There is a technology so common it is woven into the fabric of your daily internet use, but which has become a quiet but potent threat to national security. Called Real-Time Bidding, it is a system designed to sell advertisements, but it does far more than that. Every second, it broadcasts sensitive details about millions of Australians—where they go, what they do, and even what they fear—to an audience that includes foreign powers and private actors with motives far darker than advertising.
Thus a technology designed for convenience has transformed into an unguarded gateway to compromise.
In the US earlier this month, Federal Trade Commission Chair Lina Khan, joined by Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter, issued a sobering account of how Real Time Bidding has exposed Americans to unprecedented surveillance.
So what, precisely, is real-time bidding?
Imagine, if you will, a system so swift and silent that it tracks your every digital move without so much as a whisper. Each time you visit a website or open an app, fragments of your life—your location, your browsing history, even the device you hold—are cast into an invisible auction. Within milliseconds, companies vie for the right to display their ad on your screen, with the highest bidder claiming the prize. It is efficient, personalised, and profoundly intrusive, scattering your private data far and wide, often without your knowledge or consent.
But it turns out, it’s not just the soap powder salespeople at Procter & Gamble who are interested in your web site behaviour.
The FTC’s statement draws on revelations from America’s Hidden Security Crisis, detailing how RTB broadcasts sensitive personal data, including precise location and browsing histories, hundreds of times each day for every internet user. Foreign adversaries and bad actors, that report warns, can exploit this data for blackmail, surveillance, and worse.
That report, something of a chilling exposé, was crafted by Dr. Johnny Ryan and Wolfie Christl, with contributions from experts at the Irish Council for Civil Liberties. Their work, America’s Hidden Security Crisis, unveils a digital vulnerability so vast and so silent that it imperils not only individual privacy but the very fabric of national security. (They have also done a similar report highlighting Australia’s security exposure.)
Ryan and Christl reveal that Real-Time Bidding, a cornerstone of global online advertising, is broadcasting Americans’ private lives to a global audience billions of times daily. Defence personnel, political leaders, and ordinary citizens find their movements, preferences, and personal struggles auctioned to entities operating in Russia, China, and beyond. The data, it seems, flows without constraint, exposing sensitive individuals to blackmail, manipulation, and compromise.
The report highlight the sheer scale of this crisis: the RTB industry broadcasts Americans' activities 107 trillion times annually. It is a shadow economy that thrives on our secrets, linking them to dossiers that detail our weaknesses, routines, and relationships—fertile ground for exploitation by state and non-state actors alike.
This is not merely a privacy concern; it is a threat to democracy, the rule of law, and the safety of those who defend it. The authors sound the alarm with clarity and precision, urging governments to act decisively to stem the flow of what they term "the largest data breach ever."
Mobilewalla
The FTC Commissioners highlighted specific cases of misuse, such as the firm Mobilewalla, which harvested detailed profiles—tracking churchgoers, union organizers, and political protesters. This data was sold indiscriminately, sometimes even to buyers overseas.
Mobilewalla is not accused by the FTC of selling data to organisation in China or Russia for the purposes of espionage but perhaps that's because they were already too busy selling data to absolutely anyone else.
According to the Commissioners, "This conduct was part of a broader set of practices that Mobilewalla undertook to unlawfully collect, sell, and retain sensitive information on millions of Americans. Our investigation uncovered that Mobilewalla gathered large swaths of people’s personal information, including location data, and sold 'audience segments' that third parties could use to target people based on sensitive characteristics."
The FTC says those audience segments included, for example, "Hispanic churchgoers, pregnant women, members of the LGBTQ+ community, workers participating in union organizing, and people who participate in political rallies."
"Mobilewalla built these profiles through a variety of mechanisms beyond its use of bidstream data, such as by creating “geo-fences” around places like pregnancy centers, political protests, and state capitols. Mobilewalla even began collecting people’s phone numbers, which, paired with Mobile Advertising IDs (MAIDs), could be used to identify the name of the person frequenting a specific location. "
Chair Khan described this as nothing less than a national security crisis - citing bipartisan investigations by the US Congress.
The Ryan-Christl report meanwhile reveals how RTB’s unfettered data flows expose soldiers, defence officials, and lawmakers to manipulation, undermining the very institutions meant to protect us.
This is not a story of an abstract threat. It is a story of how the devices in our pockets have become windows for surveillance, turned outward by systems we neither see nor understand.
