That means that everybody who succumbed to the viral spread of the tool gave up metadata that included not only age and gender, the writers said, but also geolocation data
I'm assuming that some sort of authentication was required to get accurate geo location information beyond what is available from an incoming IP address.
I did think this was interesting though:
Not coincidentally, Microsoft was also busy at Build touting its new "Hello" authentication protocol, which supports three types of biometric authentication: fingerprint, iris and yes, facial recognition.
Clearly facial recognition, alone, will not be an effective form of authentication. But if some combination of these factors is to become a future standard, we're definitely in the process of removing iris and facial features as reliable and unique methods.1
I'm making the assumption that it will be far longer before phones have proper iris scanners and will instead lean on up-close photos of the iris. I'm cynical in thinking that the marketing buzz of "iris scanner" will precede the actual ability to measure blood flow in the eye with a smartphone. ↩