You Are Here: Scary New Location Privacy Risks
- 29 June, 2010 04:34
Location-based services on a mobile phone are terrifically helpful when you need to find a nearby business or directions to the freeway. They're also terrifically helpful to advertisers, government agencies and even stalkers who can use them to track your every move.
[Google now faces a multiple-state privacy investigation regarding its Street View data collection effort. For more on the privacy brouhaha, see this backgrounder and timeline. ]
"If you are publishing your location to the world, anyone, including a stalker or a thief or the government or an advertiser or anyone else, can go and look at that information, and hence, the threat," says Kenneth Bankston, an attorney with the Electronic Frontier Foundation.
The danger isn't just theoretical. At the SchmooCon security conference in Washington D.C. last winter, a hacker demonstrated an application that tricks a user into clicking on a poisoned link and then surreptitiously downloads a spyware program that tracks the smartphone's exact location. The results are displayed as an overlay on a Google map on the hacker's Web site, says Mike Greide, a security researcher at Zscalar who witnessed the demo.
That code, he says, has since been made public and is now on the Web for anyone to use. With a little effort, it could be adapted to work on iPhones or Android-based devices, Greide told me.
Less overtly threatening, but still invasive, are privacy holes created when social networking sites share information with third parties such as advertising and analytics companies. "I may not intend it, but once I check in with a mobile social networking site it's quite possible that the whole world will then know where I'm at," says Craig Wills, a professor of computer science at the Worcester Polytechnic Institute, who has studied the issue of "privacy leakage" from social networking sites. (More about Prof. Wills's work in a bit.)
What Your Phone Says About Your Locale
And don't think that your basic cell phone, which doesn't have a GPS function, won't give you away. It will, since it's always in touch with cell phone towers, whose location can give away yours via triangulation. And once again, the threat is not theoretical.
Last year, the FBI obtained secret permission (but didn't actually get a warrant) to monitor the location of 180 cell phones in the course of an investigation into a bank robbery, according to a court filing by the American Civil Liberties Union and the Electronic Frontier Foundation. The difference between the order obtained by the FBI and a warrant isn't just a technicality. Obtaining a warrant requires a much higher standard of proof that a crime has been committed or will be in the near future.
The government's contention that warrants aren't needed to monitor the location of cell phone users disturbs me, and it apparently disturbed U.S. Circuit Judge Dolores Sloviter who said this during a court hearing in Philadelphia: "You know there are governments in the world that would like to know where some of their people are or have been. Can the government assure us that it will never try to find out these things?" she asked.
Social Networking Your Privacy Away
By now, most of us know that the privacy settings on sites like Facebook can be difficult to use, and it doesn't take much of a mistake to widely disseminate information we meant only for our close friends. What's more, many social networking sites transmit personal information to third parties, particularly advertisers, unless a user has opted out.
Being subjected to ads keyed to your browsing habits can be intrusive, but the potential for harm isn't great. But when that personal information includes your current location, or addresses you've visited in the recent past, the issue becomes more serious.
Wills, the Worcester Polytechnic researcher, looked at 13 mobile online social networks, including popular services like Brightkite, Buzzd, Flickr, Foursquare, Gowalla, Loopt, Radar, and Urbanspoon and seven older social networking services such as Facebook, LinkedIn and Twitter.
Wills and his colleague, AT&T Labs researcher Balachander Krishnamurthy, tested the sites using a "sniffer" that allowed them to see all network traffic to and from mobile phones they were testing. (You can read their research paper here.)
With the exception of Loopt, all 20 leaked some kind of private information to third-party tracking sites. Buzzd, for example, shared the user's location with Pinch Media, a seller of Web analytics services and tools, without overt permission or disclosure, the researchers found.
Foursquare passes the user's latitude and longitude to the Google map service to show his or her current location. That's what you'd expect, of course, but Wills found that the geographic data is also shared with a dozen or so other sites.
How to Keep the Snoops at Bay
It shouldn't be news to you, but I'll repeat it anyway: The most common way to get in trouble on the Web is by clicking on a link or attachment from someone you don't know.
That's been true on the desktop for some time, and now it's true on the mobile Web. The hackers who use the spyware shown at SchmooCon can't mess with your phone if you don't take the bait.
Staying out of the clutches of advertisers or shadier types who want to know where you are via your social networking habits is a bit harder. You absolutely have to spend time figuring out Facebook privacy settings and using them correctly. I think it's ridiculous for that burden to fall on the user, but until social networking sites yield to pressure, your safety is in your own hands.
[For expert tips on Facebook's privacy settings and step-by-step instructions on how to strengthen yours, see Facebook Privacy Fix. ]
speaking of pressure, I'd suggest visiting the sites of the ACLU and the Electronic Frontier Foundation and see what they have to say about cell phones and privacy.
San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at email@example.com.
STRONG> Do you Tweet? Follow everything from CIO.com on Twitter @CIOonline.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Updated: Bill Morrow new head of NBN Co
Cloud debate now about speed and sophistication
Cloud debate now about speed and sophistication
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
Case Study: Worldwide Collaboration by Design
HOK is a global provider of architectural planning, design and delivery solutions, that operates out of 24 offices on four continents. Being a truly global organisation, HOK needs to empower its worldwide workforce in order to effectively leverage its highly skilled people, irrespective of where they may be located. In this case study, we look at the benefits the organisation saw from introducing collaboration and conferencing technologies. Click to download!
Securing Virtual Desktop Infrastructure
Today’s enterprises are rapidly adopting desktop virtualisation as a means to reduce operating costs, enable workplace flexibility, increase business agility and bolster their information security and compliance posture. Actually realising these benefits, however, depends upon ensuring the security and availability of the virtual desktop infrastructure. Find out how you can not only preserves the benefits promised by virtual desktops, but how it can maximise them. Click to download!
Optimize Your Campaign Testing
Looking for guidance on how to properly conduct tests prior to launching any email campaign? This whitepaper discusses important areas for campaign managers to test; the best approaches to managing the testing process, seven key pitfalls to avoid, and specific testing best practice for marketers. The sooner you define and implement your testing program, the sooner you will be positioned to send meaningful communications to your customers through the channels they prefer. The more you test, the more you learn and the more you sell.