A few years ago, a particular type of email began showing up in the inbox of Eric Silverberg, whose gay dating app, Scruff, allows members to search for potential matches who are nearby. They were pitches from location-data brokers, telling the CEO he was sitting on a lucrative trove of user information.

"I wanted to reach out because I noticed that Scruff currently has location feature installed into their app and thought it would be beneficial for us to connect," a salesman from one of the brokers, X-Mode, wrote in a September 2018 email, in which he offered to pay Scruff up to $100,000 for its users' location data.

Get daily insights from the Protocol team in your inbox

X-Mode sent five more pitch emails in the five months that followed. And in the past 18 months, at least half a dozen other brokers have reached out with at least 33 separate solicitations.

"It's like (zero calorie) icing on the cake," wrote a salesman from the Canadian mobile data company Tutela Technologies last July, touting the effortless revenue that selling users' location data could yield.

Silverberg wasn't interested. He says he never replied to the emails, copies of which Protocol reviewed.

"Our community is very sensitive to this topic of data sharing," Silverberg said. "There are countries around the world that criminalize same-sex acts."

The dilemma he faced has been brought into sharp relief by the coronavirus pandemic, which has shined a bright light on the power of location data culled from cell phones, a process consumers enable when they use apps and which allows those apps to deliver targeted services and ads. Israel, China, Singapore and South Korea are using location data to track those sick with COVID-19. In Europe, mobile carriers are sharing data with health authorities in Italy, Germany and Austria to help fight the virus.

So, too, in the U.S., both private companies and the government are exploring how to tap into the movement of cell phones to track and study the spread. Google put its vast repository of location data on display last week when it released Community Mobility Reports, showing adherence to COVID-19 movement advisories and restrictions in 131 countries, and in every county in America.

At the same time, federal officials, police investigators and immigration agents are quietly ramping up use of individuals' location data to enforce laws and detect threats, sometimes with warrants and sometimes not. Protocol reported last month that a Virginia company, Babel Street, sold access to vast caches of data to Immigration and Customs Enforcement, Customs and Border Protection and the Secret Service — and perhaps others.

What this means is that, in some respects, app developers like Silverberg are on the front lines of advances in technology that could revolutionize crime-fighting, disease-tracking and other fields, though with huge implications for personal privacy. The same location data that allows consumers to find nearby restaurants and dates can underpin a study of whether people are social distancing or an investigation into a kidnapping.

Moreover, many of the companies that repeatedly pitched Silverberg are providing the data that is being used to map coronavirus' spread. The pitches he received offer a window into how this data moves.

Beach parties and heat maps

X-Mode, for example, provides location data to the data analysis company Tectonix, which on March 24 released a widely viewed map showing how spring breakers who controversially partied on Florida beaches returned to their homes all around the country in the days that followed. X-Mode and Tectonix, which has contracts with the Pentagon, have released similar heat maps showing the virus' spread in China, Italy and Washington state, demonstrating its global reach.

X-Mode is also the source of location data that defense contractor Culmen International is using to map the virus' spread for federal agencies, according to Culmen. Another data broker that pitched Silverberg 16 times in an 18-month period, Cuebiq, provided location data used by The New York Times to map adherence to shelter-in-place orders around the country.

X-Mode says it complies with laws including the California Consumer Privacy Act, which went into effect this year, and the European Union's 2-year-old privacy law. Both require companies to obtain users' consent to share their data and require varying degrees of transparency about how they use that data.

A spokesperson for X-Mode said the company helps app developers "monetize their apps without ads" and "continue to invest in the success and growth of their apps."

Tectonix, Culmen and other companies that work with location data say the information is anonymized, with users marked by codes rather than names. However, academic studies have challenged whether efforts to guarantee privacy hold up in certain applications. Researchers at Imperial College London, for example, found they were able to uniquely identify 95% of individuals in a data set with just four time-and-place data points.

Silverberg's decision was influenced by the fact that privacy issues may be particularly sensitive for Scruff users. In at least 68 countries, homosexuality is a crime, and in some, the mere presence of a gay dating app on a phone is illegal. Silverberg knew that for many of his customers, identification by a government agency could mean prison or worse.

So in 2018, he cut ties with the data and digital advertising industries, two of the biggest revenue drivers in the app economy. He rebuffed dozens of pitches from companies like X-Mode offering to buy his users' data outright. And he stopped doing business with third-party ad brokers, who similarly demand reams of user data in exchange for ad dollars.

It's worked out, he said. Thanks to subscription revenue, and Scruff's newly built in-house advertising division and data analytics operations, Scruff has seen ad revenue grow fivefold. Silverberg's path might offer lessons for some of the thousands of app developers struggling to monetize their products while navigating the fast-evolving privacy landscape.

"You don't need to go through third-party ad brokers," he said. "That's the message for app creators all over the world. Don't be afraid to sell ads. You can do it. You don't need Google or a third party to do it for you."

Big money, little effort

Silverberg launched Scruff in the summer of 2010 out of his apartment in the West Village. The mobile app boom was just taking off, fueled by the proliferation of smartphones, and what began as a side project quickly became a full-time job as Scruff established itself as a popular competitor to Grindr.

The rapid growth, though, meant rapidly growing costs as well, mostly to buy server space to run the app, from a few dollars per month to $100 a day. "We scrambled to find any revenue source we could," Silverberg said.

He turned to several third-party ad firms, but frustrations mounted. The ads hurt users' experience, he felt, frequently serving as a vector for spam. And the revenue the ads generated was less than promised.

"They all had big promises of how much money you could make that they never came close to meeting," Silverberg said. "Our traffic would go up, and our revenue would go down. It just made no sense."

Privacy concerns weren't as prominent in the industry then. Smartphones weren't yet widespread enough to provide enough location data to make it useful, and the analytical tools weren't nearly as advanced. But about three years ago, this began to change. That's when the data brokers started showing up in Silverberg's inbox.

Companies he had never heard of offered him hundreds of thousands of dollars just to embed a few lines of software code in Scruff's app that would hoover up users' movements and other data. Salespeople dangled effortless revenue, with little impact on users' experience, mobile speeds, data-usage costs or battery life, as well as useful analytics on how users interacted with the app.

The data was anonymized, the companies assured Silverberg, but he had his doubts. In many cases, he said, the information taken came with other details about Scruff users, such as email addresses and mobile device IDs, which could potentially be used to identify individual users.

X-Mode was one of the most aggressive in pursuing Scruff's business. From September 2018 to February 2019, its sales reps sent six pitch emails to Silverberg. Three weeks after its offer to pay $100,000 for Scruff users' location data went unanswered, X-Mode reached out again.

"This quarter we are offering good rates for an SDK integration," the salesman said, referring to the embedding of software code. Three weeks after that later came a third pitch, this one with a spreadsheet of projected revenue.

The big spread

X-Mode traces its roots to 2013, when founder and CEO Joshua Anton created Drunk Mode, which prevented users from drunk-dialing, making phone calls they might later regret. The app was popular on college campuses and soon added new features such as Find My Drunk, which allowed friends to keep track of each other. In 2015, X-Mode began selling its location data.

Today, the company is one of the largest vendors of unprocessed location data. It lists 140 companies that buy its data, then process and analyze it to fit their needs. While Silverberg rebuffed X-Mode's offers, the developers of more than 400 other mobile apps used by more than 60 million people have signed on to sell the company their users' location data, according to X-Mode's website.

"You have so many apps on the app store who are all desperately in need to somehow monetize their apps," said Christoph Tavan, who used to run an ad tech firm and is now CTO for Contentpass, a German company building an ad-free, subscription-based internet model.

Though it's often difficult to know which apps are selling location data and which are not, careful readings of app privacy policies in some cases offer a clue. One of the developers X-Mode has partnered with is Kelly Technology, which has 16 mobile apps, including fitness apps like HIT Log, weather apps such as Earth++ and WeatherMatch, and a space exploration app called NASA Now. Kelly Technology did not respond to requests for comment.

Many of the companies that buy location data from X-Mode share data, in turn, with their own partner and client lists, meaning that sharing data with X-Mode can be the first step in the spread of that data to an untold number of other companies.

One of X-Mode's partners, German company AdSquare, which claims a data bank of 450 million user profiles from over 120 data providers, lists 45 partners it could share data with in 11 countries. One of those partners, Criteo, shares data with 99 partners and is under investigation by the French privacy regulator CNIL. Criteo said it was cooperating and had done nothing wrong.

Other dating apps, including Scruff's chief competitor, have come under fire for sharing users' data. A Jan. 14 report by European privacy researchers Wolfie Christl and Zach Edwards said Grindr shared detailed user data, including IP addresses, GPS locations, ages and genders, with many third-party ad companies, mostly via Twitter's ad tech subsidiary MoPub. The same study found that dating app OkCupid "shared highly personal data about sexuality, drug use, political views, and more with the analytics company Braze."

'That's our data'

These were the ripples, which seemed out of an app developers' control, that concerned Silverberg. "We took a look at all our partners, down the stack," he said, "and it became clear that if we continued to integrate with these ad networks, we would need to ask our customers to consent to sharing their data with all sorts of companies whose practices we knew nothing about."

Determined to work outside the third-party advertising and data broker networks, Silverberg built an in-house ad team in 2018. He hired designers who built a custom ad platform for Scruff based on React Native, a platform developed by Facebook. He hired a sales team that pitched directly to brands. They found takers who appreciated the approach, he said, and the app now has more than 50 advertisers.

But forgoing partnerships with data brokers brought challenges, such as the loss of potentially useful analytics. The alternative is to pay for those same services, but that can be expensive. Scruff users generate roughly a billion "events" per day: clicks, taps, scrolls, messages and everything else. That equates to about 500 GB of data, requiring a massive storage and a powerful processing capability to translate that data into something usable. One company quoted Silverberg a price of $30,000 a month.

So just as he did with ads, Silverberg set out to create an in-house analytics operation. "We wrote our own code to collect the data," he said. "But that wasn't the hard part. The hard part was ingesting and analyzing the data." He turned to Amazon Web Services for storage of the data and the company's Kinesis platform to interrogate it.

Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.

Silverberg said he saved money as a result, while enabling Scruff's data engineers to work with the app's raw data in more powerful and customizable ways, yielding insights into how customers use the app. Had he not taken control, he said, the privacy issues would have persisted.

"Every day you have to hand over to them a complete copy of all your user data, profile updates, time stamps, usage data," he said. "And then they're taking that data, repackaging it and reselling it. That's our data. Not yours."