Mainstream advertising networks are potentially providing sensitive data on Americans to hundreds of "obscure" companies in Russia, China, and the United Arab Emirates.
The data can include location and search browsing information, according to one report. It rehashes once again the potential privacy issues of real-time bidding (RTB), where participants in the online ad business can obtain bidstream data on individuals such as their GPS location, device identifiers, and browsing history.
Letters from ad-technology companies to U.S. Senator Ron Wyden of Oregon shows the potential national security risk of companies across the world gaining access to that data.
“Few Americans realize that some auction participants are siphoning off and storing 'bidstream' data to compile exhaustive dossiers about them,” he wrote in a press release last April. “In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments.”
Wyden sent letters to various ad tech companies such as Google, Verizon, Magnite, Pubmatic, Index Exchange, and OpenX, asking them to name the foreign headquarters or majority owned firms to which they have provided bidstream data in the past three years, reports Motherboard.
Magnite provided Wyden with a list of more than 150 companies, but did not identifying countries they are from, but his staff did. They include Adtiming and Mobvista International in China, League of Ads in Hong Kong, Yandex Europe AG, part of Russian-language search engine Yandex, and Adfalcon in the United Arab Emirates.
Twitter, which owns ad company MoPub, pointed to its public list of partners that include Mobvista and Pangle in China, and WapStart, Yandex, and Hybrid.ai in Russia.
Google, AT&T, PubMatic, and Verizon did not provide the names of foreign firms or countries to which they send data.
Motherboard also asked that question in April. None of the companies replied.