There are things we can do to limit our exposure, from choosing privacy forward phones, carefully considering which apps we load onto them, questioning why a particular app is asking to know my location or other personal information, and giving proper consideration to the permissions and settings we allow our apps and phones to have. But privacy protections will come only when federal and international legislation is enacted to limit what companies and governments can do with the data collect. Until then, we are all at risk

Stuart A. Thompson and Charlie Warzel, N.Y. Times »

Today, it’s perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking. Only internal company policies and the decency of individual employees prevent those with access to the data from, say, stalking an estranged spouse or selling the evening commute of an intelligence officer to a hostile foreign power.

Companies say the data is shared only with vetted partners. As a society, we’re choosing simply to take their word for that, displaying a blithe faith in corporate beneficence that we don’t extend to far less intrusive yet more heavily regulated industries. Even if these companies are acting with the soundest moral code imaginable, there’s ultimately no foolproof way they can secure the data from falling into the hands of a foreign security service. Closer to home, on a smaller yet no less troubling scale, there are often few protections to stop an individual analyst with access to such data from tracking an ex-lover or a victim of abuse.

[…]

“D.N.A.,” he added, “is probably the only thing that’s harder to anonymize than precise geolocation information.”