Location, location: who’s watching you (and why)?

Where we are says a lot about who we are. tulja/Flickr
PRIVACY – Your location is arguably more personal than your genetic profile; even identical twins can’t be in the same place at the same time. In terms of value, it’s on a par with your medical records or bank statements. Your whereabouts can reveal almost everything.

If you have a bank card or store card, an electronic toll tag or a public transit smartcard, you are already sharing your location with the companies behind those services.

Over and above this, a suite of smartphone apps can now help you with everything relating to “where”: where to find nearby restaurants or ATMs; where to meet up with a new date or old flame; where to catch the next bus.

Technology of this kind leads to three types of risk:

1) Personal safety. To raise awareness of location privacy issues, the site Please Rob Me last year filtered public Twitter and Foursquare feeds to identify empty homes (made obvious by the fact users of those services had “checked-in” at a non-home location).

Stalkers, of course, would find these details equally useful. A 2009 Wired article illustrated the dangers. It showed how easily a journalist was able to discover a woman’s home address, simply by observing her taking a photo (automatically geotagged by her iPhone and subsequently uploaded to Flickr).

2) Consumer profiling. Your location is attractive to unscrupulous businesses, in particular for the purposes of location-based “spam”.

One recent Wall Street Journal survey found more than 50% of the top 50 iPhone apps, and 40% of the top 50 Android apps, shared the user’s location with a third party, often without seeking permission – even apps that have no ostensible connection to location (such as in the popular game Paper Toss).

3) Inference attacks. Information about your location can be used to make a range of intrusive inferences about you.

By linking sequences of locations, a hostile agent could deftly piece together your political views, sexuality, religion, state of health, and deduce information about your friends, family and lovers.

The law

In Europe and Australia, existing data privacy laws cover location information, at least in theory.

While this might mean recompense if your location information is misused (and you’re lucky enough to find out about it), it cannot actively prevent inadvertent, malicious, or secretive intrusions into your location privacy.

Protection

The easiest way to protect yourself is simply to avoid sharing your location, for example by disabling your smartphone’s location services.

Sadly, this would mean forgoing the growing benefits we derive as consumers from location-awareness technology, so for many of us (myself included) is not a serious option. Which leads us to:

Cloaking

One increasingly-used technique is to reduce the level of detail (precision) in the location information you share, a process known as “obfuscation” or “cloaking.”

Some tools, such as those in Google Latitude, already offer different levels of detail to users, from precise coordinates, to city block, city, or state.

In the near future, more sophisticated tools that will make it easier to adapt the level of spatial detail we reveal.

Mixing it up

You could reveal your location less frequently. Where applications such as Gowalla or Foursquare involve actively “checking-in” to locations, doing so only occasionally can help protect you against intrusive inference attacks.

Actively lying about your location from time to time (again a built-in feature of some applications, such as Google Latitude) can also make inference attacks harder to effect.

Wherever possible, avoiding making your location information public, and restricting access to your location to family and close friends, also helps.

Be on guard

Remember: as you read this, some very smart people are busily thinking up new apps to encourage you voluntarily to reveal your location.

Beware of those who can gain more from knowing your location than you can from revealing it.