[Drip33]

I have access to some marketing data and for fun,

select * from mobile_location where latitude between 38.88778433380732 and 38.891917997746894 and longitude between -77.01269830654866 and -77.00613225870377 and epoch_timestamp between 1609954200 and 1610067600

Returned quite a number of mobile devices accurate to the meter. Was fun to see which phone was in which room or blade of grass of the building. I'm not even American.

[iamacyborg]

Yeah, that raises a whole bunch of other ethical questions though, like why you’re able to do this, what access to PII you have and why you’re able to run queries like this on a Saturday.

I hope your employers keeps track of stuff like this.

[avdlinde]

My guess is that this being possible would be the norm, rather than the exception. And that keeping track of individual queries is not.

[iamacyborg]

Well, that sounds worrying.

[_trampeltier]

What do you think, most such data comes from Apps, they just ask for permission and give you no rights at all. Location data is a such business, for traffic or business. Look at this example from Thasos. The look many hours and shifts are in companys and sell the data to traders. http://thasosgroup.com/blog/thasos-data-tesla-wsj/

[iamacyborg]

Just because something is being done does not mean it’s ethical. Fortunately, this is illegal in Europe.

[_trampeltier]

I did not say, I think it's a good thing or it's ethical. It's just the truth. But we all accept it somehow, so Google or wherever can make us good traffic warnings. Here in Switzerland the location data is also sold by the telco companys, you have to opt out by yourself (at least by Swisscom).

[tyfon]

Might be illegal in Europe but it still happens [1].

[1] https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i...

[Raed667]

Does your company log every select query you do on your prod db? If yes, does it automatically raise alerts when PII is accessed?

I'm genuinely asking, I have never seen such a setup.

[MertsA]

As someone who works for a tech giant I'd like to provide some input here.

1. Absolutely yes for ad hoc queries and there's a wealth of logging and privacy features built into all of our tools.

2. Absolutely yes and those queries are audited. For any query that matches some heuristics it'll warn us with a big scary message to make sure the query is legitimate work.

For the query linked above about checking who was around a location at a given time I'd probably be fired before the query completed. It's a pretty comfortable job but they don't mess around with user data, it's zero tolerance if it's abused and even if there was never a warning message your ass is still out the door when they catch you.

For all the flak tech giants get around PII I think it's horrifying that smaller players can still get hordes of sensitive data and yet have basically no safeguards to prevent misuse like querying whatever some internal engineer wants to look at.

[iamacyborg]

This is how it should be.

[iamacyborg]

It does not. Maybe it should though. I know a company I worked at logged everything that was done or accessed within our Salesforce instance, maybe something needs to be done like that rather than allowing folks to run arbitrary sql queries against the database.

[throwaway3699]

This is standard practice at large companies with proper data controls. Usually they have a "break glass" feature for emergencies and don't let any humans access PII without a damn good reason.

[mschuster91]

99% of "marketing" companies are shady fly-by-night ops, are you expecting any standard procedures from there?

[Sebb767]

> to some marketing data

I guess this part answers the questions of "why", "what" and "does the employer care". Well, at least these people now know what they did "not" have to hide the whole time.

[joncp]

It’s precise to the meter but is it really accurate to the meter?

[person_of_color]

You should be fired.

[Drip33]

What if I own the company and it's an acceptable Terms of Service use? What if I'm unemployed? Should I still be fired?

[lawnchair_larry]

Interesting. Who sells marketing data like this?