Smartphone users are becoming aware that their phone number and location isn’t private when they use the internet on their data plans thanks to the selling of your mobile advertising id (MAID). According to Wired’s Andy Greenberg, it only costs $1,000 to track someone online. When you visit a website on your smartphone, both the site itself and advertisers on the site can view your mobile IP address which they can then tie to your mobike advertising id. Since the IP address is given by your telecom from the cell tower, your IP address when you’re using 4G or 3G will always be tied back to your billing information. While this makes sense from a security perspective, what doesn’t make sense is that companies around the world are able to take your mobile IP address, which is given away every single time you visit a website or use an app, and find out your full phone number, home address, email address, and even location (as given by the cell tower) because this information is readily sold by telecoms to third parties. This isn’t a supercookie, it simply works with your telecom provided mobile IP address – and changing it with a VPN like Private Internet Access.
How to keep your private information from being sold when using your smartphone: Change your smartphone’s IP address
Back in 2015, Verizon was stopped by the Federal Communications Commission from serving a super cookie that allowed similar always-on tracking to be deployed and used by advertisers. The past decision does seem to be keeping Verizon from doing the exact same thing; however, it seems that telecoms have realized that they already have a persistent method of tracking their users (the IP addresses they give our smartphones) – and an ability to sell corresponding billing information to eager advertisers. All they need to do is run a query. Up until last week, it was possible to see this for yourself by using one of two public facing demos of being able to find your information with just a mobile IP address – but they have since been taken down. It’s worth remembering that every telecom and internet service provider (ISP) in the world has this technical ability at the tips of their fingertips – this is not just an American problem.
How did they get my number?
The world is finally starting to understand the privacy sacrifices we make when using smartphones. The FCC is supposed to protect our internet privacy, but we know that is no longer the case. As the news has disseminated around the smartphone using population, many have connected the dots about why they’ve been receiving more and more spam calls on their phone numbers that they’ve never given out. One Redditor commented:
“Sprint does it too. Source: I started getting random phone calls from random ass places once I got with sprint.”
Another Redditor described the same issue on another American telecom’s service:
“I was with T-Mobile for years and would get 1-2 calls a month from scammers. I switched to Verizon and got them daily. Sometimes multiple times a day. I called Verizon only to have them try and sell me a call blocker service for $4.99/Mo. I downloaded a free can blocker app and have blocked 100+ numbers in 8 months…”
The solution is simple: Change your IP address to protect your privacy. Until legislation is passed that fixes this, makes it actually opt-in, or punishes the perpetrators, your privacy is at risk – especially since using WiFi isn’t necessarily a tenable alternative given the recent revelations of the WPA2 KRACK.