“Inside the Industry That Unmasks People at Scale”, 14 July 2021.

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don't mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person's full name, physical address, and other personal identifiable information (PII)..

[...]

"We have one of the largest repositories of current, fresh MAIDS<>PII in the USA," [said] Brad Mack, CEO of data broker BIGDBM...

[...]

A MAID is a unique identifier a phone's operating system gives to its users' individual device... Apps often grab a user's MAID and provide that to a host of third parties.

[...]

This de-anonymization industry uses various terms to describe their product, including "identity resolution" and "identity graph." Other companies claiming to offer a similar service as BIGDBM include FullContact, which says it has 223 billion data points for the U.S., as well as profiles on over 275 million adults in the U.S.

[...]

"This real-world research proves that the current ad tech bid stream, which reveals mobile IDs within them, is a pseudonymous data flow, and therefore not-compliant with GDPR," Edwards told Motherboard in an online chat.

[...]

Apple and Google acknowledged requests for comment but did not provide a statement on whether they have a policy against companies unmasking the real people behind MAIDs.