From the Attention Economy to the Human Targeting Economy
What causes modern digital advertising to shift into the intelligence field is not a moral drift, but a structural property of its technical architecture. Programmatic advertising was designed to optimize a simple function: identify the "right person" at the "right moment" to push them the "right message," by aggregating the maximum available signals about an individual and their environment.
To achieve this, the adtech ecosystem has multiplied sensors: application SDKs that collect precise geolocation, persistent advertising identifiers, device fingerprints, browsing histories, contextual data (Wi-Fi networks, schedules, frequency of visits, etc.). All of this is injected into real-time bidding flows (RTB) where automated platforms evaluate in milliseconds the "value" of displaying a banner on a given screen at a given moment.
See my previous article: Fondement technico-économique de la publicité numérique moderne
This massive flow is then captured, transformed and resold by a galaxy of intermediaries: ad networks, aggregators, data management platforms (DMPs), then data-brokers who restructure these signals into "segments" and "audiences." It is these same flows, designed to optimize click-through rates and sales, which, once extracted from their marketing purpose, become raw material for human targeting with a precision rarely achieved by traditional intelligence means.
How Adint Transforms Advertising into Field Sensors
Advertising Intelligence (Adint) consists of conducting intelligence using the advertising layer as a sensor, without having to deploy specific tracking devices on targeted terminals. Technically, an Adint service provider doesn't need to "hack" a phone: it simply needs to purchase access to data flows that the advertising industry already puts into circulation.
In a typical scenario, the service provider:
- acquires from data-brokers or marketplaces flows containing mobile advertising identifiers (MAID, IDFA, GAID, etc.), associated with geographic coordinates, timestamps and minimal metadata;
- correlates these flows over time to reconstruct trajectories: places of residence, work, routes, habits, frequent stopping points;
- applies geographic filters: for example, all terminals observed within a perimeter of military bases, embassies, ministries, strategic research centers, or places of worship or political meetings;
- builds "watchlists" of devices, likely to belong to targets of interest (intelligence agents, diplomats, officers, political opponents, journalists, activists).
Once these devices are identified, the power of Adint comes from the fact that they continue to feed advertising flows day after day wherever they move. Without any search warrant, without requisition from telecom operators, a purchasing service can potentially track:
- daily movements of sensitive personnel;
- their visits to places deemed compromising (meetings with sources, participation in political meetings, contacts with NGOs, consultations at specialized clinics, etc.);
- "clusters" of people who regularly meet within the same restricted perimeter, revealing networks, cells, clandestine meetings.
This mechanism is not limited to states that respect a democratic chain of accountability. The same service provider can sell access to these capabilities to a European service governed by law, and to an internal security service of an authoritarian regime, without technical difference and with virtually non-existent substantive controls.
The Pivotal Role of Data-Brokers: A Systemic Compromise
Data-brokers are the central point of compromise, because they operate at the exact place where data changes status: it is no longer a raw flow from the advertising chain, but becomes a structured resource, queryable, ready for use for third-party purposes.
Their model is based on several problematic characteristics:
Temporal accumulation: where the advertising network only "sees" an isolated impression, the data-broker historicizes millions of events, over long durations. From six months, a year, or even more, it is possible to reconstruct the complete history of a device's movements.
Cross-enrichment: the same advertising identifier is correlated with other sources (browsing data, purchases, geolocation information from other SDKs, hashed email databases, etc.). A terminal becomes a profile, and this profile sometimes becomes an identity, even if it remains pseudonymized in contracts.
Contractual opacity: access conditions vary, but generally remain centered on "marketing" or "analytical" usage clauses. In practice, nothing prevents an intelligence service from operating behind commercial cover (shell company, local service provider, integrator) to acquire perfectly standardized datasets.
Global scope: these brokers don't buy "national" data but global flows, at the scale of large platforms or international marketplaces. As soon as a phone has been exposed, even once, to a campaign using their partners, it ends up in their databases, regardless of the country where it is located.
For a purchasing state, this configuration is ideal:
- no direct dependence on a mobile operator or telecom equipment manufacturer, therefore fewer diplomatic frictions;
- no investment in heavy field collection capabilities;
- possibility of cross-referencing this adtech data with its own databases (passenger files, administrative databases, legal interceptions) to further de-anonymize.
For a target state, however, it's a nightmare: the routes and habits of sensitive personnel, elected officials, administrative executives or civil society actors end up in databases that hostile services can access through simple purchase, sometimes through several intermediaries.
Client States, Target States: Imported Vulnerability
When Western services outsource or purchase Adint capabilities from foreign companies, they actually import a vulnerability. The external service provider:
- sees queries, targeted geographic perimeters, search parameters that implicitly describe zones, infrastructures and profiles considered strategic;
- can deduce operational priorities, deployment patterns, correlations between events;
- keeps, in practice, technical control over data pipelines and models used, even if the client has a "dedicated" interface or instance.
In cases where these service providers are located in countries whose security services enjoy legal or informal access to national business infrastructure, Adint becomes a sovereignty issue. The risk is no longer just that citizen data is exploited by a third party, but that foreign services can map the operational surface of other states ("who goes where, when, with whom") by observing their own Adint usage.
At the other end of the spectrum, states little concerned with respecting fundamental rights can use these same services to target:
- political opponents and diaspora activists, tracked in their host country by simple observation of their terminals;
- journalists and NGOs present on their territory or in conflict zones, spotted by their passage through certain areas;
- religious or ethnic minorities, identified by frequenting places of worship, associations, specific neighborhoods.
In these configurations, the adtech chain, originally "neutral," becomes a mass surveillance device targetable at will, without local or international judicial control. The notion of citizen consent no longer has any relevance: the terminal "consented" to share location for a weather service or game, but the information then passed into hands that answer to no independent judge.
Operational Implications for CIOs, CISOs and Public Officials
For an administration CIO, a ministerial CISO or a security manager of vital importance operators, Adint and the compromise of data-brokers require reconsidering mobile policy and application portfolio management. The smartphones of agents, elected officials, magistrates, police, military are no longer just terminals to "secure" against malware: they are mobile advertising beacons.
Some immediate consequences:
-
The main risk is not attack, but structural leakage
Even without infection, a phone continuously emits geolocation signals via the advertising layer. GDPR sanctions and privacy policies are not enough to stem the phenomenon, because most of the leakage occurs outside the bilateral supplier–user relationship. -
"Harmless" applications become sensors
Free games, weather applications, dubious VPNs, flashlight or battery optimization tools are often saturated with advertising SDKs. These transmit most of the signals exploited by Adint. A usage charter that focuses on "professional applications" without addressing the rest of the fleet leaves a gaping hole. -
Pro/personal separation is insufficient if not watertight
BYOD or dual-use terminals expose the routes and private habits of sensitive agents to the same advertising chains. An agent who goes home with their service phone and their "chatty" personal phone allows an Adint actor to cross-reference both profiles by observing their systematic co-locations. -
Public mobility data can be correlated
Access cards, connection logs, service vehicle movement traces can be cross-referenced by an adversary with what they observe via Adint, strengthening their ability to attribute an advertising identifier to a real identity.
Pragmatic Action Areas to Limit Exposure
On this terrain, purely regulatory discourse is not enough: sanction mechanisms will always come too late compared to service provider innovation and foreign service usage. For a decision-maker, it's first about reducing the attack surface upstream, then working, in parallel, on more structural public policy levers.
On the technical and organizational level:
Restrictive application policy on sensitive terminals
Service terminals for exposed personnel (intelligence, diplomacy, senior civil servants, magistrates, police, military, strategic regulators) must be considered "prohibited zones" for any advertising SDK. This implies a drastic choice of authorized applications, systematic verification of the presence of advertising and analytics SDKs, and banishment of public stores for these terminals.
Compartmentalized and hardened equipment
High-risk profiles must have compartmentalized terminals: a service phone without adtech, hardened, potentially limited to a whitelist of applications, and possibly a clearly separated personal terminal, whose use is supervised. The first must never be used for private purposes (social networks, games, online shopping, etc.).
Aggressive configuration of advertising and location
Prohibiting, through MDM configuration, personalized advertising, cross-app tracking and location access for non-essential applications drastically reduces the quantity of signals exploitable by Adint. This doesn't eliminate the risk, but greatly reduces the granularity of reconstructed trajectories.
Targeted awareness of profiles of interest
Agents who move in sensitive zones or who occupy strategic functions must be specifically trained on Adint risk: which applications to avoid, how to disable unnecessary services, why a phone constantly on in certain zones becomes an advertising tracker accessible by a third state.
On the political and regulatory level:
Specific framework for data-brokers
Data-brokers must be removed from the regulatory blind spot and subject to specific regimes: transparency obligations on volumes and categories of data sold, prohibition of sales to certain types of clients (shell companies based in at-risk jurisdictions, identified intelligence service providers), independent audits.
Sovereignty clauses in public contracts
Public contracts involving advertising data flows (state communication campaigns, public digital service operators) must integrate clauses limiting transfers to actors subject to aggressive extraterritorial legislation, and prohibit resale to non-approved brokers.
Targeted international cooperation
A credible digital sovereignty policy requires cooperation with other exposed states to map Adint service providers, share compromise indicators ("advertising" IOCs) and, where appropriate, place certain actors on sanctions or export restriction lists.
A Paradigm Shift for National Security
Adint and the compromise of data-brokers mark a shift: the threat no longer comes only from core network equipment or critical software, but from an "auxiliary" data economy that was built without thinking of itself as an intelligence infrastructure.
For a CIO, a CISO, a political decision-maker, the conclusion is simple:
- treat the advertising chain and data-brokers as a strategic exposure surface on the same level as telecom suppliers, cloud hyperscalers or equipment manufacturers;
- consider advertising geolocation as national security data when it concerns agents or critical infrastructures;
- integrate Adint risk into doctrines, training, security audits and diplomatic arbitrations.
As long as sensitive personnel terminals continue to feed global advertising marketplaces without control, the best data protection laws will remain largely theoretical. Mastering the adtech chain and regaining control over data-brokers cease to be purely "digital" subjects: they are now questions of sovereignty, counter-interference and, for certain states, protection of the life and freedom of their most exposed citizens.
