Carriers have also sold customer location data, no search warrant required. Though we can rest assured that the FCC has slapped the carriers' wrists with the utmost seriousness.

And sold it to not just the government but anybody _claiming_ to be a bounty hunter (and some other professions).

Couldn't you just maintain a list of cell tower IPs and figure it out with traceroute?

IP doesn't handle roaming very well. If you got routed onto the internet directly from your local cell tower, then your connections would drop whenever you switched to a different tower, which is somewhat suboptimal. Cell networks handle it at a lower level and route your traffic through a central location which serves as the origin of your IP traffic. Geolocate your IP while on cell data and you'll probably see something pretty far away from where you are. My phone's IP address at the moment is about 400 miles away from the actual phone.

Cell towers are not working at the IP level, so no

I think that's very much what is discussed in this whole thread.