Chapter 03: Your Phone Sends Your Location 747 Times a Day
Seven hundred and forty seven times. That is how many times your phone broadcasts your exact location to strangers every single day. More than once every two minutes during your waking hours, an invisible auction fires inside the device in your pocket or your purse, and it sends your GPS coordinates, your device ID, and a bundle of personal information to thousands of companies you have never heard of. These companies do not ask for your permission. They do not send you a notification. They collect this data in the time it takes to blink, and then they keep it forever.
You did not sign up for this. None of us did.
You downloaded a weather app, a game for your kid, a coupon app for gas, maybe a Bible app or a prayer app. And buried inside those apps, invisible lines of code are recording where you sleep, where you worship, where you see your doctor, where your kids go to school, and where you stop on Friday night. That information gets packaged, sold, resold, and sold again to advertisers, data brokers, hedge funds, insurance companies, and federal law enforcement agencies that would otherwise need a warrant to get the same data.
This chapter is going to show you exactly how this machine works. You are going to learn how a simple ad on your phone screen triggers a data broadcast that reaches thousands of companies in milliseconds. You are going to meet the data brokers who built billion dollar businesses packaging your movements into dossiers. You are going to read about the massive breach that dumped the precise locations of millions of Americans onto the open internet in January 2025. You are going to see how your car reports your location every three seconds, how license plate readers scan 20 billion plates every month, and how all of this data flows to government agencies buying their way around the Constitution. And at the end, you are going to learn exactly what to do about it on your phone, in your car, and in your browser, starting today.
Let me be direct with you. I am a trial lawyer. I have spent my career protecting people, and what I am about to show you in this chapter makes me angry. It should make you angry too. Because the surveillance system I am about to describe is not something that might happen to you someday. It is happening to you right now, as you read these words. Your phone is doing it. Your car is doing it. The camera on the pole at the end of your street is doing it. And nobody asked you.
The Invisible Auction Inside Your Phone
Every time you open an app that shows an ad, a high speed auction fires in milliseconds. Your phone packages up your GPS coordinates, your device ID, your IP address, the name of the app you are using, and your browsing history. All of that gets sent to an ad exchange, which blasts it out to dozens or hundreds of companies, each one representing advertisers who want to reach you. The highest bidder wins and their ad appears on your screen. The whole thing takes less time than a heartbeat.
Here is what most people do not realize. Every company that received your data during that auction keeps it. Whether they won the bid or not, they walk away with your GPS coordinates, your device ID, and all the other information that came with the bid request. There are no technical safeguards to stop this. There is no system that deletes the data after the auction ends. The companies simply take it.
The Irish Council for Civil Liberties put a number on this system in a May 2022 report. Real time bidding systems broadcast personal data 294 billion times per day in the United States alone. That is 178 trillion broadcasts per year across the U.S. and Europe combined. Google allows 4,698 companies to receive this bidding data about American users. Microsoft allows 1,647. Dr. Johnny Ryan, the former ad tech insider who led the research, called it the biggest data breach ever recorded because the data flows to companies around the world, including in Russia and China, and nobody controls what happens to it after that.
The number 747 comes from that same research. It means that your online activity and your physical location get exposed to the advertising system 747 times every single day. That is your life, minute by minute, broadcast to an industry that profits from knowing exactly where you are.
Your Favorite Apps Are Tracking Beacons
A French Navy officer went for a run on the deck of the Charles de Gaulle aircraft carrier and, like millions of people do, uploaded the workout to Strava. In doing so, he unintentionally revealed the precise location of a nuclear powered warship as it moved toward the Middle East. This was not the result of hacking or espionage. It was simply the consequence of sharing location data without thinking through the risks.
This incident is not isolated. It reflects a broader and ongoing issue with how fitness tracking apps handle privacy. Strava, by design, encourages sharing, and many accounts are set to public by default. That means each recorded run or workout can broadcast a user’s location and movement patterns to anyone who looks. Over time, this kind of data has been used to identify sensitive locations, including military bases around the world.
A similar situation occurred in 2024 involving Emmanuel Macron. His movements were pieced together not through any direct breach, but by analyzing the publicly shared workout data of his security personnel as they traveled with him. Their activity effectively mapped his location.
The larger point is straightforward. You do not need to be a public figure or part of the military for this to matter. If your apps are sharing your location data by default, you may be exposing far more than you realize. Taking a few minutes to review and adjust your privacy settings is not optional anymore. It is a necessary step in protecting your personal security.
The advertising auction is another pipeline. Data brokers pay app developers to embed special code called Software Development Kits into their apps. These SDKs silently harvest your GPS coordinates, Wi-Fi signals, Bluetooth beacon data, and cell tower connections. They cross reference all of those signals at once, and they can pinpoint your location to within one to five meters. That is accurate enough to know which room of a building you are standing in.
The apps that carry this tracking code are the ones you use every day without a second thought. Prayer apps like Muslim Pro, which has 98 million downloads. Dating apps like Tinder and Grindr. Games like Candy Crush and Temple Run. Fitness apps like MyFitnessPal. Family safety apps like Life360. Shopping apps like GasBuddy. Weather apps. Navigation apps. Even VPN apps, the ones people download specifically because they want more privacy. One data broker, Venntel, claimed to pull location data from over 80,000 apps. When Gravy Analytics got hacked in January 2025, a single data sample exposed tracking code in 3,455 Android apps.
The money involved is staggering. The location data market was estimated at 12 to 16 billion dollars globally in 2021. Data brokers pitch app developers with offers of $12,000 to $1 million per year just for embedding the tracking code. Gravy Analytics alone claimed to process 17 billion signals daily from approximately one billion mobile devices. The New York Times obtained a single location dataset from the 2016 to 2017 era that contained 50 billion location pings from 12 million Americans. That was nearly a decade ago. The system has grown exponentially since.
From Your Phone to the Federal Government
The data travels through a supply chain that works like a set of nesting dolls. Your phone sends data to the app. The app passes it to the SDK or ad network inside it. That data flows to an aggregator like Gravy Analytics or Mobilewalla. From there, it reaches a government facing subsidiary like Venntel or Babel Street's Locate X product, which repackages the data for federal agencies. Mobilewalla disclosed that 60 percent of its location data came from ad exchange auctions it did not even win. The company simply collected your data by participating in the bidding process.
The buyers include the FBI, ICE, Customs and Border Protection, the IRS Criminal Investigation unit, the DEA, the Secret Service, and U.S. Special Operations Command. The FBI signed a $27 million contract with Babel Street, which purchased all of its data from Venntel. Commercial buyers include hedge funds, insurance companies, real estate firms, and anti abortion organizations. A company called Near Intelligence licensed location data to a group that geofenced 600 Planned Parenthood clinics across 48 states and served targeted ads to the women who walked through the doors. Near Intelligence boasted of tracking 1.6 billion people across 44 countries before filing for bankruptcy in late 2023.
The Federal Trade Commission has moved against several of these companies. In January 2025, the FTC banned Gravy Analytics and Venntel from selling sensitive location data. The FTC banned X Mode from selling raw location data in January 2024 after it sold military location data sourced from Muslim prayer apps. In December 2024, the FTC prohibited Mobilewalla from collecting consumer data from ad exchanges for non advertising purposes, a first of its kind order, after finding that the company had created audience targeting categories like "pregnant women," "Hispanic churchgoers," and "LGBTQ+ community" members. The FTC reached a settlement with Kochava in February 2026 for selling data that tracked people to reproductive health clinics.
The Gravy Analytics Breach: A Nightmare Scenario Becomes Real
On January 4, 2025, a hacker accessed the Amazon Web Services cloud storage of Gravy Analytics using a stolen access key. The hacker posted samples on a Russian language cybercrime forum and demanded a ransom. Pay within 24 hours or the full database goes public. The stolen haul included an estimated 17 terabytes of location data. A 1.4 gigabyte sample posted publicly contained roughly 30 million location data points. If the full dataset scales proportionally, it could contain over 200 billion records. The stolen files also included Gravy's entire customer list of more than 1,000 companies, internal emails, business strategies, and plaintext passwords.
The breached data included precise GPS coordinates, timestamps, device advertising IDs, the names of apps associated with each location ping, and historical movement patterns. Researchers demonstrated they could follow a single device ID traveling from New York to a home in Tennessee. The apps represented in the leak included Tinder, Grindr, Candy Crush, Subway Surfers, Call of Duty Mobile, MyFitnessPal, Flightradar24, Muslim prayer apps, Christian Bible apps, pregnancy trackers, period tracking apps, and multiple VPN apps. Sensitive locations in the data included the White House, the Kremlin, Vatican City, and military bases around the world.
The most important revelation was how Gravy obtained its data. A senior threat analyst explained publicly for the first time that Gravy appeared to be collecting its data from the advertising bidstream itself, not from code embedded directly in the apps. That means the app developers often had no idea their users' data was being harvested. Tinder, Grindr, Flightradar24, and Muslim Pro all denied any direct relationship with Gravy. They all acknowledged displaying ads. The advertising pipeline itself was the collection mechanism.
The FTC had announced its enforcement action against Gravy and Venntel on December 3, 2024, with a unanimous 5 to 0 vote. The order was finalized on January 15, 2025, days after the breach became public. The order bans the companies from selling sensitive location data, requires them to delete all historic location data, and mandates they notify all customers from the past three years that the data must be destroyed. FTC Commissioner Alvaro Bedoya put the stakes in plain English. He said you may not know anything about Gravy Analytics, but Gravy Analytics may know whether you eat breakfast at McDonald's, whether you buy CBD oil, whether you recently bought lingerie, whether you are pregnant, and whether you sit in the pews every Sunday in Charlotte. He then pointed out the constitutional problem. The Supreme Court's Carpenter decision said you need a warrant to get this data. Venntel let the government get it without one.
When Location Data Exposes Your Most Private Moments
In July 2021, a small Catholic publication called The Pillar showed the world exactly how easy it is to strip away the fiction of "anonymized" location data. Using commercially available app signal data purchased from a data broker, the publication matched a mobile device identifier to Monsignor Jeffrey Burrill, the general secretary of the United States Conference of Catholic Bishops. The method was devastatingly simple. They matched the device's locations to places uniquely connected to Burrill. His office. His residence. A family lake house. A Wisconsin apartment. Once the device was identified, its history revealed visits to gay bars and a gay bathhouse in Las Vegas over parts of 2018, 2019, and 2020.
Burrill resigned the same day the story published. He later sued Grindr, saying his reputation had been destroyed.
A 2013 study at MIT analyzed 15 months of mobility data for 1.5 million people and found that just four location data points are enough to uniquely identify 95 percent of individuals. Four points. Fewer than you need to match a fingerprint. A 2021 follow up study found that 93 percent of people would be uniquely identified even in a dataset of 60 million using just four data points. Separate research found that 99.98 percent of Americans could be correctly re identified using 15 demographic attributes. The word "anonymized" is a lie. It is a marketing term designed to make you feel safe while companies sell the coordinates of your life to anyone with a credit card.
Abortion Clinic Visits for $160
In May 2022, days after the leaked Supreme Court draft overturning Roe v. Wade, a reporter at Vice demonstrated that SafeGraph was selling location data about visits to abortion providers on the open market. He purchased a week's worth of data covering more than 600 Planned Parenthood locations across the country for $160. The data showed where groups of visitors came from by census block, how long they stayed, and where they went afterward. Some records contained as few as four or five devices, making individual identification straightforward.
After the Dobbs decision in June 2022, 22 states criminalized or severely restricted abortion. Location surveillance became an urgent threat. Washington State passed the My Health My Data Act, which specifically prohibits geofencing around healthcare facilities. California, New York, Connecticut, Illinois, and other states passed reproductive health data protections. The Biden Administration issued a HIPAA rule in April 2024 prohibiting the disclosure of reproductive health records for prosecution. A federal judge vacated that rule in June 2025, leaving the protection entirely up to the states.
Prayer Apps That Fed Your Location to the Pentagon
In November 2020, journalists revealed that Muslim Pro, a prayer time and Qibla direction app with 98 million downloads, was sending granular GPS coordinates to a data broker called X Mode Social. X Mode then sold that data to U.S. military contractors, and it ultimately reached the U.S. Special Operations Command. At least five additional Muslim prayer apps were linked to the same broker. Muslim Pro did not mention X Mode in its privacy policy. The Council on American Islamic Relations called for congressional hearings, calling it one of the first documented cases of the U.S. military purchasing the movement and location data of Muslim app users.
Location data has also been used to track people seeking addiction treatment. An analysis of 12 virtual opioid treatment websites found that all 12 used ad trackers capable of identifying visitors, and half of them embedded Meta Pixel, meaning people searching for help with substance abuse were being tracked by the advertising surveillance system, completely outside the protections of federal substance abuse confidentiality rules.
During the George Floyd protests in 2020, location and social media surveillance tools were pointed at demonstrators. An AI startup relayed protest related posts directly to police departments including the NYPD, LAPD, and Chicago PD. Documents obtained by the Brennan Center for Justice revealed that D.C.'s Metropolitan Police collaborated with federal law enforcement to surveil racial justice protesters through 2020 and 2021, with Capitol Police tracking groups including Black Lives Matter chapters with no evidence of violence.
Your Car Reports on You Every Three Seconds
On January 14, 2026, the FTC finalized its first enforcement action targeting connected vehicle data. The target was General Motors and its OnStar subsidiary. The complaint said GM collected precise geolocation data as frequently as every three seconds, along with hard braking events, acceleration data, speeds over 80 miles per hour, trip timing and distance, seatbelt usage, and even which radio stations drivers listened to. GM then sold this data to LexisNexis Risk Solutions and Verisk, which are consumer reporting agencies. Those companies compiled the data into driver risk profiles that insurance companies used to raise rates, deny coverage, or cancel policies.
The enrollment process was deceptive. GM marketed its Smart Driver feature as a free driving improvement tool. There was no disclosure that the data would end up in the hands of companies that score you for insurance purposes. Dealership salespeople were incentivized to sign buyers up, and in some cases penalized for not doing so. They filled in enrollment screens with preset answers. A New York Times reporter discovered that her husband's Chevrolet Bolt had been enrolled in the program even though neither of them remembered consenting. GM blamed a "bug."
The real world consequences hit fast. Kenn Dahl, a 65 year old Seattle driver with a clean record, saw his insurance premium jump 21 percent. When he requested his LexisNexis report, a document he did not know existed, it ran 258 pages and cataloged 640 trips with every instance of hard braking, rapid acceleration, and speeding. He told the Times it felt like a betrayal. Romeo Chicco, a Cadillac driver in Florida, had his premium doubled and his Liberty Mutual application denied based on his LexisNexis driving report.
The FTC's 20 year consent order bans GM from sharing geolocation and driver behavior data with consumer reporting agencies for five years. It requires the company to get clear, affirmative consent before collecting connected vehicle data. It mandates that consumers can disable all data collection without losing vehicle functionality. GM must delete all previously retained driver data within 180 days. No financial penalty was imposed.
Texas Goes After the World's Largest Driving Database
On January 13, 2025, Texas Attorney General Ken Paxton filed the first enforcement action by any state attorney general under a comprehensive data privacy law. The target was Allstate and its subsidiary Arity. Starting in 2017, Arity paid app developers millions to embed its driving behavior tracking code into popular apps like Life360, GasBuddy, and Fuel Rewards. That code captured data every 15 seconds or less, including geolocation, accelerometer readings, gyroscopic data, and derived events like speeding and distracted driving. Arity called what it built the "world's largest driving behavior database." It contained trillions of miles of driving data from over 45 million consumers.
The tracking code could not tell the difference between a driver and a passenger. A passenger's "bad driving" data could be attributed to them and raise their insurance rates. One consumer who had been using Life360 since 2020 reported that her premiums nearly tripled between 2022 and a December 2024 quote, despite having no accidents or tickets.
The Mozilla Foundation's 2023 "Privacy Not Included" report delivered a verdict that should terrify every car owner in America. After 600 hours of research across 25 car brands, every single brand earned a privacy warning label. A 100 percent failure rate. The worst of any product category in the program's seven year history. Eighty four percent of car brands can share your data with data brokers. Seventy six percent can sell it. Fifty six percent can share it with the government on an informal request. Nissan's privacy policy admits to collecting "sexual activity" and "health diagnosis data." Tesla warns that opting out of data collection may cause "reduced functionality, serious damage, or inoperability." Subaru claims that passengers consent to data collection simply by sitting in the car. The car data monetization industry is projected to reach $750 billion by 2030.
License Plate Readers Are Watching 20 Billion Times a Month
Automated License Plate Readers are high speed cameras equipped with optical character recognition software that capture every passing vehicle's plate number, GPS coordinates, timestamp, and photographs of the vehicle itself, including make, model, color, bumper stickers, and roof racks. A single ALPR can scan up to 2,000 plates per minute. They sit on poles and overpasses running around the clock. They ride on patrol cars. They hide inside speed enforcement trailers and construction barrels. The DEA once disguised one as a cactus.
Flock Safety, founded in 2017 in Atlanta, has become the dominant force in this space. The company has a $7.5 billion valuation as of September 2025, more than 80,000 cameras across 49 states, and over 5,000 law enforcement agencies as clients. Flock scans more than 20 billion license plates every month. Its "Vehicle Fingerprint" technology can track a car even without a readable plate, using make, model, color, and distinguishing features. More than 75 percent of agencies using Flock opt into a shared national database, meaning a single search can query over 83,000 cameras spanning nearly the entire country.
Here is the number that tells you everything. In Piedmont, California, the police department's own data showed that 99.97 percent of ALPR scans will never be used for a public safety purpose. The Brennan Center for Justice confirmed that an extremely small percentage of scanned vehicles, far below 1 percent, are connected to any crime. This means almost every scan captures the movements of innocent people going about their daily lives. And unlike your phone, you cannot turn off your license plate. Covering or tampering with it is a crime.
The data flows to federal agencies through overlapping networks. Customs and Border Protection regularly searched more than 80,000 Flock cameras through most of 2025. ACLU documents show that ICE officers maintained years long relationships with fusion center detectives who ran database searches on their behalf. Documented misuse cases include a Kansas police officer who used ALPR data to stalk his estranged wife. In Texas in 2025, deputies searched Flock's nationwide database ostensibly for a "missing person" case, when they were actually tracking a woman who had a self administered abortion. In Colorado in 2020, Brittney Gilliam was pulled over at gunpoint, and her daughter and nieces were handcuffed and forced face down on the pavement, because an ALPR misidentified her SUV as a stolen motorcycle with plates from a different state.
There is no federal law governing ALPR use. Eighteen states have some form of regulation. Legal challenges have produced split results. A Virginia federal judge dismissed a constitutional challenge to Norfolk's Flock system in January 2026. A Virginia state court judge reached the opposite conclusion in 2024, finding that ALPR data does constitute a Fourth Amendment search requiring a warrant. The EFF and ACLU filed suit against San Jose in November 2025. At least 30 localities have rejected or dropped Flock since 2025, including Denver, Austin, Cambridge, Mountain View, Eugene, and Olympia. Community resistance is growing.
What You Can Do About It Right Now
No single step will eliminate all location tracking. Your cell carrier always knows your approximate position when your phone is powered on, and you cannot turn off your license plate. Every step you take here reduces the digital breadcrumbs that feed the surveillance economy. Here are the highest impact actions you can take today.
Kill the Advertising ID on Your Phone
The single most important thing you can do right now is neutralize the advertising identifier on your phone. This is the master key that ties all of your app activity together into a single profile. On iPhone, go to Settings, then Privacy and Security, then Tracking, and toggle off "Allow Apps to Request to Track." This zeros out your IDFA, the unique identifier that data brokers use to build cross app dossiers on you. On Android version 12 or later, go to Settings, then Security and Privacy, then Privacy, then Ads, and select "Delete advertising ID." This permanently removes the identifier that companies like Gravy Analytics and Mobilewalla used to track a billion devices.
Tighten Your Location Permissions
Both iPhone and Android give you granular location controls that most people never touch. On iPhone, go to Settings, then Privacy and Security, then Location Services. For each app, choose "Never," "While Using the App," or "Ask Next Time." For any app that does not need turn by turn navigation, turn off Precise Location. This limits the app to knowing you are somewhere within a region of roughly 4 to 20 kilometers instead of your exact GPS coordinates. Android 12 and later offers the same precise versus approximate toggle. Set most apps to "While Using" or "Don't Allow." Then go to Settings, then Location, and turn off Wi-Fi scanning and Bluetooth scanning, both of which allow background positioning even when those radios appear to be off.
Understand the Five Layers of Location Tracking
Turning off location services on your phone does not stop all location tracking. There are five layers. GPS is the most precise at 3 to 50 meters, and it is blocked for apps when location services is off. This is the layer you control most directly. Cell tower triangulation is the second layer, accurate to 300 meters to a kilometer or more, and your carrier always knows where you are as long as the phone is on. Airplane mode or powering off are the only ways to stop it. Wi-Fi positioning is the third layer at 15 to 40 meters, and phones scan nearby networks even with Wi-Fi toggled off from the quick settings panel. You have to disable Wi-Fi scanning in your full settings menu. Bluetooth beacons are the fourth layer at 1 to 3 meters, used by retail stores and public spaces. IP geolocation is the fifth layer, which operates at city level and can be masked by a VPN.
On iPhone, Apple quietly collects a log of places you frequently visit, even with many app permissions disabled. Check Settings, then Privacy and Security, then Location Services, then System Services, then Significant Locations. Review this data and clear it. On Android, Google can figure out your location from search queries, Maps usage, and weather requests even with GPS off. Disable Location History and Web and App Activity in your Google Account settings.
Turn On the Global Privacy Control in Your Browser
The Global Privacy Control is a browser signal that automatically tells every website "Do not sell or share my personal data." It is legally enforceable under California's CCPA and CPRA. Sephora was fined $1.2 million in 2022 for ignoring it. Healthline paid $1.55 million in July 2025. As of January 2026, 12 state privacy laws require businesses to honor this signal. California's Opt Me Out Act, signed October 2025, will require all browsers to include built in GPC functionality by January 1, 2027. Brave and DuckDuckGo browsers have it on by default. Firefox users can enable it in Settings under Privacy and Security. Chrome users should install the Privacy Badger extension from the Electronic Frontier Foundation.
Use the California Delete Act
California's Delete Act created the Delete Request and Opt Out Platform, known as DROP, which opened to consumers on January 1, 2026 at privacy.ca.gov/drop. A single request tells all registered data brokers to delete your personal information. Brokers must begin processing by August 1, 2026, and they are required to check the platform every 45 days. Penalties for noncompliance run $200 per request per day. When you register, include your mobile advertising ID alongside your name, email, and address to maximize the effectiveness of the deletion.
If you live outside California or want immediate action, paid removal services like Incogni and DeleteMe automate the tedious process of sending opt out requests to hundreds of brokers. You can also request your LexisNexis consumer report, which may include your driving data if your car has been reporting on you. Check consumer.risk.lexisnexis.com and Verisk's portal at fcra.verisk.com.
The Five Minute Privacy Reset
For iPhone: First, disable tracking in Settings under Privacy and Security, then Tracking, and toggle off "Allow Apps to Request to Track." Second, audit your location settings and set most apps to "While Using" or "Never," and turn off Precise Location for apps that do not need navigation. Third, disable Apple's ad targeting in Settings under Privacy and Security, then Apple Advertising, and toggle off "Personalized Ads." Fourth, enable Private Relay if you subscribe to iCloud Plus. Fifth, install Brave or Firefox as your browser.
For Android: First, delete the advertising ID in Settings under Privacy, then Ads, then "Delete advertising ID." Second, audit location permissions and change most apps to "While Using" or "Don't Allow." Third, disable background scanning by going to Settings, then Location, and turning off Wi-Fi scanning and Bluetooth scanning. Fourth, disable Google tracking in your Google Account under Data and Privacy by turning off Location History and Web and App Activity. Fifth, install Brave or Firefox.
On all phones: Delete apps you have not used in the past month. Set up NextDNS, which has a free tier and takes about five minutes, for network level ad and tracker blocking. Enable the Global Privacy Control in your browser. Register at California's DROP portal if you are eligible.
This Is Not a Future Problem. It Is Happening Right Now.
The surveillance system described in this chapter is not a theoretical risk. It is a fully operational, commercially mature industry that tracks billions of devices every day and generates tens of billions of dollars in revenue. The Gravy Analytics breach proved that the worst case scenario is real. A single company's careless security exposed the movements of millions of people across the most sensitive places in their lives, from the White House to addiction treatment centers to houses of worship.
The FTC has taken five enforcement actions against location data brokers since 2022. Those actions matter. They are also a handful of orders against an industry that broadcasts your location 294 billion times a day. The architecture that makes all of this possible, the system in which your phone sends your coordinates to thousands of companies every time an ad loads, remains fully operational.
What sets this moment apart from every previous era of surveillance is scale and permanence. The 50 billion location pings obtained by the New York Times were from nearly a decade ago. Today, Flock Safety's 80,000 cameras scan 20 billion plates every month. Your connected car may report your position every three seconds. All of this data gets stored, aggregated, and resold. And as the Gravy breach showed, it is all vulnerable to theft.
The protective steps in this chapter are real and meaningful. Take them today. Share them with your family. Teach them to your children. Every setting you change and every identifier you delete shrinks the digital dossier that this industry has built about your life.
But I want to leave you with a bigger question. A society that generates 294 billion surveillance broadcasts a day has already made a choice about privacy. The question is whether any of us actually got to vote on it. I wrote this book because I believe the answer is no, and I believe it is time for that to change. The steps in this chapter protect you. The chapters that follow will show you how to protect your country.