Most folks understand that advertisers are eager to track their behavior online. And they would do so to the greatest degree technology allows except, we’ve been told, most of our actions – on mobile devices, for instance – is just meaningless aggregates that can’t be pegged to an individual person.

Turns out, that’s not true. As Motherboard’s Joseph Cox writes, there’s an entire industry built round linking all that aggregate data directly to individual mobile users:

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.

“If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous,” Senator Ron Wyden told Motherboard in a statement.

“We have one of the largest repositories of current, fresh MAIDS<>PII in the USA,” Brad Mack, CEO of data broker BIGDBM told us when we asked about the capabilities of the product while posing as a customer. “All BIGDBM USA data assets are connected to each other,” Mack added, explaining that MAIDs are linked to full name, physical address, and their phone, email address, and IP address if available. The dataset also includes other information, “too numerous to list here,” Mack wrote.

Okay, so what’s the big deal? No one really believed their online actions, let alone their mobile activity, was private. Who gets hurt?

Maybe not the guy who wants a cheap burrito. But for others, de-anonymizing carries genuine risks:

Senator Wyden’s statement added “I have serious concerns that Americans’ personal data is available to foreign governments that could use it to harm U.S. national security. That’s why I’ve proposed strong consumer privacy legislation, and a bill to prevent companies based in unfriendly foreign nations from purchasing Americans’ personal data.”

Similar concerns should be extended to average phone users, who never gave permission to anyone to unmask their personal information.