Researchers at The Citizen Lab have uncovered Webloc, a geo surveillance system that provides real-time access to location records from up to 500 million mobile devices. The system exploits location data collected through mobile apps and digital advertising networks.
What is Webloc?
Webloc operates as an ad-based surveillance infrastructure that aggregates location data from mobile devices at scale. The system provides subscribers with constantly updated streams of geolocation records, enabling tracking of device movements across vast populations.
How it works
The system collects location information primarily through two channels: mobile applications and digital advertising ecosystems. Apps and ad networks routinely gather precise location data from users' devices, often with limited transparency about how that information will be used or shared.
Scale and implications
With potential access to 500 million devices, Webloc represents one of the largest documented location surveillance operations. Location data of this granularity can reveal detailed patterns about individuals' lives—where they work, worship, seek medical treatment, spend leisure time, and associate with others.
Privacy concerns
The investigation raises significant questions about data broker practices and the lack of oversight in location data markets. Users typically provide location permissions for specific app functions, unaware their data feeds into broader surveillance infrastructure.
Location tracking at this scale enables various harms: discriminatory targeting, stalking, political profiling, and law enforcement abuse. The system's integration with advertising networks suggests commercial motivations drive its operation.
Context
The discovery adds to growing evidence that location data markets operate with minimal regulation. Previous research has documented how data brokers and ad networks monetize location information, often derived from users who have little awareness their data is being aggregated and resold.
The Citizen Lab's findings underscore the tension between mobile app functionality and privacy. Even as regulators worldwide consider stricter data protection measures, surveillance capabilities continue expanding through opaque supply chains.
New York became the first US state to prohibit smart glasses across its entire court system. The ban covers all 1,240 state, county, city, town, and village courts.
Federal investigators report that the Department of Government Efficiency (DOGE) deleted records that would have shown whether the agency accessed sensitive government systems. A government report claims DOGE did not access those systems.
Madison Square Garden kept a detailed database categorizing hundreds of celebrities, including LGBTQIA labels and risk assessments. The list tracked famous attendees and Taylor Swift's wedding guests.
Interpol and law enforcement agencies have arrested 5,811 suspects and seized $293 million across 97 countries in a coordinated operation targeting social engineering scams and fraud.