GHOSTPORT
← Back to Dev Log

Data Brokers Know More About You Than Your Doctor

The $300 billion industry built on your browsing history.
March 28, 2026 • GhostPort Technologies

Somewhere in a database you've never heard of, there's a profile with your name on it. It knows your home address, your workplace, your commute route, what time you wake up, what medications you've searched for, which political articles you've read, how much you earn (estimated within $10K), your credit score range, whether you're pregnant, and what you had for lunch — because you searched for the restaurant on Google Maps.

This isn't a dystopian novel. It's the data broker industry, and it's worth over $300 billion annually.

The Pipeline: From Your Router to Their Database

Here's how your data gets from your living room to a broker's server:

  1. You type a URL or open an app. Your device sends a DNS query through your router.
  2. Your ISP logs the query — the domain, the device, the timestamp.
  3. Your ISP sells aggregated browsing data to data brokers. This has been legal since Congress repealed FCC privacy rules in 2017.
  4. The data broker combines ISP data with purchase history, public records, app data, and location pings.
  5. The broker builds a profile and assigns you to demographic segments.
  6. That profile is sold to advertisers, insurance companies, employers, landlords, and anyone willing to pay.

This isn't a conspiracy theory. In 2022, the FTC sued data broker Kochava for selling geolocation data that could track people to reproductive health clinics, domestic violence shelters, and places of worship. In 2024, the FTC issued a consent order against data broker X-Mode (now Outlogic), prohibiting the sale of sensitive location data harvested from apps — data that had been sold to government contractors and private buyers.

What a Data Broker Profile Looks Like

The data broker Acxiom (now LiveRamp) maintains profiles on approximately 2.5 billion consumers worldwide. According to their own marketing materials, a typical profile includes thousands of data attributes. Here's a realistic sample of what they collect:

Demographics Name, age, gender, ethnicity, marital status, household income range, education level, number of children
Location History Home address, work address, commute patterns, stores visited, restaurants, gyms, medical offices
Financial Credit score range, mortgage status, credit card usage patterns, estimated net worth, bankruptcy history
Health Indicators Health searches, pharmacy visits, fitness app data, insurance inquiries, medical device purchases
Online Behavior Browsing history (via ISP), search queries, social media activity, email engagement, app usage
Purchase History Online orders, in-store loyalty programs, subscription services, vehicle purchases, real estate transactions

This data is packaged into segments with names like "Expectant Parent," "Chronic Pain Sufferer," "Financial Distress," or "Politically Active Liberal." These segments are sold on exchanges where anyone with a credit card can purchase targeting access.

The People Search Problem

Beyond advertising, data brokers feed the people-search industry. Sites like Spokeo, WhitePages, BeenVerified, and Radaris aggregate broker data into searchable profiles available to the public. For $20-40/month, anyone can look up:

Your current and past addresses. Going back decades, including apartments, houses, and temporary residences.

Your phone numbers. Current and historical, including numbers you thought were private.

Your relatives and associates. Names, addresses, and contact info for people connected to you.

Your estimated income and property values. Pulled from public records and commercial databases.

Your criminal record. Court records, arrest records, traffic violations.

Stalkers use these sites. Domestic abusers use them to find victims who've relocated. Scammers use them to build convincing phishing attacks. And it's all legal, because the data was "publicly available" or "consented to" through privacy policies nobody reads.

Why There's No Federal Law Stopping This

The United States has no comprehensive federal data privacy law. The EU has GDPR. California has CCPA/CPRA. A handful of other states have partial protections. But at the federal level, data brokers operate in a regulatory vacuum.

The American Data Privacy and Protection Act (ADPPA) has been introduced to Congress repeatedly and has never passed. The data broker lobby — representing companies like Acxiom/LiveRamp, Oracle Data Cloud, Epsilon, and Experian — spends millions annually ensuring it doesn't. the data mining and digital advertising industries spend tens of millions annually on federal lobbying to ensure comprehensive privacy legislation never passes.

Waiting for Congress to fix this is not a strategy.

Cut the Pipe at the Source

The data broker pipeline starts at your router. Every unencrypted DNS query is a data point your ISP can harvest and sell. The most effective thing you can do is stop the data from leaving your network in the first place.

Here's what actually works:

  1. Encrypt your DNS. Use DNS-over-HTTPS or DNS-over-TLS to prevent your ISP from reading your queries. This is the single highest-impact step.
  2. Block trackers at the network level. Ad trackers and analytics scripts report your behavior to third parties. Blocking them at the DNS level stops them across all devices.
  3. Use a VPN for full traffic encryption. Prevents your ISP from seeing anything — not just DNS, but all traffic. Remember: this shifts trust to the VPN provider.
  4. Opt out of data broker sites. Tedious but effective for removing existing data. Services like DeleteMe automate this.
  5. Minimize app permissions. Every app with location access is a potential data source for brokers.
  6. Use a privacy-focused router. Applies encryption and blocking to every device automatically — no per-device configuration.

GhostPort handles the first three steps at the router level. Every device on your network gets encrypted DNS and tracker blocking automatically. The optional VPN subscription encrypts all traffic. No apps to install, no settings to configure on each device.

What We Can't Fix

Let's be clear about the limits. GhostPort blocks the ISP data pipeline and network-level trackers. But data brokers have many sources:

We can't stop apps from reporting data over their own encrypted connections. If you grant Facebook location access, Facebook gets your location regardless of your DNS settings.

We can't remove data that already exists. Broker databases built over years of collection won't disappear when you encrypt your DNS. You need opt-out requests for that.

We can't block data shared through loyalty programs, credit cards, or public records. Those are separate pipelines outside the network layer.

Privacy isn't one tool. It's layers. GhostPort is the network layer — arguably the most important one, because it's the one that works for every device without any user action. But it's not the only layer you need.

The $300 billion data broker industry exists because your data flows freely. Make it stop flowing.

Related Articles

→ What a VPN Actually Does (And What It Doesn't) → The FCC Just Signed Advertisers' Death Warrants → Why Open-Source Hardware Is the Only Hardware You Can Trust

Cut the data pipeline at the source.

ghostporttechnologies.com
Encrypted DNS. Tracker blocking. Every device. Automatic.
GHOSTPORT TECHNOLOGIES • 2026 • YOUR NETWORK. YOUR RULES.
🎨
ACCENT COLOR
A+
TEXT SIZE