Think your phone isn’t tracking you and sharing your every digital move? Think again. It definitely is. That’s according to research shared by the New York Times based on their investigation of leaked data.

The investigation was coordinated by the New York Times Privacy Project and used a leak from a location data company, one of many unknown businesses from an under-reported industry dedicated to using electronic data to track every single one of us everywhere we go.

This data included over 50 billion data points from a period of a few months in 2016 to 2017, gathered from everything from weather or local news apps to coupon saving sites. Each one of these points represented data from one of 12 million Americans’ phones. And this wasn’t mere harmless metadata, of interest only to algorithms and advertisers. No, this was data so specific that it allowed the investigating team from the New York Times to identify and then to track individuals, including celebrities, government officials, other investigative journalists, and one poor engineer who worked for a competitor.

Both collecting and selling this data is currently perfectly legal in the US, as part of the lucrative ‘location data’ industry. The recipients of the data, the companies claim, are heavily vetted, although in whose hands that vetting process rests is perhaps worth questioning. The companies also claim that the data is secure (which this leak would seem to dispute…), that the data is anonymous (although investigation can easily lead to jigsaw identification) and that it is collected with users consent (but do users know what they’re consenting to?).

There are also no guarantees on whether individual data analysts working for these companies are preventing from abusing their access to all this valuable data, for tracking an ex-partner, for instance. As with the vetting of partner companies to share data with, none of this is subject to the kid of scrutiny or oversight or other, and less intrusive, industries. Even then, US legal sanctions for data breaches are weak by international standards. Whether this is a loophole, an oversight or a deliberate ploy by a government in the pocket of this new lucrative industry is hard to say, and perhaps a matter of perspective.

But there is no doubt that, for a data analyst, identifying individuals from supposedly anonymized geolocation data is relative child’s play. A regular journey from a domestic address to an office, factory, commercial unit, or the like could easily be seen as a commute. Repeat that from the same phone five times a week, and you have an individual’s workplace and home address. Electoral roll data could give you a name, and then all the other geolocation data from that phone gives you there every single movement and whereabouts – 24/7 and 365.

The New York Times team used the data leak to do just that, identifying key military personnel, law enforcement officials and high powered lawyers, all the kinds of people who terrorists, foreign governments or criminal cartels might want to target, and following their every move, learning their buying habits, their commute, where their children went to school, all from nothing more than location data.

Critics of this industry say that they have created history’s most sophisticated surveillance system, and done so accidentally, without any certain idea of what to do with it (aside from haphazard attempts at monetization). But if we wanted to look at how a creepy authoritarian regime might look to employ such data, we need look no further than China’s social media influenced ‘good citizen’ Social Credit system, which awards points to individuals who behave in a way the government deems positive, points that incur social privilege and access to social resources (or, conversely, lock non-conformist individuals out of access to basic social and materials needs).

Even in a democracy, who this data belongs to, and who has access to it, matters (and even democracies are not always to be trusted). Imagine the national security implications of enemy regimes or terrorists gaining leaked or purchased access to a constant record of the movements of key members of government (or authoritarian regimes their domestic or emigré critics).

So props to the New York Times for exposing this terrifying prospect, but we’re not sure we can forgive for the nights of lost sleep contemplating just what to do about it.

Sign up for our newsletter to get the best of The Sized delivered to your inbox daily.