Most active commenters

    Hackers Claim Breach of Location Data Giant, Threaten to Leak Data

    (www.404media.co)
    43 points anarbadalov | 22 comments | 07 Jan 25 20:53 UTC | HN request time: 1.531s | source | bottom
    1. imoverclocked ◴[07 Jan 25 21:45 UTC] No.42627959[source]
    Searching Google for “Gravy Analytics breach” results in FTC action against said company for illegally tracking consumers. Among the results are mentions of HIPAA violations… which in 2025 USA is actually a really big deal.

    For all of the “but I have nothing to hide” crowd, you need to modify your slogan to, “but I have nothing to hide, right now.”

    replies(2): >>42628243 #>>42628978 #
    2. xnx ◴[07 Jan 25 21:52 UTC] No.42628061[source]
    Part of me is hoping this leaks. Might be the only way to get people to care.

    It would also be a fascinating dataset to explore.

    replies(2): >>42628169 #>>42628294 #
    3. _DeadFred_ ◴[07 Jan 25 21:58 UTC] No.42628124[source]
    Things like this were previous a pain, but now with AI being able to easily shift through these things to identify high value targets (adversary's military personnel, politicians/executives for blackmailers) maybe something will finally be done. Heck I bet if someone provided a weaponized AI platform to digest this information and float everything of interest in it to the top that might finally get something done.

    I think at some point the system needs to switch to aggregating violence/damage inflicted when it's against thousands/millions of people. A business can't just ruin one persons life without consequence. Slightly damaging millions of lives should rise to a similar level at some point.

    replies(2): >>42628386 #>>42628748 #
    4. thot_experiment ◴[07 Jan 25 22:01 UTC] No.42628169[source]
    I could easily lose weeks of my life analyzing a trove of data like this. I had a great time with the Twitch data a few years back.
    replies(1): >>42628205 #
    5. donclark ◴[07 Jan 25 22:05 UTC] No.42628205{3}[source]
    I would like to hear more details about your adventure. Do you have a blog post or similar that you can share?
    replies(1): >>42628334 #
    6. jimt1234 ◴[07 Jan 25 22:10 UTC] No.42628243[source]
    If you don't have something to hide, your life is lame. LOL

    Seriously, though, what would the HIPAA violation be for location data? Knowledge of someone going to a doctor's office doesn't sound like a HIPAA violation. AFAIK, violations only relate to what is communicated between doctors (and other healthcare professionals) and patients.

    replies(1): >>42628411 #
    7. JumpCrisscross ◴[07 Jan 25 22:14 UTC] No.42628294[source]
    > Part of me is hoping this leaks. Might be the only way to get people to care

    How's that worked out for us the last billion times?

    replies(1): >>42634902 #
    8. thot_experiment ◴[07 Jan 25 22:17 UTC] No.42628334{4}[source]
    I wrote one but never published it. I'm working on resurrecting the blog (writing an article right now) I appreciate the interest and I'll dig up the draft and publish it later this week.
    replies(1): >>42628568 #
    9. nullc ◴[07 Jan 25 22:21 UTC] No.42628380[source]
    The real 'data breach' was that they had the data in the first place. The hacker is likely less of a threat to me than many of the parties they sold the data to before.
    replies(1): >>42635291 #
    10. nullc ◴[07 Jan 25 22:22 UTC] No.42628386[source]
    Someone going after "high value" targets can just buy the data commercially.
    replies(2): >>42628472 #>>42628845 #
    11. kjellsbells ◴[07 Jan 25 22:25 UTC] No.42628411{3}[source]
    Location data generated by your phone is not covered by HIPAA (source: [1]) whereas the location of a patient undergoing treatment is. Thus, there's nothing that stops a data broker inferring that you are visiting a psychiatrist or a reproductive health clinic and sharing that insight with buyers, but the clinic/doctor cant share that you were treated at such and such location since that is personal health information (PHI).

    The web page below has quite some discussion on what this means for patient privacy and how to disable certain location services on your phone.

    [1] https://www.hhs.gov/hipaa/for-professionals/privacy/guidance...)

    12. qwertox ◴[07 Jan 25 22:30 UTC] No.42628472{3}[source]
    There was a related talk at the 38c3:

    Databroker Files: How Apps and Data Brokers Enable Mass Surveillance

    https://youtube.com/watch?v=3GmYJo2LqtA

    13. internet101010 ◴[07 Jan 25 22:42 UTC] No.42628568{5}[source]
    Please do. I find Twitch to be a fascinating corner of the internet. From the shared lingo via third-party emotes to the depressing TTS messages of the chatters, it's all gold.
    14. TheJoeMan ◴[07 Jan 25 23:00 UTC] No.42628748[source]
    If I recall, a senator's salacious 1G text messages getting captured spurred quite a bit of security development.
    15. _DeadFred_ ◴[07 Jan 25 23:10 UTC] No.42628845{3}[source]
    Sure, but I can't. But I can weaponize leaked/hacked data sets to bring attention and get the government to care since they don't currently seem to care about the data being collected nor it being laxly protected.
    replies(1): >>42644066 #
    16. from-nibly ◴[07 Jan 25 23:24 UTC] No.42628978[source]
    I would like to add the following conditions to further illustrate how fraught that sentiment is. - from the people currently in power - from the laws as they currently stand - given my understanding of all the laws that exist - from a wacko down the street with a short fuse and weaponry

    Any else that I've missed?

    replies(1): >>42632178 #
    17. nsoolo ◴[08 Jan 25 04:42 UTC] No.42630992[source]
    I'm not surprised, these companies are so focused on selling people's data that they don't care about their security at all.
    18. imoverclocked ◴[08 Jan 25 08:19 UTC] No.42632178{3}[source]
    Sure, lots. Another might be: a future crazy ex that wants to know where you have been.
    19. Crosseye_Jack ◴[08 Jan 25 14:58 UTC] No.42634902{3}[source]
    Maybe we should do a South Park with their TrollTrace plotline and make the data publicly available (maybe purposefully exclude the last 6-12 months of data for a little bit of secrecy), and watch the public rage while they can look up the movements of everyone they know!

    Though I don’t think that would even work, as people’s anger would be directed at the public directory rather then the source of the data and how it was gathered…

    (Edit: Don’t actually do this, as it could / probably will, do more harm than good. But until the majority of people get angry at such data collection, it will just continue to happen)

    20. more_corn ◴[08 Jan 25 15:35 UTC] No.42635291[source]
    That’s exactly what I’m thinking. We really need a national privacy law making tracking location data illegal.
    21. 486sx33 ◴[09 Jan 25 11:04 UTC] No.42644066{4}[source]
    But if you had money you could. Register a new business, pay the broker, good to go.