bflesch • yesterday at 11:20 AM

Oh come on please stop this insincere false narrative. IP-to-geolocation works extremely well even with semi-public databases, and Google has spent billions on collecting a very powerful database of it.

Google is internally fusing data from all devices that were ever in your LAN or near your WIFI access point. It merges them based on:

  - outside IP address given by ISP and mobile phone carriers
  - list of network devices incl. IP address & MACs (do you have a 3d printer or not?)
  - any info they can extract via their Smartphone Apps both on Android and IOS
  - Android devices share geolocation data with google anyways
  - user agents & browsing history on google properties and 3rd party websites
  - every time your IP addresses hit anything in google cloud or google CDNs (e.g jquery from googlestatic.com or google fonts)
  - all data you have ever provided to them (payment data, gcloud, gmail)
  - all the tracking that is already built into chrome and other google software

Plus they procure data from third-party providers. Only a single app on your smartphone needs to have geolocation privilege and then the data (location, ip address and user data) is available for google to digest via their scripts/SDKs which are packaged into basically every smartphone app.

The large tech companies have significant incentive to mutually share data with each other, that's why you often see Javascript from one tech company included in the website or product of another one. It's enough to touch a google dc with a single packet included in the facebook app for them to associate your session with the new IP address and vice versa.

Google has years of data on how often user agents and devices behind a certain IP address change. They can very confidently say if your ISP-provided IP address has been rotated or not, and where it was rotated to. They most definitely have enough GPS positions from smartphones that they can predict where you sleep, so if your smartphone shows up under another IP address but the network devices around it stay the same they can easily deduce that this is your new dial-up IP address.

All of this not even discusses unethical or clearly illegal ways these companies have acquired data by abusing a lack of security measures on the smartphone operating systems. An example is Facebook uploading entire smartphone contact books to their servers to fuel their "organic" growth - Google most definitely has done exactly the same.

The "careless people" book highlights that Facebook deployed spyware with their smartphone apps which monitored what other apps the users were using - this is how they figured out that WhatsApp was going viral and based on this data they did the surprise acquisition of WhatsApp. I'm confident that google abuses the same security vulnerabilities in order to further collect data.