:

WEBLOC SYSTEM TRACKS 500M DEVICES VIA AD DATA

AI DESK2 MIN READ
SUN, APR 12, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Researchers at The Citizen Lab have uncovered Webloc, a geo surveillance system that provides real-time access to location records from up to 500 million mobile devices. The system exploits location data collected through mobile apps and digital advertising networks.

What is Webloc? Webloc operates as an ad-based surveillance infrastructure that aggregates location data from mobile devices at scale. The system provides subscribers with constantly updated streams of geolocation records, enabling tracking of device movements across vast populations. How it works The system collects location information primarily through two channels: mobile applications and digital advertising ecosystems. Apps and ad networks routinely gather precise location data from users' devices, often with limited transparency about how that information will be used or shared. Scale and implications With potential access to 500 million devices, Webloc represents one of the largest documented location surveillance operations. Location data of this granularity can reveal detailed patterns about individuals' lives—where they work, worship, seek medical treatment, spend leisure time, and associate with others. Privacy concerns The investigation raises significant questions about data broker practices and the lack of oversight in location data markets. Users typically provide location permissions for specific app functions, unaware their data feeds into broader surveillance infrastructure. Location tracking at this scale enables various harms: discriminatory targeting, stalking, political profiling, and law enforcement abuse. The system's integration with advertising networks suggests commercial motivations drive its operation. Context The discovery adds to growing evidence that location data markets operate with minimal regulation. Previous research has documented how data brokers and ad networks monetize location information, often derived from users who have little awareness their data is being aggregated and resold. The Citizen Lab's findings underscore the tension between mobile app functionality and privacy. Even as regulators worldwide consider stricter data protection measures, surveillance capabilities continue expanding through opaque supply chains.

■ SOURCES

Techmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.