Location data collected from mobile apps and digital advertising can reveal habits, interests and almost any other aspect of someone’s life. In this report, we uncover how a geolocation surveillance system called Webloc uses ad-based data to monitor hundreds of millions of people across the globe.
Do they have to follow GDPR delete or data requests?
Maybe the data brokers might delete based on the requests, but it seems this is a lot deeper than anything the GDPR could fix as the data would be reuploaded and updated, because the data comes from the “analytics” and “diagnostics” SDKs, being uploaded to data brokers and unified under the advertisement ID from google and apple devices/browsers.
I think this could only be broken by not using the advertisement ID (that was promised to help anonimize the advertisement data) and block all the requests by DNS blocking on the whole device, like with Ublock Origin + Hosts file + pihole/nextdns/adguard, etc.
Edit: also blocking cwsystem.com, cwtapp.com, cobwebsapp.com and subdomains, because they can host malware made from the company that owns this system.