Smartphone displaying a map with location pins on a dark background

TL;DR: U.S. Central Command confirmed in an April 14 letter that adversaries have exploited commercially available location data to target and surveil American troops in active war zones. The data comes from the same pipeline that powers targeted ads on your phone: apps collect your location, sell it to brokers, and brokers sell it to anyone with a credit card. Senator Ron Wyden is calling the adtech industry "a national security threat." The twist: the U.S. government itself buys the same data without warrants to track Americans at home.

The Pentagon Said the Quiet Part Out Loud

On May 28, 2026, Reuters broke a story that should have been front-page news everywhere. The Department of Defense confirmed (officially, on the record) that enemies are using commercially purchased location data to target U.S. military personnel deployed to war zones.

The confirmation came via a letter from U.S. Central Command, dated April 14, shared by Senator Ron Wyden (D-Oregon). CENTCOM's exact words: they had "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater."

"In theater" means active deployment. Not stateside bases. Not training exercises. War zones, including the Persian Gulf region where tensions with Iran's military remain high.

Wyden, along with Rep. Pat Harrigan (R-North Carolina), a former Army Special Forces officer, sent a bipartisan letter to the Pentagon demanding faster action. Their characterization of the problem was blunt: it's time to "start treating the adtech industry as a national security threat."

How Your Weather App Feeds a Kill Chain

The pipeline is absurdly simple. It works the same way whether the end buyer is a shoe company or a foreign intelligence service:

  1. Collection: Apps on your phone (weather, games, navigation, social media) collect your GPS coordinates. Many do it continuously, even in the background.
  2. Sale: App developers sell that location data to data brokers, sometimes through complex chains of intermediaries. The data includes your device's unique advertising ID, timestamps, and precise coordinates.
  3. Resale: Data brokers package and resell the data on the open market. Anyone can buy it. There's no background check. No verification of intent. No law preventing it.

That's it. Three steps from a soldier checking the weather in a forward operating base to an adversary knowing exactly where U.S. forces congregate, what time they move, and what routes they take.

Military Times spelled out what that data enables: "missiles, drones, and roadside bombs" targeting, plus counterintelligence operations. Commercial location data reveals "where U.S. troops congregate and their pattern of life."

Pattern of life. That's intelligence terminology for knowing someone's routine so well you can predict where they'll be tomorrow.

This Isn't New. It's Just Finally Official.

The Pentagon's confirmation is the first time officials acknowledged troops were targeted in an active war zone. But the warning signs have been screaming for a decade.

2016: A defense contractor demonstrated that commercially available location data could track U.S. Special Operations Forces from their bases in the United States to a sensitive staging post in Syria. The Wall Street Journal reported it. The Pentagon did nothing meaningful about it.

2022: Journalists at Wired and two German news outlets obtained billions of coordinates from a single data broker. They used it to expose the detailed movements of personnel at 11 U.S. military and intelligence sites across Germany. Every base. Every pattern. Every vulnerability. All from data anyone could buy.

2026: CENTCOM finally confirms the obvious: adversaries figured this out too.

Ten years. A decade between "a contractor proved this was possible" and "the Pentagon admits it's happening." The data broker market didn't pause during that decade. It grew.

The Government Buys the Same Data

Here's where this story goes from alarming to infuriating.

The same U.S. government now warning that commercial location data threatens national security has been buying that exact data for years, to surveil Americans at home, without warrants.

The receipts:

  • DHS has purchased cell phone location data since at least 2017. In February 2026, they signed a $1 billion contract with Palantir for AI-powered analytics across all DHS components.
  • FBI signed a contract worth up to $27 million with Babel Street for 5,000 licenses to Locate X, a tool that tracks phone movements.
  • ICE contracted with Penlink for Webloc, which tracks 500 million devices using the same ad-data pipeline.

FBI Director Kash Patel, when asked whether the Bureau would stop buying Americans' location data, declined to commit. The FBI "uses all tools," he said, and purchases information "consistent with the Constitution."

The Fourth Amendment says the government needs a warrant to track you. The data broker loophole says they can just buy that data from companies that collected it from your apps. Same data. Same pipeline. Same lack of regulation. The only difference is who's buying.

The government wants to be the only customer in a market it refuses to regulate.

What Congress Wants the Pentagon to Do

The bipartisan letter from Wyden and Harrigan laid out specific fixes. They're reasonable. They're also things that should have been done years ago:

  • Disable advertising IDs on all military-issued devices. The unique advertising identifier is what links location pings to a specific phone.
  • Auto-disable location sharing on smartphones in the field. Soldiers shouldn't have to remember to toggle a setting before entering a war zone.
  • Ditch Chrome. Google's browser leaks data to the advertising ecosystem by design. The letter recommended switching to privacy-focused alternatives. Google responded that Chrome has "industry leading security," which isn't the same thing as privacy.
  • Faster implementation of existing safeguards the Pentagon has already acknowledged but hasn't deployed.

Notice what's missing from that list: any proposal to regulate the data broker industry itself. The fixes are all about shielding military personnel from a system that remains perfectly legal for everyone else. Your location data is still for sale. The Pentagon just doesn't want its soldiers' data in the pile.

The Problem Isn't the Pentagon. It's the Market.

Wyden called adtech "a national security threat." He's right. But framing this as a national security problem understates what's actually happening.

The same unregulated data broker market that endangers troops also enables:

  • Stalkers tracking domestic violence victims through apps on their phones
  • Anti-abortion groups purchasing visitor data from reproductive health clinics
  • Foreign governments identifying intelligence personnel stationed abroad
  • Insurance companies monitoring where you go and how fast you drive
  • Anyone with cash tracking anyone with a phone

Troops are a sympathetic case. Bipartisan outrage is easy when soldiers die. But the underlying problem (an entirely unregulated market for human location data) affects every person carrying a smartphone. That's 310 million Americans.

There is no federal law preventing data brokers from selling your precise location to anyone. Congress has known this for years. The FTC banned Kochava from selling sensitive location data in May 2026 (one company, after years of litigation). The market has hundreds of brokers.

What You Can Do

Kill Your Advertising ID

iPhone: Settings → Privacy & Security → Tracking → toggle off "Allow Apps to Request to Track." Then go to Settings → Privacy → Apple Advertising → toggle off Personalized Ads. Android: Settings → Privacy → Ads → "Delete advertising ID."

Audit App Permissions

Check which apps have location access. Your flashlight app doesn't need your GPS coordinates. Set location permissions to "While Using" or "Never" for everything except navigation.

Switch Browsers

Even Congress is telling the Pentagon to drop Chrome. Use Firefox or Brave, and pair them with an ad blocker like uBlock Origin. The FBI itself recommended ad blockers to reduce data collection.

Push for Regulation

The data broker loophole exists because Congress allows it. Contact your representatives. The SECURE Data Act is being debated in committee. It's not perfect, but it's something.

The Bottom Line

The Pentagon just confirmed what privacy advocates have screamed about for years: the commercial location data market is a threat. Not a theoretical one. A confirmed, documented, troops-getting-targeted-in-war-zones threat.

And the government's response is to protect its own personnel while leaving the market intact for everyone else. Disable the advertising IDs on military phones. Switch browsers in the field. Deploy existing safeguards faster.

None of that helps you. The same apps on your phone feed the same pipeline to the same brokers selling to the same buyers. The only difference between a soldier's location data and yours is that someone in Congress finally cares about theirs.

References

  1. TechCrunch: U.S. says troops were targeted with location data, as senator warns ad industry is a 'national security threat' (May 28, 2026)
  2. Military Times: US troops are reportedly being targeted using location data, Pentagon says (May 28, 2026)
  3. Reuters via U.S. News: Pentagon says US military personnel are reportedly being targeted using location data (May 28, 2026)
  4. Techdirt: Enemies Are Exploiting Unregulated Data Broker Location Data To Target And Kill U.S. Troops (May 28, 2026)
  5. NPR: Your data is everywhere. The government is buying it without a warrant (March 25, 2026)