Data Privacy: "To Catch a Priest": How Ad Tech Data Was Used To Oust a Senior Catholic Cleric

[Luke]

Interesting story, it can be done with anyone. Would bet somebody's gonna option this for TV or a movie. Did not cross check all the claims but sounds plausible.

Twitter thread about it:

To catch a priest
How ad tech data was used to oust a senior Catholic cleric, and how most anyone can do the same
Antonio García Martínez Aug 2

How often have I said to you that when you have eliminated the impossible, whatever remains, however improbable, must be the truth?
-Arthur Conan Doyle, The Sign of the Four

Let’s get the facts of the case out of the way first:

Per a post that originally appeared at The Pillar, a shadowy figure used mobile app data from 2018 through 2020 to show that Monsignor Jeffrey Burrill, the general secretary of the United States Conference of Catholic Bishops, was a regular user of dating app Grindr and frequenter of alleged gay bars.1 Msgr. Burrill subsequently resigned his position as general secretary, and the original Pillar piece has been (re)reported in that usual dogpiled media fast-follow, but without much in the way of technical specifics.

Grindr claimed in a statement that they were not the source of the data, and that such a data breach would be “infeasible from a technical standpoint and incredibly unlikely to occur.” I agree it’s unlikely that the data leaked directly from the app or Msgr. Burrill’s device, but it’s not quite true that data that Grindr generated could not have been used to reconstruct Burrill’s past behavior. I’m going to engage in some informed speculation below on how some lone crusader, armed with data and some hacking skills, could have zeroed in on one man’s behavior over years of time with commercially-available information.

By way of self-introduction: I’ve spent 13 years turning data into money via digital advertising. I built a real-time exchange (like the one involved here) for Facebook, and I’ve even built the bidding machine for the exact ads exchange in question while employed at a large ads buyer. I’ve also worked at Branch Metrics, one of the world’s biggest mobile attribution data companies and warehouses of third-party user data. Which is a long and self-glorifying way of saying, I know this world very well, so I’m telling you how an ad tech insider (or just someone with technical skills and a willingness to read dev docs) could hunt down someone using advertising data. It’s hard, but not impossible. It’ll almost certainly happen again.

The challenge has three steps:

Getting the data

Finding the target

Constructing a behavioral profile based on geographic data

The rest of the story is at: https://www.thepullrequest.com/p/to-catch-a-priest

[Suranis]

Honestly, my first reaction was - This is bloody scary. And that they were clever by doing this first with a Catholic Priest, as if they had done it with anyone else people would be outraged. But with a Catholic priest, people are so primed to point and attack at this point that they never considered the implications. They just pointed and laughed like idiots. And when it's inevitably done to them they will flop around like idiots, and will suddenly realize they had normalized this by not protesting this at the beginning, and in fact cheered it on.

It does strike me that while people have been caught using dating sites before, This is actually using something outside the dating app data to nail someone, which makes even the nominal privacy features of the dating site completely useless. And it could be done though any site that uses adverts.

[Uninformed]

If any person uses the internet as a tool to carry out activities that they wish to keep confidential they are taking the risk of exposure, the only “safeguard” being the the possible complexity of acquiring the information does not merit the effort of doing so.

[RTH10260]

Honestly, my first reaction was - This is bloody scary. And that they were clever by doing this first with a Catholic Priest, as if they had done it with anyone else people would be outraged. But with a Catholic priest, people are so primed to point and attack at this point that they never considered the implications. They just pointed and laughed like idiots. And when it's inevitably done to them they will flop around like idiots, and will suddenly realize they had normalized this by not protesting this at the beginning, and in fact cheered it on.

It does strike me that while people have been caught using dating sites before, This is actually using something outside the dating app data to nail someone, which makes even the nominal privacy features of the dating site completely useless. And it could be done though any site that uses adverts.

I guess there is a background story as to why this priest was singled out, some encounter that turned sour. From the reading of this material I assume that the "hacker" was very resourceful and had some $$$ available. It was pointed out that the story centers on the Grindr site. So my guess is that the "hacker" did buy some ad time at one or several agencies. The ads could be defined in a way that limit the number of other website visitors get to see it also. The ad information returned by the agencies may not be as anonymized as one thinks. The detailed classifications can point to the direction one searches for. If a "hacker" knows the time of interaction of his target at some website he can over time deduct details from the ad views. It is also known that when registering a search profile at a search engine the returned webpages can reveal details not generally intended for general viewing.

Hidden Content

This board requires you to be registered and logged-in to view hidden content.