Posts Tagged: privacy

JournalComments Off
9
Feb 10

The Location Battle Between You and Your Phone

Whenever I talk about the privacy implications inherent in sharing your location with an app or service, I keep coming back to the idea that it’s essential to be your own source of truth for your location. This is a slightly verbose way of saying that you need to be able to lie about your location or that you need to be able to say “no, I really am here” despite what other location contexts such as GPS, cell tower triangulation or public wifi MAC address triangulation may have to say on the matter.

Of course, it’s never quite as straightforward as that and here’s why. The two location based mobile services that are getting a lot of coverage at the moment are FourSquare and Gowalla. They both rely on their users checking into a location by saying “here I am” and as a neat side effect they’re generating a geo-tagged set of local business and POI listings, thus verifying and adhering to my Theory of Stuff. But more about that in my next post, for now let’s concentrate on their user’s location.

Much has been made of FourSquare’s approach to checking in; you’re presented with a list of places nearby, generated according to your A-GPS location, for you to check into. But you can also search for places and check into them as well. Some commentators view this as a failing in their model, allowing for someone to check in to a location and maintain their Mayor status, from their comfort of their own sofa. Now granted if you wish to game FourSquare this will allow you to do so, but it also allows you to be your own source of truth. I’ve lost count of the number of times I’ve stood in the middle of the concourse in London’s Waterloo Station and Waterloo has not been amongst the choices of place that FourSquare presents me to check into, yet I’ve been able to do so by searching for the place and then forcing FourSquare to accept that “yes, I really am here“.

Gowalla takes a different approach and relies entirely on the accuracy of the A-GPS system on my phone. If your phone doesn’t agree with you on the matter of location then you can’t check in, as the screen capture below shows.

I’m currently in California visiting the Yahoo! mothership; at the time when I took this screenshot I was seated in Yahoo! Building E, which already exists as a spot in Gowalla. My iPhone disagreed with me and insistent I was some 120 meters away in the middle of the Lockheed Martin parking lot on nearby Moffett Field and as a result it just wouldn’t let me check in. FourSquare, also taking its cue from the A-GPS on my iPhone had the same problem but was quite happy to let me override this and check in to its version of the Yahoo! Building E place.

So which approach provides the best user experience? I’d strongly argue that the Gowalla approach frustrates users by effectively saying I know better than you, whilst FourSquare’s approach, whilst able to be gamed and abused, allows the user to insist that they do know best in these circumstances. Only time will tell which approach will succeed, but being your own source of  truth continues to be of major significance when sharing your location with the world at large.

Written at the Sheraton Hotel, Sunnyvale, California (37.37159, -122.03824) and posted from the Yahoo! campus, Sunnyvale, California (51.5143913, -0.1287317)

Posted via email from Gary’s Posterous

Journal3 Comments
6
Feb 10

It’s Time to Stop LAMB (Location Based SPAM) Before It Even Exists

We all suffer from SPAM, the unwanted and unsolicited commercial bulk emails that are the reason we have Junk Mail filters and folders in our email clients and servers. A quick glance at the Junk folder for my personal email account shows over 300 of these since the beginning of February alone.

If you use some form of instant messenger, be it MSN, Yahoo!, ICQ, AOL or any of the others on the market, you’ve probably come across SPIM, Instant Messaging SPAM. Then there’s also mobile phone SPAM via text messages, comment SPAM, the list goes on and on.
We’re poised to start seeing a new form of SPAM raise its ugly head. Let’s call it LAMB for now, Location Based Advertising SPAM.
If you build your application with features based on a user’s location, make sure these features provide beneficial information. If your app uses location-based information primarily to enable mobile advertisers to deliver targeted ads based on a user’s location, your app will be returned to you by the App Store Review Team for modification before it can be posted to the App Store.
This is a good first step in locking down potential abuses of a technology before it has a chance to get out of control. The reason we have SPAM and all the other variants in the first place is that the underlying technologies were designed in an open manner with no control mechanisms in place to thwart unsolicited and unwanted messages and content. But we need to go further than this.

The first time you use a location aware app on an iPhone, it asks your permission in nice, unthreatening language; it “would like to use your current location“. What this actually means is that it wants to use, and continue to use, your precise location to the finest level of granularity that the A-GPS system on the phone is able to deliver at the time it’s being requested.
There’s no way of halting this process temporarily, of being your own source of truth for your location (AKA lying about your location) or of controlling this on a per application basis. You can only reset asking this permission for all apps and for the entire phone via the Settings app. Although some well behaved apps such as TweetDeck do allow you to disable use of location information altogether as as well as on a per Tweet basis.

What we really need is to see is a way to set location granularity, including no location information at all, on a per app basis in much the same way as Fire Eagle currently does. And for all apps on all location aware platforms, not just Apple’s and the iPhone’s.

Some may argue that requiring such a degree of choice and intervention by the user may raise the barrier to entry to such a degree that an app doesn’t reach such a large audience. It’s a valid argument but as part of the location industry, I believe that we need to find the middle ground between irking the user once per app and letting LAMB loose on the world which has the possibility of irking the user multiple times per hour.
Written and posted from home (51.427051, -0.333344)

Posted via email from Gary’s Posterous

JournalComments Off
18
Jan 10

Footprints (Of the Digital Variety)

One of the things I write about a lot on this blog are the areas of location and online, or digital, identity and how these two areas overlap and sometimes conflict.

I write about this stuff not only because I’m lucky enough to work in both of these areas but I also find them fascinating, compelling and nowhere is this more evident in how individuals and organisations views this arena.

Companies, if they’re foresighted enough, are making major plays in the location field, fuelled by the proliferation of location aware devices (cameras, phones, netbooks and the like) and by the convergence of these devices (I use an iPhone … is it a phone, a camera, a GPS unit, an internet terminal, a computer or some combination of them all?). There’s much value to a company in knowing your customer’s location and how it changes over time. Indeed it’s a truism that it’s much less about where you are now and much more about where you’ve been.

Individuals, if they’re informed enough, know about the plays the companies are making in the location field and  should know how to determine the value proposition that is offered when they give up their location.

There’s a lot of online coverage, some of it shrill and hysterical, some of it downright amusing and some of it in between these two extremes.

But despite the extensive online coverage of this area it’s still a truth that the printed word sometimes carries greater weight than the online equivalent. There’s still something very visceral and real about holding a book in your hand, flipping back and forth through the pages and taking in what message the book is trying to deliver.

Last year, I was fortunate enough to be asked to be a contributor to a book on identity, privacy, trust and the direction of the Web by Tony Fish. My Digital Footprint, explores where next for the net, for the associated business models, who owns your data and how value and wealth will be created. 

The book is about the digital data created from your interactions with electronic devices, such as mobile phones, web PCs and TVs. This data has significant value, when analysed and fed-back, to create services with colour, focus and relevancy for you as a user, as well as to brands, who want to own your whole digital life experience.

Digital footprint data is valuable and is the reason why the ownership of this data class is the Web’s next battleground. The two central ideas which underpin value in My Digital Footprint are: the real-time feedback loop and the role of the mobile device in enriching the value of the data. The ability to get data out of or off a mobile device lends itself to the unique advantage a mobile device has. The book explores how the mobile device once prevailed for the consumption of content and has evolved to enable the capturing of data on what and how we consume and with whom. 

Just like Marmite, some people like the idea of digital footprints and some do not, but, irrespective of personal preference, we all leave digital footprints behind us and they are about much more than just identity. Digital footprints are about where we have been, for how long, how often; with whom and the inter-relationships we formed in getting there. Digital footprints are memories and moments and not your personal identity, your passport, bank account or social security number.

Read this book, either for free online or grab a copy from Amazon and not because I contributed but because if you use the net today, you really need to know about how companies want your location information and about how you can make an informed decision about how to manage and control this.

Photo credit: Paraflyer on Flickr

Written and posted from home (51.4324279, -0.3479403)

Posted via email from Gary’s Posterous

Journal1 Comment
19
Nov 09

Location Privacy Issue? I See No Location Privacy Issue

Telematics, the use of GPS and mobile technology within the automotive business, and the Web 2.0, neo and paleo aspects of location have traditionally carved parallel paths, always looking at if they would converge but somehow never quite making enough contact to cross over.

But not any more.

The combination of 3G mobile communications and GPS enabled smart-phones such as the iPhone and the BlackBerry means that one way or another, the Internet and the Web are coming into the car, either in your pocket or into the car itself.

With this in mind, last week I was at the Telematics Munich 2009 conference, which was coincidentally in Munich, giving a talk on some of the challenges we face with location and how the world of telematics can benefit by starting to look at location technologies on the Web.

One of the sessions I sat in on prior to my talk was on the eCall initiative. This is a pan European project to help motorists involved in a collision. A combination of onboard sensors, a GPS unit and a cellular unit detect when an accident has occured and sends this information to the local emergency services. The idea is that in circumstances where a vehicle’s occupants are unable to call for help, the car can do it for them.

So far, so public spirited and well meaning. But several things immediately stood out.

Firstly, while pitched as a pan European initiative, each member state has an opt out and naturally not all states have signed up to the initiative, including the United Kingdom.

Secondly, eCall is designed to be a secure black box system, but all the talk in Munich was of “monetize eCall offerings by integrating contactless card transactions like road-tolling, eco-tax and easy parking payment” or “how to geo-locate data messages to offer ubiquitous solutions“. In other words, adding value added services on top of a system which is actively able to track you at all times and which you, as the vehicle owner, has limited access to or control over.

But what really stood out was that there was not a single mention of location tracking and of the privacy aspects that this carries with it. Not a single mention. Not from the panel, not from the chair and not from the audience. Once rolled out, eCall as currently designed is pretty much mandatory in all new vehicles. Compare and contrast this with the outraged Daily Mail style diatribe that other, opt in, systems such as Yahoo’s Fire Eagle and Google’s Latitude have attracted.

The convergence of the internet, the web and telematics hasn’t yet happened but it will. It’s also evident that when this happens, the telematics industry may have a painful awakening as the impact of location technologies and the privacy issues they carry pervade into an industry which hasn’t needed to deal with this historically.

Posted via email from Gary’s Posterous

Journal2 Comments
10
Oct 09

Loosing My Flickr Innocence

We all produce lots of online content these days; photos, videos, blogs, microblogs, status updates, Tweets, that sort of thing. Most of the pictures I produce go up on my Flickr account and there’s a lot of photos, almost 3.5 thousand at the last count. Most of these almost 3.5 thousand photos are of my family, my wife, my children and last year I changed my default upload model from “anyone can see this” to “only friends and family can see this” and I went back and changed permissions on those photos I’d uploaded. On all of them. Or so I thought.

I’m writing this in my hotel room in New York, where I’ve been taking part in Yahoo’s Open Hack NYC event and I’ve been taking a lot of photos which I’ve been posting to Flickr. Some people seem to like these photos and favourite them; each time this happens I get a nice friendly mail from Flickr telling me this.

So this morning I went and looked at all the photos of mine that had been added as a favourite and I didn’t like what I found. There was a photo taken last year while on holiday; a photo of one of my children, a photo which I thought was “friends and family only“. I didn’t recognise the Flickr account name of the person who liked this shot so much, so I took a look at their profile. One of the things in your profile are the groups you belong to … I belong to two, both tech related. This person belonged to a lot and I had to scroll down a page to see them all. They were all of an adult nature, seeming to be centred around sharing snaps of other peoples spouses; you know the sort of thing.

This was creepy. Very creepy.

So I blocked the user and went through all of my photos to ensure that nothing else was inadvertantly exposed to public view that I didn’t want and luckily nothing was. I checked the Flickr Community Guidelines and one of them seemed to fit the situation really well.

So if you previously used to watch my Flickr account for photos, you’ll be a little disappointed as they’ve vanished from public view. I’m sorry about that. If I know you and you’d like to see them, just add me as a Flickr contact. If you don’t have a Flickr account and don’t want one, then please drop me a mail and I’ll send you a guest pass link to use. I probably shouldn’t be shocked or surprised by this but I am and today it feels just a bit like my Flickr innocence was lost. I’ll get over it and be a little bit older, a little bit wiser and just a little bit more careful in the future. 

Posted via email from Gary’s Posterous

JournalComments Off
24
Sep 09

Location and Privacy – Where Do We Care?

As part of this year’s AGI GeoCommunity ‘09 conference, I took part in the Privacy: Where Do We Care? panel on location and the implications for privacy with Terry Jones, Audrey Mandela and Ian Broadbent, chaired and overseen by conference chair Steven Feldman.

Our location is probably the single most valuable facet of our online identity, although where I currently am, whilst interesting, is far less valuable and  personal than where I’ve been. Where I’ve been, if stored, monitored and analysed, provides a level of insight into my real world activities that transcends the other forms of insight and targeting that are directed at my online activities, such as behavioural and demographic analysis.

Where I’ve been, my location stream if you will, is a convergence of online and real world identity and should not be revealed, ignored or given away without thought and without consent.

In the real world we unconsciously provide differing levels of granularity in our social engagements when we answer the seemingly trivial question “where have you been?“. To our family and close friends we may give a detailed reply … “I was out with colleagues from work at Browns on St. Martin’s Lane, London“, to other friends and colleagues we may give a more circumspect reply … “I was out in the Covent Garden area” and to acquaintances, a more generalised reply … “I was in Central London” or even “mind your own business

As with the real world, so we should choose to reveal our location to applications and to companies online with differing levels of granularity, including the ability to be our own source of truth and to conceal ourselves entirely, in other words, to lie about where I am. 

Where I am in the real world should be revealed to the online world only on an opt-in basis, carefully considered and with an eye on the value proposition that is being given to me on the basis of revealing my location to a third party. My location is mine and mine alone and I should never have to opt out of revealing where am I and where I’ve been.

Posted via email from Gary’s Posterous

ArticlesComments Off
10
Aug 09

Harvesting Your Digital Dandruff, Crumbs and Footprints for Fun and Profit

“I’m just a face in the crowd,
Nothing to worry about,
Not even tryin’ to stand out,
And I have nothing to say,
It’s all been taken away,
I just behave and obey”

Trent Reznor, Nine Inch Nails, Getting Smaller

Ten years ago our online identity, if we had one at all, was a simple affair to manage, comprising of an email address and perhaps an avatar name or two. Fast forward to the close of the first decade of the 21st century and it’s an altogether more complex affair. You’ve probably got several email addresses, possibly some domain names and then there’s the plethora of social networking sites that you frequent, Twitter, Facebook, LinkedIn, Bebo, MySpace and so on. All of which define the online version of “you” in much the same way as your passport, driving licence and bank account defines the offline “you”.

The key difference is that the online version of “you” is much more subtle, complex and diffuse. We leave scraps of our path through the internet behind us. At the Being Digital conference in London earlier this year, I tried to explain this with the clumsy phrase “digital dandruff”; in the soon to be published book, “My Digital Footprint”, Tony Fish far more elegiacally describes it as our digital footprint, which is “the digital ‘cookie crumbs‘ that we all leave when we use the some form of digital service, application, appliance, object or device, or in some cases as we pass through or by”.

Managing our digital identity through those sources we know about is a challenge for a significant percentage of the online population. But despite being a challenge, it’s one which is achieveable if you’re willing to put enough time and effort into it. But most of us don’t have the time or are unwilling to put in the effort, so our digital cookie crumbs and the varying online versions of “us” stay online, ready for someone with the time and effort to search for, find and put together with profit in mind.

Some people take an active role in managing their digital footprint and try to exploit it. Some people also try to exploit other people’s digital footprint. Let’s look at a concrete example of this.

Not Your Average Star Trek Reference

garygale.com Screen Grab

My site at garygale.com pulls together a subset of my digital footprint into one place, drawing on my blog, my social bookmarks on Delicious, articles I’ve written, photos from Flickr and presentation decks from talks I’ve given. Inspired by an article written by the Yahoo! Developer Network’s Christian Heilman, garygale.com uses PHP and YQL to dynamically pull in the latest version of all my content so my site is always up to date

Spock.com Screen Grab

Now compare and contrast this information with that available on Spock.com, “the first search engine for finding people on the web”. It’s not as complete as my version, nor formatted as coherently but the key facets of my digital footprint are there. If I wanted to I could add to this digital portrait, supplying tags, biographic information, pictures, quotes and so on.

Spock has crawled the web for my data and it’s created a profile on me, without my permission and without my control. It encourages me to enrich the data held but then requires payment for me to access that information. Now would be a good time to point out that in April 2009, Spock was acquired by Intelius, a company that provides background checks and identity theft protection.

Those that Fail to Learn from History, are Doomed to Repeat It?

Can I stop Spock finding and presenting this information about me, without my request or, more importantly, without my control? Spock’s help page says the following:

“Before requesting removal, please make sure the original source of the information Spock found for you has been removed or made private (MySpace, blog, Friendster, etc). This will prevent you from being re-indexed on the site.”

This means that unless I contact every source that Spock crawls, and not all sources are identified on Spock’s site, and then have each source take down content on me or make them private, Spock will crawl these sources again and find my content and republish it. An evident parallel of this Web 2.0 behaviour is the Web 1.0 problem of large scale harvesting of email addresses for subsequent resale to commercial spammers.

My site speaks for me because I control the information and the way in which it’s presented; Spock’s version of me is out of my control and doesn’t speak for me.

What I do know is that neither the privacy advocates nor the aggressive marketers who want to know all about me – let alone the government that thinks my life should be an open book – can speak for me. I want to make my own decisions about what I disclose, knowing all the while that I cannot control what others say about me.

Esther Dyson

In “My Digital Footprint”, Tony Fish describes a Rainbow of Trust, which categorises people’s online activities as one of Untrusting and Stupid, Untrusting and Wise, Accepting Authority, One Way or My Way.

Untrusting and Stupid give up data without any thought as to the consequences; their online participation is passive and will click on anything, including banners and search ads.

Untrusting and Wise are the opposite of Untrusting and Stupid; they are extremely selective about the information they reveal, concerned about privacy and frequently hide their identify behind multiple digital personas.

Accepting Authority have their computer’s default home page still set, Yahoo!, MSN, AOL, etc and are either happy with a portal approach to their online experience or are unwilling or unable to change it. Their digital experience has to work first time, be simple and work with one click.

One Way experiment with one one thing at a time, continuing until they’re happy with it and then move onto another online service.

My Way want it their way, un-tethered, un-filtered and unadulterated, trusting no one until they have mastered it and push the boundaries of what’s possible online.

The readers of this article will (hopefully) fall within a combination of Untrusting and Wise and MY Way, but the reality is that we are but a small percentage of the global population who have access to the Internet, which as of March 2009, numbered around 1,500,000,000.

Two Cultures; Those Who Understand Tech and The Rest of Us

Mentoring programs such as DigitAll go some way to help inform people about their usage of the internet, not only how to use it, but how to use it responsibly and knowledgeably. At this year’s OpenTech in July at the University of London Union, technology critic Bill Thompson lamented the Two Cultures problem; people who understand technology and everyone else. As illustration of this he highlighted how the UK education syllabus places more emphasis on “the ability to format text in Microsoft Word” than on understanding how to use the net and how to identity and protect your digital identity. Until your digital dandruff, crumbs and footprint becomes an integral part of our children’s education, we all have a responsibility to understand what is being done with our personal data and pass this onto our colleagues, our friends and our family.