This morning, a few publications ran with a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. It’s an interesting finding about how partisan the country is becoming, and admirably, the study’s authors tried to get data that would be more accurate than self-reporting through surveys. To do this, they tapped a company called SafeGraph that provided them with 17 trillion location markers for 10 million smartphones.

The data wasn’t just staggering in sheer quantity. It also appears to be extremely granular. Researchers “used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.,” wrote The Washington Post.

The researchers also looked at where people were between 1 p.m. and 5 p.m. on Thanksgiving Day in order to see if they spent that time at home or traveled, presumably to be with friends or family. “Even better, the cellphone data shows you exactly when those travelers arrived at a Thanksgiving location and when they left,” the Post story says.

To be clear: This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google’s database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are “fully anonymized” and “contain no personally-identifying information.” In multiple press releases from SafeGraph’s partners, the company’s location data is referred to as “anonymized,” but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data.

Most people probably don’t realize that their Thanksgiving habits could end up being scrutinized by strangers.

It’s unclear if users realize that their data is being used this way, but all signs point to no. (SafeGraph and the researchers did not immediately respond to questions.) SafeGraph gets location data from “from numerous smartphone apps,” according to the researchers. According to SafeGraph’s privacy policy: “We obtain information from trusted third-party data partners such as mobile application developers, through APIs and other delivery methods. The data collection and use is governed by the privacy policy and legal terms of the data collector and the website using the data; it is not governed by SafeGraph.” In other words, SafeGraph is partnering with apps — they could be weather apps, games, wallpapers, anything — and leaving the disclosure up to the app maker. The app makers may have some tiny print that says “we reserve the right to share your location data with third parties,” or they may not have a disclosure at all — it’s not SafeGraph’s problem. “The information we collect includes data regarding a device’s precise geographic location, as well as other mobile identifiers such as Apple IDFAs and Google Android IDs, and other information about users and their devices,” (emphasis ours) the privacy policy continues.

We talked about SafeGraph on our daily podcast, The Outline World Dispatch. Subscribe on Apple Podcasts or wherever you listen.

SafeGraph bills itself as a company collecting high quality data that can be used by companies that specialize in artificial intelligence and machine learning. It raised $16 million from investors including IDG Ventures and more than 100 individual investors including Peter Thiel earlier this year. It does not go into much detail about its data sources on its website except to say its data is “high precision/low false positive,” and “Data collected in background from large population.” If you aren’t creeped out enough yet, consider this line in the privacy policy, just for fun: “Likewise, in the event of any potential merger or acquisition, any Data we hold (including information collected on our website) will likely be transferred to the successor entity, and shared with others in preparation or anticipation of such an event (e.g., during due diligence).”

The company has written about the importance of data privacy, albeit with an eye toward legal compliance, but its attitude toward data collection is understandably greedy. In a blog post about an industrywide location collecting software kit called OpenLocate, SafeGraph wrote, “OpenLocate is founded on the belief that developers should have complete control over how location data is collected on their users,” emphasis mine. Developers should have complete control? What about the users?

A user can opt out of this kind of tracking by turning off location services or opting out of ad services on an Android or Apple device. But most people probably don’t realize that their Thanksgiving habits could end up being scrutinized by strangers because they downloaded a weather app. It’s a sign of the times that two university researchers could get their hands on 17 trillion location markers for 10 million people, as data collection is ubiquitous and regulatory oversight is meek. Is your data in this study? It would be very difficult to find out.

If SafeGraph had stuck to selling its product to its B2B clients, we might have stayed blissfully unaware, but now we know. At least we got some insight into how Democrats and Republicans are spending their Thanksgivings.