You Are Here: Scary New Location Privacy Risks

The danger isn't theoretical

Location-based services on a mobile phone are terrifically helpful when you need to find a nearby business or directions to the freeway. They're also terrifically helpful to advertisers, government agencies and even stalkers who can use them to track your every move.

[Google now faces a multiple-state privacy investigation regarding its Street View data collection effort. For more on the privacy brouhaha, see this backgrounder and timeline. ]

"If you are publishing your location to the world, anyone, including a stalker or a thief or the government or an advertiser or anyone else, can go and look at that information, and hence, the threat," says Kenneth Bankston, an attorney with the Electronic Frontier Foundation.

The danger isn't just theoretical. At the SchmooCon security conference in Washington D.C. last winter, a hacker demonstrated an application that tricks a user into clicking on a poisoned link and then surreptitiously downloads a spyware program that tracks the smartphone's exact location. The results are displayed as an overlay on a Google map on the hacker's Web site, says Mike Greide, a security researcher at Zscalar who witnessed the demo.

That code, he says, has since been made public and is now on the Web for anyone to use. With a little effort, it could be adapted to work on iPhones or Android-based devices, Greide told me.

Less overtly threatening, but still invasive, are privacy holes created when social networking sites share information with third parties such as advertising and analytics companies. "I may not intend it, but once I check in with a mobile social networking site it's quite possible that the whole world will then know where I'm at," says Craig Wills, a professor of computer science at the Worcester Polytechnic Institute, who has studied the issue of "privacy leakage" from social networking sites. (More about Prof. Wills's work in a bit.)

What Your Phone Says About Your Locale

And don't think that your basic cell phone, which doesn't have a GPS function, won't give you away. It will, since it's always in touch with cell phone towers, whose location can give away yours via triangulation. And once again, the threat is not theoretical.

Last year, the FBI obtained secret permission (but didn't actually get a warrant) to monitor the location of 180 cell phones in the course of an investigation into a bank robbery, according to a court filing by the American Civil Liberties Union and the Electronic Frontier Foundation. The difference between the order obtained by the FBI and a warrant isn't just a technicality. Obtaining a warrant requires a much higher standard of proof that a crime has been committed or will be in the near future.

The government's contention that warrants aren't needed to monitor the location of cell phone users disturbs me, and it apparently disturbed U.S. Circuit Judge Dolores Sloviter who said this during a court hearing in Philadelphia: "You know there are governments in the world that would like to know where some of their people are or have been. Can the government assure us that it will never try to find out these things?" she asked.

Social Networking Your Privacy Away

By now, most of us know that the privacy settings on sites like Facebook can be difficult to use, and it doesn't take much of a mistake to widely disseminate information we meant only for our close friends. What's more, many social networking sites transmit personal information to third parties, particularly advertisers, unless a user has opted out.

Being subjected to ads keyed to your browsing habits can be intrusive, but the potential for harm isn't great. But when that personal information includes your current location, or addresses you've visited in the recent past, the issue becomes more serious.

Wills, the Worcester Polytechnic researcher, looked at 13 mobile online social networks, including popular services like Brightkite, Buzzd, Flickr, Foursquare, Gowalla, Loopt, Radar, and Urbanspoon and seven older social networking services such as Facebook, LinkedIn and Twitter.

Wills and his colleague, AT&T Labs researcher Balachander Krishnamurthy, tested the sites using a "sniffer" that allowed them to see all network traffic to and from mobile phones they were testing. (You can read their research paper here.)

With the exception of Loopt, all 20 leaked some kind of private information to third-party tracking sites. Buzzd, for example, shared the user's location with Pinch Media, a seller of Web analytics services and tools, without overt permission or disclosure, the researchers found.

Foursquare passes the user's latitude and longitude to the Google map service to show his or her current location. That's what you'd expect, of course, but Wills found that the geographic data is also shared with a dozen or so other sites.

How to Keep the Snoops at Bay

It shouldn't be news to you, but I'll repeat it anyway: The most common way to get in trouble on the Web is by clicking on a link or attachment from someone you don't know.

That's been true on the desktop for some time, and now it's true on the mobile Web. The hackers who use the spyware shown at SchmooCon can't mess with your phone if you don't take the bait.

Staying out of the clutches of advertisers or shadier types who want to know where you are via your social networking habits is a bit harder. You absolutely have to spend time figuring out Facebook privacy settings and using them correctly. I think it's ridiculous for that burden to fall on the user, but until social networking sites yield to pressure, your safety is in your own hands.

[For expert tips on Facebook's privacy settings and step-by-step instructions on how to strengthen yours, see Facebook Privacy Fix. ]

speaking of pressure, I'd suggest visiting the sites of the ACLU and the Electronic Frontier Foundation and see what they have to say about cell phones and privacy.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at bill.snyder@sbcglobal.net.

STRONG> Do you Tweet? Follow everything from CIO.com on Twitter @CIOonline.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags social mediaprivacysmartphonesinternetFacebooktwittersocial networkingPhonesconsumer electronicsMobile handsets

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bill Snyder

CIO (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?