Anonymized location data is as scary as we thought.
July 21, 2021 7:07 AM   Subscribe

Catholic official resigns (Axios) after publication identifies him using legally obtained (and purchased) "anonymized" location data that links him to Grindr and gay bars. The New York Times did a big feature on the risks of this data in 2019 posted here previously.

The Axios article does not provide any indication of whether the usage of the data by the publication, effectively de-anonymizing it, violated the terms of any agreements.
posted by ecreeves (71 comments total) 25 users marked this as a favorite
 
What did the [Pillar] article do? It spied on Msgr. Burrill (more accurately, it using "mined data" from an unnamed source who spied on him) to reveal that, apparently, he had broken his promise of celibacy. The article, which I will not link to, repeatedly conflated homosexuality with pedophilia, all under the guise of a journalistic "investigation."

I will also not link to the Pillar article, but it is quite odious.
posted by Tell Me No Lies at 7:38 AM on July 21, 2021 [9 favorites]


Whoa. Well, that jumped from "theoretical possibility" to "actually ruining someone's career and/or life" really damn fast.

I'm not attempting to downplay the risk of data collection and brokering—it's a huge risk, and needs to be stopped immediately—but I also wonder if we are seeing some parallel construction here? How did they know to target this one guy? Did they just do a wide-net trawl through the data, looking for people who had been to some key Catholic Church locations and also gay bars? Or were they targeting this particular guy for some other reason (and/or had him under more conventional surveillance) and then pulled the cell-location data to create the smoking gun? It would be a rather good way to cover up an intentional leak from somewhere inside the Church, among other things.

I do not trust these Pillar "journalists" one bit.
posted by Kadin2048 at 7:43 AM on July 21, 2021 [21 favorites]


I have a lot of emotions about this, and sometimes a meme is all I got.

Apparently they received this data from “a person concerned with reforming the Catholic clergy.” Do I think that this is a cool guy who wants women to be priests? Somehow I do not. Unhinged people are going to use this to humiliate public figures for no good reason.
posted by Countess Elena at 7:44 AM on July 21, 2021 [26 favorites]


I know this doesn't solve the problem, but my big takeaway is "own who you are, and don't work for organizations that hate who really you are."

Of course, this says nothing of if your government (which you can't choose) decides they want to ruin your life somehow.
posted by deadaluspark at 7:45 AM on July 21, 2021 [27 favorites]


(I would be grateful if this thread can continue to avoid any "LOL XTIANS" and "the Catholic church should be burned down" tangents, in order to discuss this very real and baaad escalation of doxxing to new depths.)

Does anyone know to what extent was this effort had to be done manually (i.e., in a very targeted fashion), and not by software on a very large scale, as is done with those vehicle-mounted license plate scanners?

That is, is this artisanal or mass-produced harassment, so to speak?
posted by wenestvedt at 8:00 AM on July 21, 2021 [26 favorites]


Its not possible to have anonymous location data, period. The sooner people get that the better.

Its beyond trivial to look at a dataset and find individuals with as little as 3 data points. Once you narrow it down you can filter down to laser focus.

The way most apps work is to sell your info to the highest bidders, I don't know why people are surprised they are good at it.
posted by vincentmeanie at 8:01 AM on July 21, 2021 [18 favorites]


my big takeaway is "own who you are, and don't work for organizations that hate who really you are."

My takeaway is that anyone could be targeted like this with very substantial implications for their private life and in many cases for their personal welfare. This will include many people on this site and some who you know in real life.
posted by biffa at 8:03 AM on July 21, 2021 [54 favorites]


Imagine a future where all of your leaders and decision-makers are as squeaky-clean, never-did-anything-out-of-the-safest-branch-of-the-mainstream, never-had-any-potentially-controversial-friends-or-family, as possible. That's what this crap is driving us to.
posted by Thorzdad at 8:06 AM on July 21, 2021 [22 favorites]


Imagine a future where all of your leaders and decision-makers are as squeaky-clean, never-did-anything-out-of-the-safest-branch-of-the-mainstream, never-had-any-potentially-controversial-friends-or-family, as possible.

PRESIDENT-FOR-LIFE ROMNEY
posted by wenestvedt at 8:07 AM on July 21, 2021 [3 favorites]


PRESIDENT-FOR-LIFE ROMNEY

Welllll, there was that one dick pic, though. So, even Mittens is tainted.
posted by Thorzdad at 8:08 AM on July 21, 2021 [2 favorites]


Thanks for the link to that WaPo article, Countess Elena. It answers a few of my questions but also raises others. I think there is more going on here than meets the eye.

The Pillar article (which I visited with adblocker firmly enabled, lest they derive any revenue from it) says:
According to commercially available records of app signal data obtained by The Pillar, a mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020
That's not consistent with my understanding of the data contained and sold by bulk data brokers. Cellular network operators have access to your phone's location information and IMEI (unique identifier). My understanding is that they often sell this data, with the IMEIs scrubbed and replaced with a random unique identifier, to data brokers. This forms the basis of much of the information you can buy. Nothing on the carrier end should be able to identify particular apps installed or in use on the handset. To do that, you would need to have compromised the phone itself.

So the claim that they were able to basically track this guy from his home or Church work location to a gay bathhouse? That checks out, unfortunately, and is entirely plausible.

But the claim that they knew he was using Grindr in particular? That doesn't quite wash. Apple removed the ability for one app to determine what other apps were installed in 2015, and Android pretty quickly did the same (I thought in Android 11, but maybe not completely?).

Unless he was using a Church-issued phone with enterprise management software (basically, spyware) installed, or the Pillar's mysterious informant had access to something like Cellebrite or Pegasus (maybe someone should run this guy's phone number against the leaked list of NSO Group targets?), there shouldn't be any way to determine that he was using Grindr.
posted by Kadin2048 at 8:11 AM on July 21, 2021 [13 favorites]


I know this doesn't solve the problem, but my big takeaway is "own who you are, and don't work for organizations that hate who really you are."

One of my several big takeaways is it's "good thing I don't bring my phone to spicy protests/actions of which my employer might not approve". I'm a mentally ill transgender anarchocommunist (and a street medic); I don't work for organizations who hate who I really am but it's hard to find any that are, like, supportive of every aspect of that and still allow me to afford a place to live.
posted by an octopus IRL at 8:12 AM on July 21, 2021 [45 favorites]


Imagine a future where all of your leaders and decision-makers are as squeaky-clean, never-did-anything-out-of-the-safest-branch-of-the-mainstream, never-had-any-potentially-controversial-friends-or-family, as possible. That's what this crap is driving us to.

Only for Democrats, I should think. Right-wingers have jettisoned the concept of shame entirely, whereas the left-wing purity testing can go on for years. I expect this kind of data use to have an impact on elections in the future. (And on regular down-home blackmailing, of course.)
posted by Countess Elena at 8:15 AM on July 21, 2021 [45 favorites]


Only for Democrats, I should think.

Spot on. Donald Trump had numerous documented affairs, paid a porn actress hush money to cover up yet another affair, bragged of sexual assault, and verbally lusted after his own daughter, and evangelical Republicans claimed him as their own.

Small wonder -- they revealed themselves as a pack of hypocrites in 1980 when they abandoned one of their own, Jimmy Carter, to vote for Ronald Reagan.
posted by Gelatin at 8:20 AM on July 21, 2021 [33 favorites]


Imagine a future where all of your leaders and decision-makers are as squeaky-clean

Ahahahahahaha.... wipes tear away from eye...

No... instead imagine a present where people either completely ignore news (too depressing), or label things as "fake news" or double-down and actually elect corrupt, morally reprehensible leaders - and tar them all with the same brush - if someone is in power, they must be inherently bad - but as long as they seem to root for the same things I do, then I will happily support them...
posted by rozcakj at 8:26 AM on July 21, 2021 [9 favorites]


“Basically, this technology is capable of pinpointing individuals who have downloaded a ‘gay app,’ finding out how much they are using it, and then figuring out, thanks to the geolocation technology, if they live at a seminary, or work at a parish or a major Catholic organization,” said one Catholic specialist on digital technology and data gathering, who requested anonymity due to the sensitivity of the issue.

A Catholic tech expert who also spoke to CNA said the technology is so precise that it can provide the names and addresses of the targeted clergy and also tell what other app users he might spend time with and where their meetings take place.

The data gathered can tell, the data specialist told CNA, “what places they frequent, such as, let’s say, a really shady part of town not consistent with a priestly life.”
From an article from Catholic News Agency which is reporting it was offered and turned down data in 2018.
posted by Fukiyama at 8:28 AM on July 21, 2021 [5 favorites]


Kadin,

Brokers can also get location and app data from the half dozen ad/tracking networks embedded in Grindr, previously documented years ago.

Any app that uses location data, or any app that you use around time as an app that generates a location generate pings can be correlated. All these wonderful Big Data tools are designed to do exactly that. There’s a lot of work done with fingerprinting even if official device identifiers are blocked.
posted by theclaw at 8:38 AM on July 21, 2021 [15 favorites]


Going out on a limb but basically just playing Devil's Advocate.

"Imagine a future where all of your leaders and decision-makers are as squeaky-clean, never-did-anything-out-of-the-safest-branch-of-the-mainstream, never-had-any-potentially-controversial-friends-or-family, as possible."

It could also spur things going the opposite direction, where Democrats suddenly have the ability to "say it like it is" without repercussions, because things have become so constrained that the voting electorate suddenly sees someone talking mad shit as "being real." You know, it grossly worked with Trump, although that was because he was selling canned racism. I don't know how far "telling it like it is" gets you with the left, but I suspect that leftists and liberals also understand that if all your candidates have to be squeaky-clean that they stop being interesting and stop being able to stand up for rights of those whose rights are being trampled. Can a squeaky clean candidate stand up for issues like safety for sex workers, or does supporting them destroy their "squeaky clean" image? In other words, shouldn't it make sense that society would respond by realizing that the "squeaky clean" candidate is most certainly "fake" in the sense that they are more worried about public appearance than their actual values? I mean, this is largely already the case with politicians, but I certainly feel like if it keeps heading this direction, there will be more demand for a candidate that is "real" because nobody but nobody believes that anyone on this planet is squeaky clean. Hell, the major religion in this country is entirely based on the idea of "no one is without sin." Sex workers are just an example, but the squeaky clean candidate is by default unable to interact with marginalized communities because their interaction with them can ruin their squeaky clean image. This, in itself, undermines a "squeaky clean" candidates ability to truly represent anyone. I honestly think voters might be stupid but that they are aware of this on some level.

Republicans are just ahead of the game on that, realizing that going cleaner and cleaner actually undermines their ability to connect with their constituents, because people stop believing what they have to say. Going full bore crazy and saying whatever the fuck is on your mind whenever seems more "real" to people somehow, only because of decades of politicians heavily focus-grouping the hell out of anything they say in public. The perception that politicians are tightly controlling what they say because they want to look good is so well known, it affects how people interact with politicians and makes them more likely to trust a politician who cusses and throws a fit and gets angry.

Which, to be fair, I would get behind a politician like that, too. Because I'm like the god damned Incredible Hulk. I am always angry that my future has been stolen from me, financially and ecologically. I would love to hear someone be as fucking furious and full of righteous fucking indignation as I am daily over this fucking trash fire of a fucking species that let's people like Bezos play hooky with taxes in space while millions starve. Like seriously, I would love a politician to get as angry as we all are about subjects like literally the one under discussion in this thread (because obviously I'm sure a lot of Catholics think this kind of spying is gross behavior, too. Shouldn't God be the one judging you these kind of transgressions, not other sinners?). I think a politician getting angry over issues that voters care about would, shocker, work. Does anyone think that a candidate getting up and saying "Fuck Comcast, I'm so sick of my internet sucking shit I'm putting forward a bill to nationalize the fucking asshats" wouldn't result in people losing their minds cheering? (I'm in Washington, and things suck so bad internet-wise here that even Republicans want municipal broadband, so I think they can be sold on this.)

Give me someone like AOC, but kind of lit and just fucking over it so they stop worrying about the sound bites and just go all in.

This has been an episode of me playing Devil's Advocate, we now return to the regularly scheduled beating your head against the wall because the world is horrible.
posted by deadaluspark at 8:40 AM on July 21, 2021 [21 favorites]


Its not possible to have anonymous location data, period. The sooner people get that the better.

Worth repeating and not just location data. Sure, it starts anonymous, but then you fuse a few different anonymous data sets and suddenly you have pseudonymous data. From there to fully identifying someone is much easier than people think because people tend to be much more unique than they think.

Location data is obviously the least anonymous of all.
posted by atrazine at 8:42 AM on July 21, 2021 [6 favorites]


“what places they frequent, such as, let’s say, a really shady part of town not consistent with a priestly life.”

Of course some might point out that if a priest really wants to reach sinners, they need to go where the sinners are.
posted by TedW at 8:44 AM on July 21, 2021 [35 favorites]


I get that part of the problem here is lack of location data privacy. But the other problem is a violently homophobic institution that hates gay people. And has a history of helping its leadership sexually abuse children and avoiding understanding the cause of that pattern of institutional abuse.

Then there's a publication that conducts actual hunts to out and destroy the careers of gay people. The Pillar article is a real piece of work. It says "There is no evidence to suggest that Burrill was in contact with minors" and then goes on to speculate for paragraphs (with quotes!) about how what he was doing was clearly going to lead to the abuse of children.

I feel terrible for Jeffrey Burrill. His career has been destroyed by homophobia.
posted by Nelson at 8:44 AM on July 21, 2021 [9 favorites]


From there to fully identifying someone is much easier than people think because people tend to be much more unique than they think.

It also doesn't help that Google spent years talking about how "what they were really learning" from their massive datasets was that "humans are more alike than different" leading people down this path of assumption that since "we're all so much alike, they couldn't possibly pick me out of the crowd."
posted by deadaluspark at 8:45 AM on July 21, 2021 [2 favorites]


theclaw: Grindr claims quite vociferously that they do not share location data with advertisers.
Grindr is a location-centric application, so it is understandable that people assume that we’d share your location information with our advertisers, but that’s a misconception—we do NOT share precise location data with advertisers. Grindr’s ad partners can leverage a device’s IP Address to get a general sense of where the user is in the world, but accuracy drops sharply below city level detail.
We share the basics and only the basics: the mobile advertising ID (MAID) of the device (which users have full control over within their mobile operating system), IP Address (needed to communicate with the user’s device), and device details like make, model, OS version, etc.
Taking them at face value—and they could be lying, sure, but they seem to stand to lose the most if they are—there's still some nontrivial data correlation that has to happen, between the advertiser-sourced information (containing the MAID and imprecise location) and the cellular carrier-sourced information (random ID and potentially precise location), in order to produce the sort of smoking gun evidence that the Pillar claims to have.

Maybe there are other apps that are leaking the device-specific MAID and a precise location, allowing that correlation to be done more easily than I'm imagining it, though.
posted by Kadin2048 at 8:49 AM on July 21, 2021 [3 favorites]


differential privacy is a thing.

Of course if the person selling the data has no incentive to protect individuals, they won’t use such a system.
posted by nat at 8:51 AM on July 21, 2021


Are there any organizations (or legislation) I can support that favor a 100% ban on user data sales? Like, I don’t think trading in any kind of user data should be legal. If that causes a lot of business models to evaporate, tough shit. We should keep all info about browsing, search, location, finance, etc. completely private; not even opt in for 3rd party trading should be allowed. That means credit scores too. If I need a loan I’ll request an independent credit score with an open source algorithm and manually email it to the fucking lender. Rant over.
posted by freecellwizard at 8:52 AM on July 21, 2021 [9 favorites]


But the claim that they knew he was using Grindr in particular? That doesn't quite wash.

Not if they were, as alleged, trawling data produced by the Grindr app itself.

Maybe there are other apps that are leaking the device-specific MAID and a precise location, allowing that correlation to be done more easily than I'm imagining it, though.

There absolutely are. So I don't think this would be so hard, you buy a list of the advertising IDs of phones from Grindr, then buy access to a large database of phone locations that also has the advertising IDs, and match them up.
posted by BungaDunga at 8:58 AM on July 21, 2021 [9 favorites]


The Axios article does not provide any indication of whether the usage of the data by the publication, effectively de-anonymizing it, violated the terms of any agreements.

I assume the trick is to buy the data from a re-re-reseller, who doesn't bother to make you sign anything. Sure, they signed an agreement on how to use the data, but you didn't.
posted by BungaDunga at 9:05 AM on July 21, 2021 [4 favorites]


I guess it's time to start telling everyone who'll listen to disable ad tracking IDs (instructions for both iOS and Android).

N.B. that on iOS 14.6, the menu item names have changed somewhat from previous iOS versions. The toggle is located in Settings > Privacy > Apple Advertising (located all the way at the bottom) > Personalized Ads.
posted by Kadin2048 at 9:07 AM on July 21, 2021 [14 favorites]


But the other problem is a violently homophobic institution that hates gay people.

I think this is a little bit of a misinterpretation of what's going on here and inside baseball politics of the American Catholic church. The conservative members of the church are lashing out because the Vatican is basically turning towards a more accepting path towards homosexuality. As I understand it, the gentleman here was part of the wing of the church that has moved into favor under the current pope.

I'm not sure this isn't related timing wise to Francis essentially banning new Traditional Latin Masses - which are really a big part of the super conservative movement in the US. His reason was because the are creating disunity in the church - which like I'm pretty sure this makes his point for him.

So this is actually a score settling thing more than anything else. Not that it doesn't make it any less horrible.
I follow some insane catholics on twitter (basically so I'm not surprised when I hear something crazy from my in-laws) and they were victory lapping this like crazy.
posted by JPD at 9:07 AM on July 21, 2021 [19 favorites]


Nah man - I'm not catholic - I really don't care. But Francis is trying to move the window towards the 20th century and these nutjobs are pissed.
posted by JPD at 9:11 AM on July 21, 2021 [17 favorites]


I wish there was a way to tell my phone "Don't create an advertising ID at all." While Google allows me to "opt out," I know how useless these software button toggles are in real life, often not doing anything at all, just there to make us feel better. The fact that it still has an Ad ID means that Ad ID can be leaked through software. The only way to truly opt out would be if they allowed me to disable and remove the random number that is my Ad ID entirely.
posted by deadaluspark at 9:11 AM on July 21, 2021 [6 favorites]


The only way to truly opt out would be if they allowed me to disable and remove the random number that is my Ad ID entirely.

That's exactly what the "Opt out of Ads Personalization" toggle on Android is supposed to do. It zeros out the IDFA and causes getAdvertisingIdInfo() to throw an exception of some sort. Although the official documentation does suggest that your app "fall back to an ads solution that doesn't require using the Advertising ID library". (Strong side-eye at this suggestion.)

I'm less clear on how the iOS toggle actually works.
posted by Kadin2048 at 9:26 AM on July 21, 2021 [1 favorite]


Grindr claims quite vociferously that they do not share location data with advertisers.

And yet it has been pretty well established that they do.

Never take anything these companies say at face value.
posted by sinfony at 9:29 AM on July 21, 2021 [14 favorites]


boolean isLimitTrackingEnabled =
adInfo.isLimitTrackingEnabled();


The Ad ID is still there, it still allows me to reset it. This looks like its just code that gets in between the apps and the Ad ID. My point is... it's still there. The ID itself doesn't seem to be zeroed out in the system, just zeroed out when an app tries to access it and the code says that Limit Tracking is Enabled. Google is just between the app and the Ad ID going "nuh uh uh."

Which, in my eyes, is massively different than having the ID itself be all zeroes.

Never take anything these companies say at face value.

Exactly my point here with Google.
posted by deadaluspark at 9:31 AM on July 21, 2021 [5 favorites]


Only for Democrats, I should think.

Only for the poor. The sufficiently well-heeled can delegate, threaten and pay people off well enough to keep their hands and records clean. It's not a coincidence that the chosen victim here didn't really have any way to fight back.
posted by mhoye at 9:45 AM on July 21, 2021 [5 favorites]


The Inevitable Weaponization of App Data Is Here
It is not clear what Grindr sees as "infeasible from a technical standpoint." In January the Norwegian Data Protection Authority fined Grindr $11.7 million for providing its users' data to third parties, including their precise location data. Almost prophetically, Norwegian authorities said at the time that Grindr users could be targeted with this sort of information in countries where homosexuality is illegal.
posted by BungaDunga at 10:08 AM on July 21, 2021 [11 favorites]


If you want to see a recent example of this history-scrubbing in action, take a look at what's happened to Jerk City, the early-2000s-internet-humor cornerstone, now moved to "Bonequest" and near-completely scrubbed of the presence of Rands, one of its few founders associated with it by name, presumably as Rands works at cleaning up his online presence and disassociating himself from his early 2000s idea of funny. No way that was cheap or easy. It's got a cute easter egg in it if you search for "rands" though.
posted by mhoye at 10:11 AM on July 21, 2021 [7 favorites]


My guess is that Grindr uses phone number verification, as do other apps on his phone. These apps then use a hash of the phone number as an “anonymous” identifier for mobile ad APIs, giving the ad-targeting networks a unique user ID. Surveillance capitalism being what it is, the ad networks use the data from all apps that have your phone number (or email address or Facebook user ID or similar) to build a more monetisable picture of which demographics you fall into. And this guy happened to fall into two demographics whose intersection is stigmatised.

Due to some combination of short-sightedness and malicious loophole creation, one-way hashes of personally identifiable information are legally considered to be anonymous and not personally identifying, despite it being trivially easy to see that one can use them to pin down an individual. You can't spam someone with texts using a hash of their phone number (unless you enumerate all phone numbers into a rainbow table, of course, but that would be Illegal and Bad), but you can see whether record A is the same individual as record B.
posted by acb at 10:16 AM on July 21, 2021 [4 favorites]


Google is just between the app and the Ad ID going "nuh uh uh."

Well, yeah, I mean they're the OS developer. They're between the app and the hardware, too. If you can't trust them when they say they no longer return the IDFA in response to an app's request for it, you shouldn't trust any claim they make that you can clear it, even if it was displayed as all zeros or something. At that point, you can't trust the device at all, on any front, including even basic stuff like not handing out your actual IMEI.

Although Android Jetpack, which the advertising library is part of, is part of AOSP. But, again, if you don't trust Google in general (or the phone vendor), then there's no particular reason why you should trust that the code that's visible or part of AOSP is actually the code running on your device. You'd have to download and compile Android yourself, then load it onto a wiped device to be sure. But even then, if you don't trust Google, how do you know their build tools aren't malign? You'd have to audit, download, and compile those... all the way down to whatever level you do decide to trust.

Down this road lies madness* (and a Turing Award).

Ironically, the author of that paper, Ken Thompson, is currently employed by none other than Google.

* In the paper, Thompson semi-famously refers to an "Unknown Air Force document" as one of his sources for the idea of persistent compiler subversion. I believe this is the original paper to which he was referring, published originally in June 1974. So many years and yet so little progress.
posted by Kadin2048 at 10:41 AM on July 21, 2021 [9 favorites]


Nelson, please don't paint with such a broad brush. There are over a billion baptized Catholics worldwide. There are half a million clergy, not to mention the non-ordained in religious orders. To call it an "institution" doesn't really capture the scale or diversity of opinion and organization. There are plenty of non-homophobic Catholic laypeople and clergy doing what they can to improve the culture of Catholicism from the inside. This coming from someone whose ancestors have been throwing rocks at them from the outside for 500 years.
posted by ecreeves at 11:23 AM on July 21, 2021 [8 favorites]


I didn't know that "limit ad tracking" was an option in iOS. I should have changed that when I got the phone. Are you saying that if this guy had that setting switched, he wouldn't be in this mess?
posted by Sterros at 11:28 AM on July 21, 2021


Archive link for today's "Top U.S. Catholic Church official resigns..." WaPo article Countess Elena linked above; within that article, there's a link to the "Pope Francis renews restrictions on old Latin Mass, reversing Benedict XVI" (another archive save) news JPD mentions -- which ran Friday, July 16, 2021.
posted by Iris Gambol at 11:59 AM on July 21, 2021 [2 favorites]


My cynical exhaustion on news of Catholic wrongdoings aside - my cynical exhaustion with news of technology wrongdoings is increasingly mitigated by the sobering realization that my daily existence has, past 60, become so relatively boring and utterly bereft of saucy dalliances, questionable destinations or shocking behaviors that I find myself shrugging at the personal impact these otherwise Orwellian abilities and abuses are likely to ever muster against me. I occasionally miss the days when I'd have lost (more) sleep over the notion of all my comings and goings being tracked but am grateful I got it in before iPhones.

These days, my biggest privacy worry is the unmistakeable giveaway every other Tuesday morning when our admittedly unhealthy number of wine bottles crash jarringly into the recycling truck. Alas, there's no setting to silence that.
posted by thecincinnatikid at 12:03 PM on July 21, 2021 [7 favorites]


Are you saying that if this guy had that setting switched, he wouldn't be in this mess?

I don't think enough has really been disclosed about the de-anonymization methodology used to say that for sure.

Personally, I still think there is a strong possibility of parallel construction—perhaps the Pillar's mystery source knew that Monsignor Burrill was gay, or had hearsay to that effect, and then they went and trawled through cellphone records in order to come up with a confirmation in order to make him step down. It's not like the Pillar folks have actually offered proof, aside from Burill's resignation itself.

I mean, one can imagine a situation where you know someone was at a gay bathhouse (perhaps because you were there yourself, or you set up a honeytrap, or whatever), but don't want to implicate yourself: claiming to have obtained cellphone data (or actually obtaining it, if you can) would be a great way of explaining the knowledge without revealing the actual sources/methods. As long as the method seems plausible, it will likely be taken seriously.

In a sense, the mere existence of the ability for someone to track someone else via data brokers hurts everyone, by creating a plausible way to explain damning information obtained via even less-savory means.

But on an individual level, it certainly seems like best practice to switch off ad tracking, certainly.
posted by Kadin2048 at 12:09 PM on July 21, 2021 [3 favorites]


Well, yeah, I mean they're the OS developer. They're between the app and the hardware, too. If you can't trust them when they say they no longer return the IDFA in response to an app's request for it, you shouldn't trust any claim they make that you can clear it, even if it was displayed as all zeros or something.

I think you might be missing my point that Google, at it's core, is an ad company, and while they prevent apps from accessing your Ad ID through software, the Ad ID isn't deleted, it still exists, it never goes away, and I'm fucksure that's because Google continues to build profiles off of your Ad ID internally, even if it's not being used to serve you ads or being given to third party apps. Honestly, you don't have to go down the hole of "you can't trust any hardware you didn't fabricate and program yourself" you just have to know you're dealing with a fucking capitalist corporation, and yeah, that means they generally lie to you for the sake of profit.
posted by deadaluspark at 12:33 PM on July 21, 2021 [6 favorites]



I'm not attempting to downplay the risk of data collection and brokering—it's a huge risk, and needs to be stopped immediately—but I also wonder if we are seeing some parallel construction here?


1. Find your target's home address.
2. Find all "anonymized" phones that spend a lot of time at that address.

3. Ruin someone's life.

This is just tooo easy.
posted by ocschwar at 12:37 PM on July 21, 2021 [11 favorites]


This is only an escalation in the sense of the wide potential scope for this technique. The usual arguments for and against outing still stand, as they have done for decades.

Humans require privacy. Society requires a tolerance for a degree of hypocrisy. That hypocrisy is less tolerable in people who enforce society's rules and hardly ever tolerable in people who make the rules.

Burrill is one of the people making the rules. One of those rules is that people with "uncertain sexual identity" or "deep-seated homosexual tendencies" cannot be priests.

In this case I find myself agreeing with what Peter Tatchell said 26 years ago about the Anglican Church in the UK:
"Outing is queer self-defence. By not outing gay Bishops who support policies which harm homosexuals, we would be protecting those Bishops and thereby allowing them to continue to inflict suffering on members of our community. Collusion with hypocrisy and homophobia is not ethically defensible for Christians, or for anyone else."

Did that work? Yes it did. The Anglican Church now allows bishops to marry their same-sex partners.
posted by happyinmotion at 2:21 PM on July 21, 2021 [4 favorites]


happyinmotion, I wouldn't disagree with anything you said...

Except the fact that there is obviously a strong attempt to connect homosexuality and pedophilia here, which is not in any way shape or form "queer self-defense," as it actively harms the queer community to conflate the two.
posted by deadaluspark at 2:29 PM on July 21, 2021 [5 favorites]


Trying to characterize what The Pillar did as some sort of gay liberation is really, really off the mark. I'll be charitable and assume you didn't read their disgusting hit piece. It's about 1/3 about the victim, Burrill, and 2/3 trying to make the claim that tolerating any sort of sexual deviance is a slippery slope to child abuse. Which is particularly infuriating given the history and current actual real problem the Catholic Church has with its leaders abusing children.

And to someone else's comment, I'll stand by my characterization of the Catholic Church as a violently homophobic institution. Yes I know "not all Catholics" are homophobes and many are working for change. In fact "some of my best friends" are Catholic and are as gay positive as can be. But the institution and the doctrine has been and continues to be intensely homophobic. Right here, in this story, we have a terrible case of a gay Catholic being vilified and having his life destroyed by their homophobic world view. It's awful.

I'm really disappointed in the discussion here of the LGBT side of the story here on Metafilter. So many efforts to bend over backwards and dismiss this as some aberration. It's not. It's Catholic doctrine being applied ruthlessly to their own leadership. It's monstrous.
posted by Nelson at 3:23 PM on July 21, 2021 [10 favorites]


The Pillar investigation of Monsignor Burrill is unethical, homophobic innuendo, an op/ed from yesterday in the Religion News Service. By Steven P. Millies, "associate professor of public theology and director of The Bernardin Center, at Catholic Theological Union."
posted by Nelson at 3:24 PM on July 21, 2021 [1 favorite]


Did that work? Yes it did. The Anglican Church now allows bishops to marry their same-sex partners.

Not in England, where it is against the law for same-sex couples to marry in Anglican churches. Clergy in same-sex partnerships have been dismissed from their jobs and, in one recent case, driven to suicide. So no, I wouldn't say that outing had 'worked'. In fact I'd say that the Church of England is a more hostile environment for gay clergy now than it was 26 years ago.
posted by verstegan at 3:31 PM on July 21, 2021 [2 favorites]


Nelson, I don't think anyone is calling this an abberation, so please don't put words in our mouths. There is clearly a sense in which you are right. But, importantly, there is also a sense in which your earlier statement was both wrong and insulting one-sixth of the world's population. It is much more to the point to highlight the indisputable homophobia in current doctrine than to slap a label on a global religious community.
posted by ecreeves at 4:30 PM on July 21, 2021


As far as Grindr goes, I'm not really willing to cut them much slack, in case anyone remembers that delightful moment when they were caught selling users' HIV status data [NYT], among other details. [Vox] [Techcrunch] [NPR]
posted by mykescipark at 4:59 PM on July 21, 2021 [6 favorites]


The U.S. Conference of Catholic Bishops "Statement on USCCB General Secretary" is four sentences long; the second sentence is: What was shared with us did not include allegations of misconduct with minors. November 2020 National Catholic Reporter article on Burrill's election to the post. (In what appears a regular retirement announcement, the Pope accepted the resignation of the Bishop of the Diocese of Reno yesterday; Bishop Calvo is 70 and his replacement, Seattle's Bishop Mueggenborg, is 58. Not counting Burrill's ousting, Calvo's is the 5th resignation in four months; the other bishops are all 75.)
posted by Iris Gambol at 5:07 PM on July 21, 2021


In fact I'd say that the Church of England is a more hostile environment for gay clergy now than it was 26 years ago.

Oh come on!

Anglicans in 1998 at the Lambeth Conference: "homosexual practice" is "incompatible with Scripture" and absolutely no "legitimising or blessing of same sex unions nor ordaining those involved in same gender unions".

Anglicans in 2020 at the Lambeth Conference: inviting bishops who are married to same-sex partners.

I'm not saying it's rosy but that's progress.
posted by happyinmotion at 5:07 PM on July 21, 2021 [2 favorites]


you can see whether record A is the same individual as record B.

Do all apps use the same hash??!?
posted by clew at 5:14 PM on July 21, 2021


Do all apps use the same hash??!?

Back during the Cold War, there was a lot of talk about controls on nuclear weapons, and how to make sure no unauthorized launches happened. Eventually they came up with the Permissive Action Link, which oversimplified amounted to a combination lock.

That said, the Air Force was concerned that in case the time came, having to fumble around with figuring out what the code of the day was would take too long. So... all the PALs were set to 00000000. (this has since been disputed and the dispute disputed, but you get the idea)

Which is to say, this is one of the biggest dodges in the industry, and I haven't seen it officially *documented* as such, but I've heard the same claim on separate occasions from people in the industry at conference talks, and it makes perfect sense as something I'd do if I were in that position & in a mercenary mindset.

After all, if it's hashed, it's safe, right? You aren't selling or transferring the information, you can do the Facebook/Google-style "We don't *sell* your data, we just sell transformations based on your data" thing, and if everybody just so happens to use the same hashing algorithm, same salt, same primary key...
posted by CrystalDave at 5:57 PM on July 21, 2021 [2 favorites]


Not counting Burrill's ousting, Calvo's is the 5th resignation in four months; the other bishops are all 75.)

If you're suggesting that's a lot of resignations, Catholic bishops are required under canon law to resign upon reaching 75. The pope though doesn't have to accept immediately. Some bishops stay on for several years.
posted by Fukiyama at 6:06 PM on July 21, 2021 [2 favorites]


No, that's not what I was suggesting.
posted by Iris Gambol at 6:51 PM on July 21, 2021


Everyone is talking about the larger issues at work here, which certainly are worth discussing - but that passes over the fact that this specific guy was TARGETED for outing:

If my memory is faulty, I'm willing to be corrected - but was wasn't this the very same guy who organized the last American Bishops' meeting - and who READ OUT THEIR STATEMENT proposing to deny communion to pro-choice politicians?
posted by AsYouKnow Bob at 6:47 AM on July 22, 2021 [1 favorite]


but was wasn't this the very same guy who organized the last American Bishops' meeting - and who READ OUT THEIR STATEMENT proposing to deny communion to pro-choice politicians?

I have read several articles to this effect in the last 24 hours, coming from a lot of marginal news outlets and mostly amplified via social media, to the point where I think there is a PR campaign going on. Slightly fishy.

First, it doesn't really matter what the guy's beliefs were; what happened to him could happen to a lot of other people. The end does not justify the means. There's a systemic problem here that's greater than this one guy.

Second, it looks at first glance like he was taken out by Catholic hard-liners (the Pillar doesn't give me a lot of warm-n-fuzzies, certainly), which doesn't quite square with him being a right-winger himself. Unless they decided to make an example of him pour encourager. That seems like a bit of a convoluted play, but I don't know that much about the internecine politics of the Catholic Church. Maybe that's consistent with how the game is played.

Third, does the fact that he read out the statement concerning Communion mean that he was actually in agreement with it? Or was he just doing that in his role and official duties as Associate General Secretary of the USCCB? I'm not sure that's clear. The only quote I can find attributable to him is literally a reading of the vote tally: “The action passed with the vote of 168 in favor, 55 opposed, 6 abstentions”. Not exactly a strong statement of opinion.
posted by Kadin2048 at 8:10 AM on July 22, 2021 [5 favorites]


"Apparently they received this data from 'a person concerned with reforming the Catholic clergy.' Do I think that this is a cool guy who wants women to be priests? Somehow I do not."

The possibility of rightist reformers does not seem to have occurred to you, which indicates that you have only a superficial familiarity with contemporary American Catholicism.
posted by kevinbelt at 9:41 AM on July 22, 2021


maybe it was Mel Gibson ...

For Gibson is a passionate member of the Catholic Traditionalist movement, a minority (but growing) Catholic sect that rejects the reforms of the Second Vatican Council in 1964-65 - in particular the abolition of the Latin Mass.

[...]

The Catholic Traditionalist movement is not a monolithic body, organisationally or doctrinally. Nor is it that big: of America’s 63 million Catholics, estimates of the number of Traditionalists vary between a low of 50,000 and a high of 100,000. They worship in some 600 chapels across the States, many of which are independent congregations. Traditionalists also refrain from eating meat on Fridays and women wear hats in church. Leaving aside the X-Files lunatic fringe, most Traditionalists are just ultra-orthodox Catholics. They vary between those who see the Vatican reforms as the work of foolish liberals who will eventually see the error of their ways, and a more conservative wing which sees the Vatican as genuine heretics.

posted by philip-random at 10:10 AM on July 22, 2021 [1 favorite]


kevinbelt, I believe you misunderstood Countess Elena. I believe their point was specifically that this was a right wing, not left wing, reformer, and therefore they have a hard time being happy about the aparrent hypocrisy being exposed. That mixed emotion is illustrated by the Mr. Burns meme.
posted by ecreeves at 10:42 AM on July 22, 2021 [3 favorites]


I’m skeptical.

I also question whether the data-privacy angle of this story is particularly relevant. Everything alleged in the story happened in broad daylight – Burrill used a dating app that was open to the public, and went to a public bathhouse.

My best guess? Somebody recognized him on Grindr or at the bathhouse.

As it turns out, that person also [shockingly!] had an axe to grind with the Catholic Church. Later on, they worked with the only newspaper who would even touch the story, hired a shady Private Investigator, and purchased (or manufactured) the corroborating evidence from a data-broker.

Nobody’s going to be able to construct this kind of narrative by sifting through mountains of low-quality, semi-anonymized location data, nor is any data broker going to turn over their entire set of data for a fishing-expedition – it would fatally undermine the broker’s own business-model. The only way The Pillar got this data (if it’s real) is because they already knew exactly what they were looking for.

They could have just as easily followed the guy around town for a few days with a camera.

There’s a legitimate reason to be concerned about the ease with which “anonymous” data can be “de-anonymized.” However, in this case, I think The Pillar already knew exactly what they were looking for, because they already had the goods. It’s the only way that this story makes a lick of sense.

My only remaining question is why The Pillar felt it was necessary to engage in parallel construction to tell this story. Were they trying to drive clicks by incorporating a hot-button issue into their story? Were they trying to conceal the methods that their source used to out Burrill?
posted by schmod at 10:58 AM on July 22, 2021 [3 favorites]


wasn't this the very same guy who organized the last American Bishops' meeting - and who READ OUT THEIR STATEMENT proposing to deny communion to pro-choice politicians?

Yes, it was.
posted by scruss at 11:27 AM on July 22, 2021 [1 favorite]


schmod, you may be right, if there are some simple answers to your final questions.

In any case, the data privacy issues allowed access to way more information than a PI might have gleaned from following this guy around for a bit, so I'm not sure that version of events diminishes the relevance of the data privacy angle.
posted by ecreeves at 11:37 AM on July 22, 2021 [2 favorites]


Leaving aside the X-Files lunatic fringe, most Traditionalists are just ultra-orthodox Catholics.
philip-random, your link is to a 2004 editorial at The Scotsman primarily concerned then-recent film The Passion of the Christ and its director, Mel Gibson. The Scotsman noted that Gibson's Traditionalist church, Holy Family, was a single-location, 70-member congregation, while "estimates of the number of Traditionalists vary between a low of 50,000 and a high of 100,000" and "The biggest of all the splinter Traditionalist groups is the Society of St Pius X."

The Society of St. Pius X, which has chapels and schools across the United States, remains a font of anti-Semitic propaganda. The powerhouse organization of the radical traditionalist Catholic world is a sprawling international order called the Society of St. Pius X (SSPX), founded by the late French archbishop, Marcel-François Lefebvre, in 1970. Although there have been recent attempts by the Vatican to pull SSPX back into the Catholic mainstream, the organization, all of whose priests were excommunicated in the late 1980s, has continued to publish anti-Semitic materials, flirt with Holocaust denial and reject any reconciliation with the Catholic Church. (Southern Poverty Law Center, 2015)

Moreover, there are other anti-semitic, Latin-Mass-loving groups identified by the SPLC: “Radical traditionalist” Catholics, who may make up the largest single group of serious antisemites in America [...] are not the same as Catholics who call themselves “traditionalists” — people who prefer the old Latin Mass to the mass now typically said in vernacular languages — although the radicals, as well, like their liturgy in Latin. They also embrace extremely conservative social ideals with respect to women. (Southern Poverty Law Center, 2020)
posted by Iris Gambol at 12:32 PM on July 22, 2021 [4 favorites]


To be absolutely clear, what's happening to Burrill is lousy in itself, and I do not mean to diminish that. It's also part of the Catholic church's ongoing struggle with the "Traditionalist" splinter, with the "Latin Mass" red herring providing cover for hate groups large and small.

J.D. Flynn was the editor-in-chief of Catholic News Agency beginning Aug. 2017 through Dec. 2020, when he left abruptly -- as did Ed Condon, the Washington bureau chief. Together, they founded and now edit (w/Flynn as EiC) "The Pillar" (archive link to pub's "About" page: "Most reported news stories at The Pillar are written jointly by Flynn and Condon"), the outfit that outed Burrill. Flynn, a trained canon lawyer, has had other gigs: chancellor of the Archdiocese of Denver, director of communications for the Diocese of Lincoln, and special assistant to Bishop James Conley (whom he followed from Colorado to Nebraska).

Parishes in Denver and in Lincoln (long list) offer traditional Latin Mass. ("Concerning the use of head coverings for women, because the Church’s law no longer requires this, it is not mandatory at St. Francis. However, it is encouraged as being in keeping with the Church’s traditional practice (1 Cor 11:2-16). There are veils provided for visitors who desire to use them, and a woman might even feel more comfortable with a veil, as many of the other women would be wearing them." Lincoln still bans altar girls, too.)

Previously, the 2012 Vatican ultimatum: The Vatican on Friday told an ultra-traditionalist Roman Catholic splinter group they must accept non-negotiable doctrinal principles within a month or risk a painful break with Rome that would have “incalculable” consequences. The ultimatum was issued after a two-hour meeting between Swiss-born Bishop Bernard Fellay, leader of the dissident Society of Saint Pius X (SSPX) and U.S. Cardinal William Levada, head of the Vatican’s doctrinal department. (Reuters, March 16, 2012)

2017 accusation of heresy: Several dozen tradition-minded Roman Catholic theologians, priests and academics have formally accused Pope Francis of spreading heresy with his 2016 opening to divorced and civilly remarried Catholics. In a 25-page letter delivered to Francis last month and provided Saturday (Sept. 23) to The Associated Press, the 62 signatories issued a “filial correction” to the pope — a measure they said hadn’t been employed since the 14th century. [...] None of the signatories of the new letter is a cardinal, and the highest-ranking churchman listed is actually someone whose organization has no legal standing in the Catholic Church: Bishop Bernard Fellay, superior of the breakaway Society of St. Pius X. Several other signatories are well-known admirers of the old Latin Mass, which Fellay’s followers celebrate. (ReligionNews.com, Sept. 24, 2017)
posted by Iris Gambol at 12:57 PM on July 22, 2021 [5 favorites]


As noted by Fukiyama above, the day before the Pillar story was published, Catholic News Agency [CNA] ran "Concerns raised about using surveillance technology to track clergy:" The issue was first raised in 2018, when a person concerned with reforming the Catholic clergy approached some Church individuals and organizations, including Catholic News Agency. This party claimed to have access to technology capable of identifying clergy and others who download popular “hook-up” apps, such as Grindr and Tinder, and to pinpoint their locations using the internet addresses of their computers or mobile devices.

The proposal was to provide this information privately to Church officials in the hopes that they would discipline or remove those found to be using these technologies to violate their clerical vows and possibly bring scandal to the Church. CNA and others at the time declined this party’s offer
[...] CNA also spoke with some Catholics who were originally approached in 2018. Like CNA, they were offered specific names of high-profile Catholic personalities as “proof” that the data had been gathered and could prove scandalous.

Over on Twitter, Dawn Eden Goldstein observed that when CNA was approached with this information, in 2018, "The Pillar's editors were CNA's US and DC editors," and that "The Pillar is an anonymously funded media outlet engaging in expensive data mining that enables editors to choose whom to target & whom to ignore."

The sale, to multiple parties, of Grindr's 'anonymized data' list of user-tracking codes (alongside location data associated with each tracking code) was the first step. Per Goldstein [Thread reader link]: All you need is a second data set--one that contains names and addresses. If the tracking ID and location data of a phone tells you the phone's being used at night at 555 Main Street, then a data set that shows who lives at 555 Main Street will tell you whose phone it is. So it's clear that The Pillar's editors, or their informer, used two data sets to identify Burrill as an alleged Grindr user:

-- Via Grindr, they had a set of user-tracking IDs and location information.
-- And from another source, they had a set of home addresses of clergy.


Now, it's possible that The Pillar didn't use a large data set of clergy. The editors might only have acquired Burrill's home addresses and lined them up with the Grindr data. But that's manifestly unlikely. Evidence points to their having a large set of clergy addresses. I believe CNA when it says an individual offered it the data-mining technology to connect the Grindr data with a large data set of clergy. That individual offered examples that would "expose" priests. [...] Now that we see how The Pillar aligned two data sets to link Burrill's phone to Grindr, we come to question (2): From whom might the site have obtained a large data set on clergy? I don't know, as Pillar hasn't disclosed that. But I can think of 3 reasonable possibilities.

Her three, with interesting supporting evidence: Steve Bannon (in 2018, Bannon & CatholicVote used cell-phone location data to target church-going Iowan Catholics with get-out-the-vote ads), Sean Fieler ("multimillionaire hedge-fund manager and major GOP power player" & "a veteran funder of data-harvesting ops that target Catholics") and Frank J. Hanna III (known for "ownership of the Official Catholic Directory" & "a major donor to CNA & a board member of parent company EWTN. He was funding CNA when The Pillar's editors worked there").
posted by Iris Gambol at 6:55 PM on July 23, 2021 [3 favorites]


Grindr has an official response: In Response To A Small Blog’s Homophobic Witch Hunt To Out A Gay Priest. There's also an interview with the Grindr CEO in this LGBTQ Nation article. It's quite detailed and thoughtful, not just defense PR crap. The summary is there are some avenues that are plausible, but none are the result of deals Grindr has cut and none seem precise enough to fully out someone without other information.
What’s clear, says Bonforte, is that The Pillar had its sights set on Burill from the start. “You have to know the answer to the question to know what to look for,” he says. “Tracking an individual device is really hard.”
posted by Nelson at 9:01 AM on July 31, 2021 [2 favorites]


« Older stories that feature law enforcement as the sole...   |   Phwoart! Newer »


This thread has been archived and is closed to new comments