enemy plotter was China and the intent was to take over territory in the South China Sea permanently.

And in order to do that, the Chinese would plan to confuse the leadership of the US naval base from the commanding admiral down to every officer. They did this by targeting individual officers with personal disinformation on everyone’s social media. For example, their wife died, the son gets arrested, a daughter was in an auto accident. Enough to temporarily create confusion to prevent them from being alert to events. In the wargames exercise, this was enough to prevent the US from responding in a timely manner to the enemy actions and China was able to capture territory. Identifying leadership was the important takeaway here.

In a military facility, this could be done, for example, by seeing who goes to the officer’s mess versus the mess hall for enlisted personnel. Critical infrastructure protection. Another potential use of this technology is protecting critical infrastructure. For example, a power plant. One could log the presence of people approaching a particular facility based on location tracking and then identifying them in a database based on who they are. We can, of course, find out their identity already. But an AI could detect patterns like multiple visits by the periphery of the facility, like doing scouting missions, and that could imply some future plan.

It could also be compared to other databases that imply other country affiliations. Classifying people based on sensitive locations. Unfortunately, location tracking is an easy tool for profiling users, and this can be done simply by tracking people who go to sensitive locations. We already discussed intelligence facilities, embassies, critical infrastructure, but this can be extended to health facilities, which can identify particular diseases, places of worship, protests, critical jobs, leadership and jobs. Intersections of location based on visiting high-end restaurants, or wealthy home locations, or, for example, meetings with politicians. On and on, I can come up with a multitude of data points which can be used to profile someone just based on where they go socially, where they work, where they worship, and where they go home.

This can extend to unusual travel. Let’s say you’re already identified as an intelligence operative based on data captured of you being at the NSA parking lot. Then you show up in Lithuania. Well, that could be interesting and could imply something, especially if you start tracking who you interacted with at these locations. Another potential threat are people belonging to various militia groups where the gathering locations can be figured out. Then again, a similar method of tracking can put these individuals in a database. Combining data with other databases. While location data could present the initial trigger to identify individuals, it should be a small matter to match this to other commercial databases.

For example, there’s the Automatic License Plate Reader or ALPR data that’s captured by Flock and DRN. This kind of data then can supplement missing information if the person turns off their phones. It’s pretty hard to evade ALPRs. In fact, people turning off their phones is a flag event in itself since all you have to do is match it to other people nearby who have also turned off their phones. The reverse is also true. If you suddenly see related phones being turned on at roughly the same time, that’s also a clue. Patterns of communication during specific times can also be an identifier.

If people always show locations with a specific pattern and something is out of pattern, both in location and time, then that can be used to narrow down a purpose. Summary The point of exposing these potential users of location technology to you is to illustrate that even so-called anonymous data is ripe with information. Anomaly sex, for example, did not need some actual phone identity or even a permanent advertising ID to get your full identity. All they had to do was watch where you go home. From there, full surveillance can occur. This means that 99% of the population are so easily profiled even by third parties, and this is not even involving Big Tech.

Big Tech is ultra dangerous because the data they have, if sold, is 1000% more detailed than what can be found in these commercial databases. And yet even the commercial databases are enough. Even our adversaries like China or Iran could get access to these databases. While the military and intelligence people are always instructed to not have phones when on active duty, people are people, and normie habits are hard to break. The intense desire to belong to society using standard devices ensures that people will always screw up and they will end up in a geolocation database, meaning they will find a way to use their phone.

The best protection so far is to use a de-Google phone that has full location protection. While de-Google phones do not have an advertising ID, there’s still a risk of an app insinuating an alternate identity. So even with a de-Google phone, you must be very, very conscious of when you turn location on, even when you set it to while app is in use. It is actually when you use the app that your location info is captured and sold, like from using the Waze app. So my personal preference is to never allow apps that need location and always disable location permissions.

This will at least suppress your appearance in these commercial location databases via the ad auction system. However, it doesn’t stop anything from sending location and telemetry data going to Google and Apple if you have a regular phone. Only de-Google phones are safe from that. Folks, as many of you know, this channel does not have sponsors. Instead, we rely completely on community support to keep us going. Hopefully, we give you enough information that you find value. Some of you support us on Patreon, locals and YouTube memberships. And though I don’t publicly acknowledge you for privacy reasons, you are very appreciated.

Thank you. For most of our support, we instead strive to provide products and services that help you in your privacy journey. Our newest product is the Brax III Privacy Phone. This is a community project involving several companies and is currently sold on indiegogo.com. We have other products and services that can be found on our privacy social media site, Braxme. We have Brax Virtual Phone that gives you inexpensive, no-KYC phone numbers. We have BraxMail which offers unlimited aliases and many domains to create different identities. We have BytesVPN which protects your IP addresses from being harvested by data brokers.

Join us on Braxme and meet the way over 100,000 users who discuss privacy issues daily. Thank you for watching and see you next time. [tr:trw].

See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.