I had looked into it - but the person you’re tracking has to have the app on his or her smartphone also. Maybe give permission to the tracker too - I don’t remember.
It can be done with bulk cell phone data (2000 Mules) but that’s not a cheap option.
In the "new world", when you install nearly every application these days, it asks you to approve a EULA for the application, and then after it installs it, it asks for permission to turn on "Location Services" (as they are referred to in Apple's iOS) which most people cheerfully and unconcernedly approve.
When you approve it that way, it configures it by default for "Always Track" rather then the safer "Only While Using This App" option.
With that done, your application (and many people have DOZENS of applications that send location data somewhere, not just one or two) begins to constantly send data about your geo-location to a database out there on the Internet maintained by the company that wrote the application.
Each data packet with geolocation data from your phone contains at least three discrete pieces of data:
That's it. Those three things. The payload of data sent in that packet is exceedingly small I would guess (4 bytes for Longitude, 4 bytes for Latitude, 4 bytes for a time stamp (DateTime) and your MAC address is 12 bytes, I think. Someone on here probably knows more about this than I do, so anyone, please correct me.
Remember that storage is cheap. So cheap, that data can be held nearly indefinitely now for many things, instead of being "FIFO"d (First In, First Out) as was done at some point in the past to save space.
Now, the software vendor has your data about where your phone goes, hence your travel patterns. And if I am not mistaken, they can do this down to the FEET level, not the TENS OF FEET level. Which means 5-10 feet, if I understand correctly.
Their own marketing services can determine a lot of information from that small amount of data they hold.
They can "Geofence" around their store, and get every individual MAC address that came in or out of the store, how long they stayed in the store, even where they went in the store.
Here is where it gets interesting, and...where it gets scary.
Now that they are collecting your data, they might want to answer specific questions (these are only guesses on my part, I am not into marketing, others on this forum might have more insight):
Where do people come to our store from? Do they come directly to our store, or from home or work? (If they all come by the same route or many do, perhaps they can purchase a billboard on that road?)
Do they visit our store after they eat a meal (if there is a pattern from a certain nearby restaurant, they might be able to advertise there!)
Do they shop at other stores for similar products before coming to ours? Are we the first in line to get a visit, in the middle, or near the end of their journey?)
You get the idea. But there is an even bigger market here than a vendor. This is great if you are a company like Home Depot that makes its own mobile app and puts it out there on the Apple and Android stores. They get to rake in all this data. But that isn't the best thing about it for them. The best thing is...
They get to sell that data. Hey, it's anonymized, even to them at Home Depot unless you created an account, and then they might even have your phone's MAC address linked to your email address or phone number. Even better. But unless you approve that EULA that gives them permission to do all kinds of things with your information including tying your personal information to that location data, they cannot distribute your other information without your permission, though I am fully convinced that nearly all of them do just that, especially if they get fiscally desperate.
But they can sell ALL the anonymized data to data warehouses, and for all I know, might well (for an extra fee) include information with each location data about who their company is. (I don't know this, but it seems at least possible if the price would be right). (This last part OBVIOUSLY does not include the vendors such as Apple, Samsung, Google, and others who manufacture the phones. THEY know at least who owns that phone with a given MAC address because they sold it to them and store that data in their databases. But they supposedly don't hand it out.
Supposedly.
What that means is, there are HUGE databases out there FULL of tracking data, sold not only by vendors such as Apple, Samsung, who gather this information tied to your MAC address.
These geolocation data warehouses sell the data to anyone with money. You or I could buy it if we had the money. This was the pathway followed by Gregg Phillips and Catherine Englebrecht of True The Vote who collaborated with Dinesh D'Souza to create "2000 Mules". Unless someone really, REALLY wants to know.
Like the Police. Or the FBI. Or the DOJ. Then, those entities can subpoena it. So they hand Apple a MAC address, with the justification that a crime has been committed, and they need to know who that phone was sold to. Then they send some police, FBI, or DOJ people to interrogate that person. "Do you have this phone in your possession? Can we see it and verify the MAC address? Oh, you sold it? Who did you sell it to?"
So, in summary, if we were living in a Constitutional Republic under the rule of law, passed under constitutional guidelines by legal legislatures, you might be safe.
Maybe.
As it is right now, it is possible for the Police, FBI, or DOJ to gin up nearly any charge and issue a subpoena, and you can get your personal movements tracked over any length of time you have owned that device.
Money to buy it is not an issue. They have scads of money, yours and mine, to use against us.
All "legally", of course. All without recourse on your part. Because as we have seen, they used this data on the January 6 protesters. Because it was a national security issue (dontcha know) they simply obtained all the geotracking data from one of these warehouses for that day and the weeks or months both before and after January 6, 2021 by drawing a geofence around the area, looked at the "anonymous" MAC addresses they deemed "suspicious" and put them in a spreadsheet and sent it to Apple, Samsung, Google, and others asking for the names and addresses of who purchased those phones. Those companies cheerfully complied and supplied the FBI with them.
And there you have it.
One more thing on this-and that is the utilization of Artificial Intelligence in concert with this geotracking data. AI is great at looking for patterns, especially patterns that are not obvious to raw human examination. Us humans might never see them. But with AI and Machine Learning, it can make connections that we never could. However, AI, like any tool, has a duality to it.
AI can be used for good, for example, by using AI algorithms to analyze the brain scan of a patient who many be in the active process of having a stroke, and alerting a Radiologist to look at that exam first and where to look, so that brain function can be preserved and a life can be saved. Or it can be leveraged to find a brutal mass-murderer with Geolocation data, as was done in this case or in the case of "2000 Mules". Hooray.
But on the downside, before you let that "Hooray" escape your lips-it can be used to enable a government to trample on the rights of citizens and justify the imprisonment for years without a trial as we have seen in the 1/6 political prisoners. And that is only the beginning.