This investigative story begins in Berlin and will take us around the world. It starts with two journalists who can barely believe what they've got in their hands on. You felt like you were working for a spy agency. You had the most intimate insights into people's lives. The location data of unsuspecting cell phone users. We've all seen films about secret agents where someone gets a GPS tracker shoved in their pocket. But the shocking reality is that we all have such a tracking device in our pockets, our smartphones.

Whoever has this data can construct millions of movement behavior profiles from dissidents. I have no place to go cuz they can find me in any place. [clears throat] To top-ranking officials and agents. This is potentially a new form of asymmetric warfare. All the way to Ukrainian soldiers at the front. Yes, yes. That was our evacuation point here in the field. This is about everyone who uses a smartphone. It's about the exact movement profiles created by the data harvested from our devices via popular apps people use to check the weather, shop, or play games.

It was really hard. There was an especially awful moment when I was truly scared that we'd be completely encircled and not be able to get out anymore. It wasn't that I was afraid of dying. It was the prospect of being taken prisoner. Without fear, you stood no chance there. If you started to grow accustomed to what happened there, that's when things got really dangerous. While in the midst of fighting house to house, I learned what war really means. You feel like a hunted animal. For days, I lived on a heap of garbage down in a cellar.

It was the only safe place. Dmytro and his comrades have experienced the horrors of war in Kherson, in Soledar, in foxholes in eastern Ukraine. At the front, their smartphones were the only connection to their normal lives and their families back home. Sure. It lets you stay in contact with your loved ones. War is always a competition of wills and in this respect, what you need above all is to strengthen the morale of the soldiers, their willingness to fight. And I must say, cell phones are possibly one of the most important elements in the war in Ukraine to strengthen the troops' morale, to help them retain a connection with home, with their families, with their former civilian lives. So, it would be very tough to do away with mobiles entirely.

But how dangerous are they? What happens when the location data of soldiers like Dmytro can be easily bought on the internet? In late 2023, journalists Ingo Dachwitz and Sebastian Meineck received a huge data set. It was a free sample from a broker in Florida. It's hard to comprehend the magnitude. His computer crashed when he first tried to open the data set. That's how large it was. Each line in this table contains a location with its latitude and longitude. We have 3.6 billion locations. So, you could zoom into almost any corner of the country and find phone location data there. After converting the data into a map,

the scale of the tracking became clear. And the data was so exact that you could see not just that someone was in the building, but which corner of the room the cell phone was in. This location data came from millions of people who had no clue to the extent they were being tracked via their phones. The journalists received data sets from other brokers, too, with over 10 billion location points. At first glance, the data looks to be anonymous. Instead of names, they contain IDs. We learned very quickly that this data is anything but anonymous. It starts with two locations, the home and workplace.

These two criteria alone identify us. For example, could we uncover the identity behind this ID, 86A5059B? This person spent their nights here, so it's likely their home. These are clearly accumulated location data, like confetti on a map. A phone was traced to that building again and again. During the daytime, this individual spends several hours at a school. These pieces of information alone lead us to her. Emma, alias 86A5059B.

Emma is 18. Until recently, she rode the bus to school every morning. What she didn't know, all of her movements were being tracked. This here is the direct route to school that my bus used to travel. Now, it's It's unreal that you can retrace it so precisely. The data show Emma's route to school, her whole daily routine. When she was at the supermarket. Yeah, but from there Yes, we drive there regularly to go shopping, usually at Lidl. As you can see. And where she met up with friends.

Ah, this is Oh, that's the McDonald's. I was there a couple of times. You can see that from the parking lot, too. It's pretty unreal how many points there are and how many moments data was actually taken. And that they have all of that just from me, an ordinary person. Emma has lots of apps on her smartphone and many of them collect location data. During installation, anyone who agrees to the use of location data can wind up in the data sets of brokers like the one from Florida, like Emma has. We can trace the exact route Emma takes when she goes for a walk with her dog. I usually take the same route because it's relatively close. Then I'm right on a country lane. At the start, there are a couple of houses, but if you keep going, there are

only fields and trees. So, when I go for a walk, especially in the evenings, if some man had this data and decided to stalk me, that would be scary. You never know how far things will go. It was clear from the start that what we have here is not just a data privacy issue, it's also a serious security issue. This data can be misused in a variety of ways. What does that mean for people who believe their lives are threatened? Everywhere Basma Mostafa goes, she never feels safe, even though she lives in exile in Berlin.

Still in Berlin, after I'm escaping from Egypt, I left my life behind me in Egypt. Basma Mostafa is an Egyptian journalist who was arrested numerous times in her homeland. She says she was also tortured there. But even in Berlin, she says she is followed, harassed, and threatened by Egyptian agents. They come to me alone, directly, without covering, and to let me know that the high men in the Egyptian embassy know about you everything. She photographs the men who follow her, like this man here. She recalls one especially brazen incident which happened here at the Brandenburg Gate.

I stopped and took a look beside, so I find a man. I felt like I saw him before. And I start to walk like this in a circle. And then I look to him. I find him walking in a circle like me. But it doesn't stop with simply watching or tailing her. Basma Mostafa tells how she was beaten at a demonstration against the state visit of Egyptian President Abdel Fattah al-Sisi. She reported the incident to the police. Berlin's office of criminal investigation later recommended she change her place of residence. And maybe they will beat me on the street again or kidnap me from here. It's intense, but you know, I used to So

And I'm still wondering really how they know about my location, about the street, about where I am. In Egypt, Basma Mostafa was a reporter who went up against powerful people. She experienced the end of the Mubarak dictatorship, the Muslim Brotherhood's brief rule, and the subsequent takeover by the al-Sisi regime. Mostafa reported critically on the murder of an Italian student in Cairo, on police violence, and Egyptian politics until she was arrested in October 2020. In this time I was pregnant. They took me to a woman prison to think about

yeah, I will stay here for at least 2 years and I will deliver my baby in the jail. There is a knife on your neck. Mostafa and her family managed to flee to Berlin via Lebanon and Kenya. In the German capital, she's trying to build a new life for herself. Yet time and again she wonders, how do Egyptian agents know exactly where to find her? Could her own phone be betraying her? Patterns of movement found in one data set clearly belong to a person living in her building. She's seeing them here for the first time.

The cell phone location data leads from her home to other addresses. Yeah, I think I was in there in this address. This is also the playground we play. I take my kids there. To a hospital. I went to this hospital multi a lot of times. And her Kita, a daycare. We apply for this Kita and we got accepted in the Kita. Yeah, I think all of this um address related to me. How does it feel like? [snorts] Like hacked. Basma Mostafa uses many apps that collect location data to check the weather, shop, or read the news.

Could Egypt's intelligence agency be buying such data sets to tail dissidents like her? The Egyptian embassy in Berlin wouldn't answer this question, but intelligence experts believe it's entirely plausible. Quote unquote second-rate intelligence agencies, ones that normally can't compete with the big players from the US, Russia, Britain, France, or China, increasingly have access to data they likely wouldn't have had just a few years ago. But why is data like this collected at all? Who wants to track the locations of millions of people? Welcome back from the coffee break. As you can see, chairs have been set up for the panel discussion. It's going to be exciting.

It all has to do with movement data. It helps us understand who came into contact with our advertising, and we can use it to see who visited us personally. Basically, the ones that saw the ad and then actually came into the store afterwards. The ad executives at the D Drive Con trade fair see great potential in this location data, as it can tell advertisers who was in which store, when. And then they can target those people accordingly. It's all about creativity. Combine that smartly with data, and you've got the absolute winning formula.

Location data are extremely important, especially for small and medium-sized advertisers. A florist in Munich wouldn't want to place ads for consumers who live in Hamburg or Berlin. Location data make it possible for even small businesses to advertise their wares on bigger platforms. The German Association for the digital economy says only imprecise data is used, not exact locations accurate to the meter. That's not actually used in the ad industry, as advertisers don't just aim to reach one person that lives somewhere. They want to reach groups of people. However, a glimpse at the websites of online ad agencies shows that they openly admit to knowing precisely where millions of people live, work, and spend their free time.

And that anyone who wants to can get their hands on this data quite easily, as it's traded freely online. We didn't acquire the data we received through secret channels or by offering heaps of money for it. Rather, these are sample data sets that we got simply by asking for them after exchanging a couple of emails. It all took place via company called Data Rate that has its headquarters in this Berlin high-rise. Trading location data without users' consent is forbidden in Germany, but acting as an agent for foreign data brokers is permitted. And that's precisely what Data Rate does. It's how the journalists used its platform to contact several data brokers.

I really must say data brokers practically throw these data sets at potential buyers. And there are plenty of potential takers. The advertising industry wants to reach the right customers at the right time. To do that, they require huge amounts of data. GPS location data, for instance. That's collected by smartphone apps. This data shifted the entire model. It was no longer about the publication they were going to be reading or what have you. The promise of this data was that well, you don't have to worry about that. You're going to reach whoever you want to reach, whoever's interested in what you have, at the right moment, in the right place, at the right time.

Ariel Garcia was part of the system which allowed data like this to get into the hands of any intelligence agency, any business, or even any criminal. She worked in the ad industry in New York for over a decade. Today she's an activist endeavoring to expose the industry's misdeeds. So, the thing that I find interesting about the industry is how nose blind it is to the sensitivity of this data. It's very easy to have tunnel vision. Hey, we just want to reach people that might want our product. But are you realizing that the byproduct of that is that there's now this mass trade in very sensitive consumer information that can end up in the hands of governments or people that want to do bad things, right? Um and

simply most people in the industry don't think about that. So, is the misuse of this data by intelligence agencies or criminals a sort of collateral damage? Not anything the advertising industry expressly wants, but something they're willing to accept all the same. At any rate, there's growing evidence that the exposure of people's data has had harmful, even fatal consequences. Take the case of a high-ranking Catholic priest in the United States. Monsignor Jeffrey Burrill was outed as a homosexual against his will after a reporter from Catholic online news magazine The Pillar acquired his cell phone's location data. Included was data

from Grindr, a dating app typically used by gay men. Burrill was forced to resign. And in an even more dramatic case, the Sinaloa Cartel, a powerful and violent drug trafficking syndicate feared throughout Mexico, analyzed the cell phone location data of an FBI agent to discover his local contacts. The cartel then intimidated and in some cases killed those individuals. It's possible that the cartel used a data set similar to the one from the data broker in Florida. It contained data from millions of users, mainly from Germany. Data that can be used to create a profile of a person's movements.

Including one individual that triggered shock waves that reverberated all the way to Washington, D.C. What we're seeing here is quite politically sensitive. A person who appears to work at a location for the German intelligence service in Bad Aibling. At any rate, they go there every morning, And we ascertain that they don't work at just any old place at this station in Bad Aibling, but in a building with a corrugated metal roof called the tin can. This building is well known as it's where the NSA works together with Germany's intelligence service, the BND. And it's precisely this building that the person went to.

Were they an employee of the US National Security Agency or a secret agent? The location data allowed their movements to be traced precisely. There were visits to a gym, a beer garden, and a supermarket, but also trips to US military facilities in Germany. Plus a flight to the Netherlands to visit the US Embassy there. These are all indications that we're clearly on the trail of a high-ranking functionary who certainly doesn't want to be tracked so precisely.

Well, I think there are enormous national security implications here. You know, people get into the habit, they carry their cell phone with them everywhere, and it reveals every step they take. For decades, John Bolton navigated the halls of power in Washington. He was an important adviser to President George W. Bush. To appoint John Bolton to serve as America's ambassador to the United Nations. And congratulations. Today, the former US ambassador to the UN is one of President Trump's harshest critics after having served as National Security Advisor during Trump's first term.

I want to thank Ambassador John Bolton. You are going to do a fantastic job, and I appreciate your time. Thank you. It's an honor to be here. Thank you. The National Security Advisor's influential role in the US government grants them access to state secrets and intelligence. For Bolton, it's not just the tracking of a supposed NSA agent that poses a security risk. Our data set also includes detailed info on thousands of German and US military personnel in Germany, their places of residence, and daily routines.

Often, if criminal groups or intelligence services or terrorist organizations want to assassinate somebody, kidnap them, they build what they call a pattern of life. They look to see what the potential target's habits are. Do they leave their house for work at the same time every day? Do they drive on the same route? Do they take the same escalator? And that helps to give them information to allow to plan a kidnapping or an assassination, and also how to get away quickly. So, this sort of information really can be quite threatening. From the American National Security perspective, we don't want foreign countries spying on our men and women in military, spying on our national

security assets. That's very troubling, and I think it does pose significant national security threats. The revelations from German public broadcaster Bayerischer Rundfunk and digital rights blog Netzpolitik were a hot topic in Washington in 2024. Privacy advocates hoped the US government would take action. But then this happened. Ladies and gentlemen, please welcome President-elect Donald J. Trump. Thank you very much. Wow. Look what happened. Is this crazy? This will truly be the golden age of America. That's what we have to have.

Instead of tightening regulations on data trading, the new Trump administration, with the help of Elon Musk, threw the entire concept of data protection out the window. They're handing over our data and private information to people who should not have access to it. I don't feel the Trump administration is focused on this issue at all. I don't think the Trump administration is focused on protecting the American people, and so I don't feel like they're standing up for this in any way.

I think in America generally, there's less concern about the threats to privacy from personal data breaches than there is in Europe at the moment. I don't see any significant interest, for example, in Congress in the problem or in legislation to fix the problem. That may change, but right now the focus is elsewhere. Many data brokers are based in the US, and it doesn't appear that any real effort is being made to regulate their activities there. What about in Germany? At least it seems there's an attempt to exert stricter controls over certain apps. And that has a lot to do with the data set the two Netzpolitik journalists received from the US broker.

Even they were shocked by the results of their analysis. I myself popped up in this data set. We found data from me, my location data. That means one of the apps on my phone must have revealed my location, and ultimately, it wound up with this data broker. Fairly quickly, we suspected one app that kept turning up again and again during the course of our research, my weather app WetterOnline. It was the only app for which Ingo Dachwitz had activated location data. Though it was just one of tens of thousands of apps in the data set from the Florida-based broker.

Others included the German classified ad Kleinanzeigen, and its French equivalent Leboncoin, flight tracking app Flightradar24, plus countless gaming and dating apps. Yet there were major differences. Some apps only capture very general location data, like the city district. Other locations are so precise they can be attributed to the exact area within a building. Some apps share data with just a few advertising partners, while others exchange them with a myriad of companies worldwide.

WetterOnline stands out. The app now shares user data with more than 800 companies, precisely showing where people live, work, and spend their free time. The oversight of WetterOnline lies with North Rhine-Westphalia's State Commissioner for Data Protection and Freedom of Information, Bettina Gayk. When we learned that location data attributed to WetterOnline was being traded by data brokers, we were naturally alarmed. In the spring of 2025, state authorities decided to take action and turned up at the offices of WetterOnline unannounced.

We sent a team of four people there. The company had claimed that it didn't pass on exact location data. They had informed us that these location were used solely for their own purposes, namely to deliver their weather services. While there, the government investigators gained access to WetterOnline's computer system. They spent hours searching for suspicious data flows and found exactly what they were looking for. In the systems, we actually found a pipeline via which location data were exchanged with Amazon. And we were also told that there's another link to Google services. When asked, Amazon denied sharing sensitive location data with others.

Google didn't respond. And the authorities can't say for sure if pipelines to other companies existed as well. And WetterOnline? The company now claims to collect no location data for advertising purposes, and it says it stopped the flow of data. Still, precise location data from WetterOnline has already made its way into the global data trade, including our data broker in Florida. Yes, this data must come from somewhere if it's being traded. Basically, I see a big problem with data being able to be traded so easily. That location data becomes something to be sold and aren't just used to offer a service.

So, the operators of the apps aren't the only ones who have smartphone users' location data. It's passed on to companies for targeted marketing purposes. And many of these companies are intertwined with other companies, forming a network that creates an entirely new market. Brokers who have nothing to do with the apps or the ad business collect huge amounts of highly sensitive location data, and then sell it to anyone who's willing to buy it. At Dmytro's farm in Konotop, north of Odessa, he and Svyat recall how important their smartphones were to them at the front. Their phones were their sole connection to their loved ones.

I tried to send a message to my mother, my father, and my niece every morning. I can show you the photos. Most of these men are no longer alive. Svyat, Dmytro, and their comrades captured their experiences at the front with their phones and shared them with family and friends back home. Your cell phone is very important because it provides moral support. You can feel the love of those back home, your spouse.

It reminds you of what you're fighting for at the front. But could the phones that act as soldiers' moral support also betray them? In the summer of 2023, I was with my team at a brigade command post in the Zaporizhzhia region and spoke with the entire brigade staff there. I remember the soldiers going in and out of all the discussions. They were all on their cell phones and all forwarding any old messages. Even at the time, I asked myself why these cell phones were being used everywhere so close to the front. And what actually happened is that a few days later, a Russian ballistic missile slammed into the command post there.

Were the Russians able to identify their target with the help of location data coming from Ukrainian cell phones? What can be done to prevent Vladimir Putin's military intelligence from buying data sets that show Ukrainian troops movement profiles? This branch of the ad industry is a complete mess. There's no overview on which companies are getting in on this. That's because they're constantly changing their names or merging with others. And no one can tell me that the data protection authorities have any kind of meaningful access to them. It's a total loss of control. A loss of control on the part of the users who aren't aware that their personal data is being shared.

It's a loss of control on the part of public government authorities. And it's even a loss of control on the part of this industry. Martin Untersinger is an investigative journalist at French newspaper Le Monde. Together with digital rights organization Netzpolitik and Bavarian public broadcaster Bayerischer Rundfunk, he analyzed the location data from French apps in the data set. What we discovered was that the mobile phone advertising ecosystem facilitated the mass collection and exploitation of data.

There's an app in France that shares huge amounts of ad data. The app Le Bon Coin, installed by millions of French people. We also had a lot of gaming apps and one translation app. We had all different kinds of applications. Along with all these companies, Untersinger stumbled upon an unexpected app provider. When we started our investigation into this data set, the first thing we asked ourselves was, does our application, our employer's app, figure in this data? And yes, it did, specifically the Android version of the app. The data set contained around 4,500 advertising IDs. Le Monde doesn't collect precise location data from its users, so it's different than the case of WetterOnline, and the data is less sensitive.

For Martin Untersinger, it was both a disturbing find and a stroke of luck. Because if his own app appeared in the data set, he and his team should be able to find out how the data got there in the first place. Or so he thought. Neither our technical teams, nor our marketing teams, nor our legal team had any idea how this data ended up in that database. We'd like to have gotten to the bottom of it, but that proved impossible. It's annoying, but it's also a perfect illustration of how this industry is impossible to decode or decipher. And the actors are so numerous, so sheltered, and constantly changing. I

have absolutely no idea what could be done about it. I get the impression that the situation is unsolvable. And just how dramatic the consequences of that can be for ordinary people is something US journalist Byron Tau has researched. Well-connected in Washington's political circles, he's written a book about the risks of openly available data. During his research, he discovered one particularly chilling example, the LocateX software offered by company Babel Street. I observed a demo from a company called Atlas Privacy, and they had purchased data from Babel Street. Babel Street gets location information drawn from common apps on cell phones, and Atlas did a pretty eye-opening demonstration of the consequences of

that data being available for sale. Tau recognized right away that this kind of data can pose a real threat to millions of Americans, or more precisely, millions of American women. That's because Babel Street's LocateX software makes it possible to track which cell phone users visit abortion clinics. And we watched a phone drive across the state line from a state where the procedure is completely outlawed. And so that certainly looked like the pattern of somebody, at the very least, seeking out a medical opinion on abortion. Babel Street, whose software is already being used by US authorities for law enforcement purposes, declined to comment. After the US Supreme Court decision overturned Roe v. Wade, which had

prevented abortion bans, many states have now banned the procedure outright. Doctors and pregnant women in many red states now face harsh penalties for terminating pregnancies. Like in Texas. Abortion access care in Texas is terrible. The Republican-led legislature have virtually shut down access for women to have freedom of reproductive care and abortion access in the state. And so women are forced to leave. OB/GYNs are leaving, providers are leaving, clinics are closing. Women are not getting access to critical care that they need. Who's this? Who's that?

Mommy. And who's with Mommy? Henry. Henry, that's right. Today, Henry is 2 years old and alive. He only barely avoided a darker fate. When Lauren Miller was pregnant and went for her first checkup, a surprise turned up on the ultrasound. And she comes in to give the results, and she's like, yes. Um, so you do have this severe form of morning sickness called hyperemesis gravidarum. That's more common when you have multiples. And then she just paused, and my husband and I just our jaws dropped, and she goes, cuz you're having twins. But the couple's joy was short-lived. Just a few weeks later, it became clear only one of the fetuses was viable.

The results said trisomy 18, which we knew was not good. There was fluid where half of his brain should have been was just fluid, and the doctor was so frustrated. Yeah, he finally just took off his gloves, threw them in the trash, and said, this baby's not going to make it to birth. You need to leave the state. Her doctors told her that the only chance to save her healthy baby was to have a selective reduction, to abort Henry's unviable twin. But Lauren Miller lives in Dallas, in the deeply conservative state of Texas.

So she stood no chance of having such a procedure done in her home state. Abortions are illegal here, even in situations like hers. So she decided to travel to Colorado for the abortion. Lauren Miller and her husband told no one of their plans. I remember walking through the airport, going through security, and I just kept my head down the whole time. I wore this very oversized black sweater because it was a second pregnancy, it was a twin pregnancy, so I was already showing. I was already visibly pregnant, and I was trying to hide the bump, kind of suck in my stomach, because I was worried that I was going to get pulled out of security.

It's just this very bizarre situation. We're not trying to go kill somebody or hide a body. We're trying to go save my life and that of our viable twin. Yeah, we were truly debating like do we leave our cell phones at home? As the case with Babel Street shows, in the US, women in her situation have good reason to be mistrustful of their smartphones, especially when like Lauren Miller, they use apps that collect location data. I have a variety of apps on my phone. There's a lot of travel stuff, um, and a lot of shopping.

Location services, 29 while using. So, it's likely her data is available in a data set somewhere. And it's likely that the authorities, as well as radical anti-abortion activists, could track her journey to the abortion clinic in Colorado. Lauren Miller has decided to speak openly about her case, but many women in her situation don't want anyone to learn they've had an abortion. And so, that's where this could be so dangerous. It's such a nebulous concept of somebody's got my data. It just what is that? Who cares? But, if you start understanding what that means and how that can be dangerous for you, especially in the context of laws used to persecute you, then that does become a concern. And that's where that should be regulated.

We shouldn't be able to just track anybody because that's a safety concern. It's horrifying. You know, with such an invasion of personal privacy, especially if state governments and law enforcement choose to spy on their own citizens, when we have this kind of personal data available in such a detailed way, in such an unregulated way, it really exposes people for retribution, for retaliation, for punitive acts, and it's unacceptable in the United States of America. Could it be that US authorities are using this data for other purposes entirely? According to testimony from the FBI director in 2026, the FBI is purchasing data from private brokers.

Location data could also be used to track immigration, illegal or not, in order to conduct mass arrests, as well as deportations. If US authorities refuse to take action against the data brokers, could Europe at least put an end to their business model being employed? The EU Commission could be the decisive regulatory body. It's also in their own interest, as the Commission's own staff are affected. In the data, we see a lot of people who work at EU institutions, who then, for instance, drive to the suburbs of Brussels, or who work at the European Parliament, even on safety and security issues. People who work for the European Commission.

Like one person who looks to have an office in the Berlaymont building, the EU Commission's headquarters in Brussels. The data shows exactly where this EU staffer spends most of their time during the day. In the evening, they take the same route, past restaurants and office towers, to a house in a wealthy suburb of Brussels. The name by the doorbell is of a high-ranking official who works for European Commission President Ursula von der Leyen and is present at important meetings. Even in secret meetings, this person could be a potential target. A target for espionage? In response to our questions, the European Commission wrote that they are concerned about the trade in location data of both EU citizens and Commission employees.

They noted that all companies who are active in the EU must abide by the applicable laws, like the General Data Protection Regulation. This regulation very clearly states that in Europe, precise location data can only be collected for a specific purpose. That means the trade in location data is actually prohibited. So, how can it be that this is still taking place? Market Insider Ariel Garcia knows the tricks the industry employs. has a magical way of doing whatever mental gymnastics are required to not have to change anything about their fundamental practices. Uh, so there is no worry, right? Everyone just started

slapping words like privacy safe or privacy compliant or consented or opted in onto everything. And everyone just kind of persisted doing what they were doing before. This total failure of government regarding data protection endangers us all and must end by enacting sweeping legislation. The simplest and most far-reaching step would be to say that the online advertising ecosystem is so broken that we're banning targeted advertising. No firm should be allowed to collect people's complete movement data and create personality profiles just to place ads. After everything he's seen, Ingo Dachwitz has a very clear opinion on the matter, and it's one that is shared by

an increasing number of experts. Is a ban on personalized advertising the only way? When asked, the European Commission wouldn't comment on the issue, referring instead to the prevailing laws. The trade in this kind of sensitive data endangers the privacy of people worldwide, but can it endanger their very lives, too? It's clear. The Russian army will do anything it can to get us. The data set includes several locations in Ukraine, which lie very close to the front. For example, this one, near a fiercely contested sector of the front. Or here, in an industrial area just

outside Soledar. The same building can be seen here in pictures of the fighting, right at the time Dmytro and his unit were there. What's even worse, this data doesn't just reveal the user's location, but also that they were connected via Starlink, the satellite internet network used primarily by Ukrainian troops. Starlink was used at this point, too. Do these points really correspond to Ukrainian positions? Do the soldiers recognize their former deployment sites at the front?

Right here by this red dot, that was our headquarters. And it was where all the soldiers had to pass through who came in or out of Soledar. Yes, yes, that's the place. We were picked up there quite a few times. It was our evacuation point, here by the field. I can use that to orientate myself. Of course, it's bad. I wish something like this weren't possible. But, all we can do is hope that we're more in control of this technology than the Russians.

It's dangerous. Absolutely. If I were a Russian commander and suspected that a command post was located there, I'd try to knock it off as quickly as I could. Command posts are essentially the brains of the unit and coordinate attacks. And not just at the front. The Russian army could also use such data to suss out command centers, weapons caches, transport routes, and troop rotations. When are troops rotated? That's actually always the point in time when the front line is the most vulnerable. It's been an additional data point to find out when the next rotation is to take place, and then to launch an attack while it's happening.

Location data has become a part of modern warfare. Smartphones are soldiers' connection to their loved ones, yet also endanger their lives and those of their comrades. But, who profits from the trade in such data? And where are these brokers located? They're far away from those dying on the front lines in Ukraine. A team from Bayerischer Rundfunk traveled to a luxurious locale on the west coast of Florida. The man who supplied the data set that launched this investigation lives here, in this house. What does he have to say about the dangers resulting from the sale of such data? He even opens the door himself.

Would he agree to an interview? Hello. We wrote you about an interview on the subject of data trading. Get off my property, now. Not long afterwards, the data broker's lawyer contacted us and denied all the allegations. He said that the data was anonymous and acquired with the user's consent. And that he'd never knowingly passed it on to governments or intelligence agencies. And what does Berlin-based company Data Rate have to say? It was via its platform that the data set from the Florida broker reached Netzpolitik's journalists.

The firm functions as a go-between, bringing buyers and sellers of data together. Data Rate also declined to be interviewed. In a written statement, the firm asserts that it's only a marketplace for data brokers and doesn't offer any data itself. It says it strongly condemns any form of illegal data trading. So, data trading continues to flourish. Numerous data brokers, like the man from Florida, are still active on Data Rate's platform. And Data Rate is just one of many such marketplaces that operate worldwide. It's a very difficult market to regulate and um given how lucrative it is, every user could simply switch off the sharing of location data, though that would mean many apps would no longer function properly.

So, you really don't have a choice. A smartphone's like a boat with hundreds of holes in it with data leaking out all over. For dissidents like Bassma Mostafa, for soldiers like Dmytro Sviat, and potentially for all smartphone users, that means anyone who wants to can spy on you, track where you go and what you do. Is it worth it? The answer is no. The answer is no for people. The answer is no for society. The answer is no for democracy.