hngopher.com

       [HN Gopher] Hackers Claim Breach of Location Data Giant, Threate...
       ___________________________________________________________________
        
       Hackers Claim Breach of Location Data Giant, Threaten to Leak Data
        
       Author : anarbadalov
       Score  : 22 points
       Date   : 2025-01-07 20:53 UTC (2 hours ago)
        
 (HTM) web link (www.404media.co)
 (TXT) w3m dump (www.404media.co)
        
       | imoverclocked wrote:
       | Searching Google for "Gravy Analytics breach" results in FTC
       | action against said company for illegally tracking consumers.
       | Among the results are mentions of HIPAA violations... which in
       | 2025 USA is actually a really big deal.
       | 
       | For all of the "but I have nothing to hide" crowd, you need to
       | modify your slogan to, "but I have nothing to hide, right now."
        
         | jimt1234 wrote:
         | If you don't have something to hide, your life is lame. LOL
         | 
         | Seriously, though, what would the HIPAA violation be for
         | location data? Knowledge of someone going to a doctor's office
         | doesn't sound like a HIPAA violation. AFAIK, violations only
         | relate to what is communicated between doctors (and other
         | healthcare professionals) and patients.
        
           | kjellsbells wrote:
           | Location data generated by your phone is not covered by HIPAA
           | (source: [1]) whereas the location of a patient undergoing
           | treatment is. Thus, there's nothing that stops a data broker
           | inferring that you are visiting a psychiatrist or a
           | reproductive health clinic and sharing that insight with
           | buyers, but the clinic/doctor cant share that you were
           | treated at such and such location since that is personal
           | health information (PHI).
           | 
           | The web page below has quite some discussion on what this
           | means for patient privacy and how to disable certain location
           | services on your phone.
           | 
           | [1] https://www.hhs.gov/hipaa/for-
           | professionals/privacy/guidance...)
        
       | xnx wrote:
       | Part of me is hoping this leaks. Might be the only way to get
       | people to care.
       | 
       | It would also be a fascinating dataset to explore.
        
         | thot_experiment wrote:
         | I could easily lose weeks of my life analyzing a trove of data
         | like this. I had a great time with the Twitch data a few years
         | back.
        
           | donclark wrote:
           | I would like to hear more details about your adventure. Do
           | you have a blog post or similar that you can share?
        
             | thot_experiment wrote:
             | I wrote one but never published it. I'm working on
             | resurrecting the blog (writing an article right now) I
             | appreciate the interest and I'll dig up the draft and
             | publish it later this week.
        
               | internet101010 wrote:
               | Please do. I find Twitch to be a fascinating corner of
               | the internet. From the shared lingo via third-party
               | emotes to the depressing TTS messages of the chatters,
               | it's all gold.
        
         | JumpCrisscross wrote:
         | > _Part of me is hoping this leaks. Might be the only way to
         | get people to care_
         | 
         | How's that worked out for us the last billion times?
        
       | _DeadFred_ wrote:
       | Things like this were previous a pain, but now with AI being able
       | to easily shift through these things to identify high value
       | targets (adversary's military personnel, politicians/executives
       | for blackmailers) maybe something will finally be done. Heck I
       | bet if someone provided a weaponized AI platform to digest this
       | information and float everything of interest in it to the top
       | that might finally get something done.
       | 
       | I think at some point the system needs to switch to aggregating
       | violence/damage inflicted when it's against thousands/millions of
       | people. A business can't just ruin one persons life without
       | consequence. Slightly damaging millions of lives should rise to a
       | similar level at some point.
        
         | nullc wrote:
         | Someone going after "high value" targets can just buy the data
         | commercially.
        
           | qwertox wrote:
           | There was a related talk at the 38c3:
           | 
           | Databroker Files: How Apps and Data Brokers Enable Mass
           | Surveillance
           | 
           | https://youtube.com/watch?v=3GmYJo2LqtA
        
         | TheJoeMan wrote:
         | If I recall, a senator's salacious 1G text messages getting
         | captured spurred quite a bit of security development.
        
       | nullc wrote:
       | The real 'data breach' was that they had the data in the first
       | place. The hacker is likely less of a threat to me than many of
       | the parties they sold the data to before.
        
       ___________________________________________________________________
       (page generated 2025-01-07 23:01 UTC)