Telcos provide API access to your phone's location, along with your name and address, writes Philip Neutstrom. With two links, to danalinc.com and payfone.com, he shows that these sites can access this data when your phone connects. The pages are demos for the API and serve some of the data provided back to the visitor.
In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time.>
But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.>
Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.
It knew my name and address and more besides, and located to me to a few hundred feet's accuracy. I certainly never knowingly opted-in to it.