Norweigian researcher exposes how a US firm collected his location data