Your phone company knows exactly which Airbnb you're cheating at

You spent the last five years clicking "reject all" on cookie banners while your phone carrier has been tracking your exact physical location 24/7 with precision GPS data. Congrats on winning that battle.

The news that mobile carriers can access your GPS location isn't actually news - it's just someone finally saying the quiet part loud. AT&T, Verizon, T-Mobile have always had this capability. They know where you are, where you've been, who you were near, and how long you stayed. Not approximate cell tower triangulation - actual GPS coordinates accurate to a few meters. And unlike that sketchy weather app you downloaded once, carriers don't even need to ask permission. They own the pipe your phone uses to exist as a connected device. The pipe knows everything.

Here's what this is really about: We've been fighting a decade-long privacy war on completely the wrong battlefield. We built an entire regulatory infrastructure around third-party cookies and app permissions - GDPR, CCPA, ATT, the whole alphabet soup - while the infrastructure layer sat back and laughed. Apple made a Super Bowl ad about privacy while paying carriers billions for 5G deals. Google restricted third-party cookies in Chrome while Android phones beam location data to carrier networks every few seconds. We've been obsessing over the curtains while someone else owns the whole house.

The pattern here is depressingly familiar: regulate the visible layer, ignore the infrastructure. It's the same playbook we saw with net neutrality (failed), broadband privacy (repealed), and spectrum auctions (captured). Telecom operates in a different regulatory universe where the normal rules of tech accountability just... don't apply. When's the last time you saw a carrier CEO get grilled by Congress about privacy? Elizabeth Warren will spend three hours eviscerating a crypto founder over a coin nobody uses, but the companies that track 330 million Americans every second of every day barely get a subcommittee hearing.

And the market dynamics make it worse. You have meaningful choices in search engines, browsers, social apps, even operating systems if you're motivated enough. But carriers? You've got three real options, they all do the same thing, and you need one of them to participate in modern society. That's not a market - that's a hostage situation with customer service surveys. The invisible hand of competition doesn't work when switching costs are high and the entire industry is a cozy oligopoly that's been practicing parallel behavior since before smartphones existed.

The really uncomfortable part is what they do with this data. Sure, there are rules - CPNI regulations, warrant requirements, the usual framework that sounds reassuring in press releases. But carriers have been caught selling location data to bounty hunters, handing it to law enforcement without warrants, and "accidentally" letting it leak to data brokers more times than anyone's bothered counting. Each time there's a scandal, they apologize, pay a fine that's 0.0001% of revenue, and promise to do better. Then we find out they did it again. The enforcement is theater, the fines are cost of doing business, and the capability never goes away.

What makes this especially galling is the timing. We're in the middle of a moral panic about TikTok's data collection while American carriers are running a surveillance apparatus that would make ByteDance jealous. The difference is TikTok had to build their tracking infrastructure from scratch and ask for permissions. Carriers inherited a government-granted oligopoly and the tracking came standard with the network. One of these seems significantly more concerning from a "who has leverage over Americans" perspective, but we're spending all our energy on the foreign app.

So what happens now? Probably nothing. This story will get some outrage tweets, maybe a stern letter from a Senator, and then we'll go back to arguing about whether Instagram can access your photos. The infrastructure layer will keep humming along, logging location data, because that's what infrastructure does when nobody's actually watching it. We'll keep getting push notifications asking if some app can use our location "while using the app" like that's the privacy frontier that matters. And your carrier will keep knowing exactly where you are, who you're with, and what you're doing, with or without your consent.

The Overton window on privacy has shifted so far that we think fighting over app permissions is meaningful reform while the companies that own the actual network have root access to everything. Tell me again how that cookie banner is protecting you.