Posts Tagged ‘privacy’

Where You Are Isn’t That Interesting But Where You Will Be Is

Every once in a while the thorny topic of location privacy rears its ugly head, often in tandem with a new location based service or the discovery of what an existing one is really doing. There’s often cries of “Big Brother” and “company X is tracking me” as well. But lost in the rhetoric and hyperbole around this subject is a well hidden fact … your current location isn’t actually that interesting to anyone apart from yourself.

For most of the day we tend to be on the move so even if a service does know your location that fact becomes irrelevant almost immediately. Intrusive location based advertising is normally held up for inspection here but without context a location is just a set of longitude and latitude coordinates, coordinates that are out of date and no longer relevant almost as soon as they’ve been detected.

Maybe a location based service I use does want to target me with location based ads, but for example, if I’m on my irregular commute from the suburbs to the centre of London on a train, I challenge anyone to find an ad, intrusive or not, that would be contextually relevant to me in sufficient detail that would warrant an advertiser paying out the not insignificant sums that such ad campaigns cost. Unless maybe, just maybe, it’s an ad that offers me a viable alternative to SouthWestTrain’s execrable and expensive train service, but that’s just in the realms of fantasy.

You are here.

Now it’s true that if you gather enough data points you can start to infer some meaning from the resultant data set. You can probably determine the rough area where someone works and where they live based on their location at certain times of the day. But in today’s connected world of the interwebs, with their social networks and uploaded photographs, that level of locational granularity can be inferred fairly easily without the need to explicitly track the location of an individual.

All of the above can be summed up as something like …

Where you are right now isn’t that interesting. Where you were is slightly more interesting. Where you will be is very interesting.

I’m sure I’ve said words to this effect before in a talk at a conference but try as I might I can’t find a reference to back up this assertion.

What’s even more interesting is that a recent research study at the UK’s University of Birmingham took 200 volunteers who agreed to have their phones track them, added in the locations of their friends in their social graphs and produced an algorithm that was able to predict where a participant would be in 24 hours time, sometimes with accuracies of less than 20 meters and with an average accuracy of around 1000 meters. The full research paper makes for fascinating reading and shows that the real key to location technologies may not be where you currently are but may be much more about our predicability and daily routines for ourselves and our friends.

Now that’s interesting.

Photo Credits: misspixels on Flickr.
Written and posted from home (51.427051, -0.333344)

If You Live In The UK, You Need To Know About The Communications Data Bill

On Thursday June 14th. 2012, Theresa May, the UK Secretary Of State published the draft Communications Data Bill. If you’ve been reading or watching the UK media you might well be aware of this. The bill is hugely controversial, not least because it requires all UK internet service providers to track and store for 12 months the details of every email sent within the UK, every website visited from within the UK and every use of a mobile phone within the UK. This is a huge undertaking and will gather an equally huge amount of data. It’s also a costly undertaking, one that is ill conceived and impractical, one that is a massive invasion of our personal privacy and right to communicate with each other and one that is fundamentally undemocratic.

It’s costly because the estimated price tag is £1.8bn over 10 years, a price tag that the country cannot afford given the current economic climate and the austerity measures which are being applied across all aspects of the United Kingdom. The estimated price tag is also just that, an estimate and the UK Home Office has already stated that the final figure is likely to be much higher.

It’s ill conceived and impractical because the data collection and monitoring will be bypassed by those that the bill seeks to target; the terrorist, the paedophile and the organised criminal. As Conservative MP David Davis said recently

“The only people who will avoid this, avoid being covered by this, are the actual criminals because they are always around this. You use a pre-paid phone, you use an internet cafe to hack into somebody’s wi-fi. You use what is (sic) called proxy servers, and those are just the easy ways. There are harder ways too and you know, actually, the 7/7 bombers went round it. Organised criminals go round it. Organised pedophile rings go round it. What this will catch is the innocent and the incompetent”

It’s an invasion of privacy because the much maligned Human Rights act dictates that our right to a private life must be respected by the Government. Though Theresa May has been clear to point out that what will be recorded and monitored is the end points of our communications, email address, phone numbers, web URLs, not the content of those communications, you can build up an incredibly accurate picture of an individual’s life, activities and movements without the need to see the content of communications. It’s also an invasion of privacy because examination of this data would be able to be undertaken without the need for a warrant and thus for fair and impartial scrutiny.

It’s undemocratic because already Theresa May has branded anyone who criticises this bill as a “conspiracy theorist“, using the justification of “if you have nothing to hide you have nothing to fear“. This criticism is not only offensive to those who would hold our government to scrutiny, but it flies in the face of existing evidence of leaks and abuse of personal data that the government and its agencies already hold on us. It also is a direct reversal of the coalition government’s pre-election stance, when David Cameron, now the UK Prime Minister said “If we want to stop the state controlling us, we must confront this surveillance state”.

I’m not alone in thinking this. The UK’s Guardian calls it an online snooping scheme, InfoSecurity notes that the bill is more intrusive than anything anywhere outside of China. Big Brother Watch says “we are all suspects now” and Big Brother Watch and Liberty comments that it won’t matter if you have never got so much as a speeding fine, personal information about you will be stored just in case it may prove useful one day.

What you can do and what you should do is protest against this bill. Let your MP know that you’re deeply concerned about this bill. Sign the 38 Degrees online petition against the bill. I don’t consider myself politically active but I’ve done just this because I value my freedoms and my privacy. I think you should too. You can also draw attention to this through your website as I’ve done here on my blog and I’ve knocked up a quick and dirty WordPress plugin to do just that.

Written and posted from home (51.427051, -0.333344)

Now The Metropolitan Police Want Your Phone’s Data

As a relatively prolific user of social networks and social media I generate a fair amount of data. Whilst I’m wary of what the social networks do with the data I generate, I appreciate that there’s no such thing as a free lunch and the data I generate contributes towards the revenue that keeps these services alive. There’s an uneasy tension that exists between big data and my data. I applaud services which allow me to retain or get back the data I put into them; Facebook, I’m looking at you here. I frown in a disapproving manner at services that make it challenging to get my data back without recourse to some coding; Foursquare and Flickr, I’m looking at you here. I’m quietly furious, yet continue to use services which are valuable to me but make it downright impossible to get my data back; Twitter, I’m fixing you with my steely gaze here.

This is all data that I willingly generate and contribute. But I’m increasingly wary about data which is not willingly generated or contributed. The data that private corporations hold on me, such as credit ratings agencies and more and more, the data that my government and their agencies hold on me, that I either haven’t willingly consented to or that is generated or aggregated without my knowledge.

It now seems that I need to add the police force of the city in which I live to the growing list of government agencies I’m wary of. As the BBC reports

The Metropolitan Police has implemented a system to extract mobile phone data from suspects held in custody.

The data includes call history, texts and contacts, and the BBC has learned that it will be retained regardless of whether any charges are brought.

What? Seriously? Really?

I can accept that if a crime has been committed, there’s a strong argument for getting access to data on a mobile phone, if it’s done with the correct authorisation and if it’s needed in order to achieve a conviction. But keeping the data, regardless of whether charges are brought or not has to be a breach of privacy. That breach isn’t just of the individual concerned, but of all the contact information for individuals that are on a phone and for the company who employs the suspect, who now has their privacy breached. Whilst history of calls, texts and contacts are mentioned, I fully expect the information obtained to cover email, work and personal email, as well, which would be even more cause for concern for companies in this country.

I’m sure the standard nothing to hide, nothing to fear adage will be rolled out to mollify concerns over this and we’ll be told that we can trust our police force with this information that they hold. After all, our police officers would never illegally access information that they hold, just like our civil servants would never snoop on the private health and financial information that the government holdswould they?

Photo Credits: Steven Guzzardi on Flickr.
Written and posted from the British Airways First Lounge at London Heathrow Terminal 5 (51.4702, -0.4882)

Will The New Delicious Still Be … Delicious?

Delicious is dead! Long live Delicious. Like a lot of Delicious users, I recently received a mail urging me to authorise the transfer of my Delicious account and bookmarks to the new service once ownership transfers from Yahoo! to AVOS.

The reception to the news of Delicious’s new owners has been … varied. Marshall Kirkpatrick has written a post in favour of the transfer, but Violet Blue is not so sure. If you do a little bit of digging, you’ll see that the new Delicious has the potential to be far more restrictive on what you can, and what you can’t bookmark, especially where potentially offensive content is linked to. Offensive is a horribly vague and subjective term; one which means many different things to many different people.


At the heart of the issue is the difference in wording between the old Delicious terms

The linked websites’ content, business practices and privacy policies are not under the control of Delicious, and Delicious is not responsible for the content of any linked website or any link contained in a linked website. (…) In accessing Delicious or following links to third-party websites you may be exposed to content that you consider offensive or inappropriate. You agree that your only recourse is to stop using Delicious.

… and the new ones

You agree not to do any of the following: post, upload, publish, submit or transmit any Content that: (…) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (iii) is fraudulent, false, misleading or deceptive; (iv) is defamatory, obscene, pornographic, vulgar or offensive (…)

If a complaint is made and if the new terms are upheld, you run the risk of having all your bookmarks removed, without recourse and without warning. Admittedly that’s a lot of ifs.

A cursory trawl through my Delicious bookmarks doesn’t seem to have anything obscene or pornographic, but there’s a lot of linked content which is fictitious and could possibly be deemed misleading or deceptive. As the saying goes, you can please some people, some of the time, not all people, all of the time. When you have terms of service which are vague and ambiguous, you can rest assured that someone will exercise their right to be offended. For now, I’ve authorised my old Delicious account to be transferred to the new service, but I’ve also taken a backup, just to be on the safe side.

What’s also unclear is whether the Delicious API and RSS feeds will remain; one of my web sites relies on these to dynamically update the site’s content.

While Delicious lives on, whether I’ll continue to be a user of the service or migrate to my own, self hosted solution, as I’ve already done with my URL shortener, remains to be seen.

Photo Credits: Shaneblog on Flickr.
Written and posted from Theresa Avenue, Campbell, California (37.2654, -121.9643)

Location’s “Ick Factor”; First iOS And Now Android

Two days ago I wrote about the “discovery” of a cache file on iOS devices that stores the position of cell towers and the associated media coverage surrounding this. Note that I use “discovery” in inverted commas here. As Sally Applin pointed out in a comment on my previous post, this “discovery” is not new and a paper on this by Alex Levinson, Bill Stackpole and Daryl Johnson was published in January 2011 as part of the Hawaii International Conference on System Sciences. Maybe sometimes researchers don’t read other, existing, research on a subject before publishing.

No matter where you go, there you are. - Buckaroo Bonzai

I’m not the only one to question the media coverage and the conclusions the media presents. Longtime Apple commentator and author Andy Ihnatko neatly sums the entire topic up thus

A few reality checks, lest I inadvertently do a Glenn Beck number on all of you, here:

  • This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
  • A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
  • It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it. And while the logfile can’t tell someone that you were at a specific house, it can obviously tell your boss that you went to the Cape on the day you called in sick.

And it’s not as though Apple and these two developers are the only people who know that this file exists and that it’s so easy to access. By the time the Good Guys blow the whistle, the Bad Guys have had it for months. Lord only knows what they’ve been doing with this information.

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

Another well known Apple commentator, John Gruber also comments that

The big question, of course, is why Apple is storing this information. I don’t have a definitive answer, but the best at least somewhat-informed theory I’ve heard is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.

In my previous post I wrote that “caching is a common technique used to speed up network systems and it’s not surprising, at least to me, that iOS is using caching techniques” and it turns out that iOS is not alone and that, unsurprisingly, Google’s Android is doing pretty much the same thing, caching cell tower and wifi location information, again presumably for the purposes of speeding up the location systems on Android mobile devices. The one difference between the iOS and Android approach is that Android overwrites the cache data when the cache file fills up whereas iOS doesn’t. Rather than a dark location tracking conspiracy this looks more like a bug or an oversight on the part of iOS and as John Gruber notes, this will probably be fixed in an upcoming release of Apple’s mobile operating system. I would also hope that the visibility of this cache data on Android will also be secured too, and soon.

Taking a step back for a moment, caching of any information to reduce the need to make time costly network calls seems to be mobile’s Kobayashi Maru … you’re damned if you do and damned if you don’t. If you do cache information which is perceived, rightly or wrongly, to be sensitive then media outrage will result. If you don’t cache such information, then a mobile device will be reliant on network access every time the un-cached information is needed and that mobile device will be perceived as being “too slow“.

Probably the only way to prevent a recurrence of this sort of media event is for more transparency on how such information is being stored and used and, as John Abbott pointed out on my previous post, the provision of a setting which says “Switch this setting on for a super-quick location fix, we’ll keep your location private“.


As is so often the case, this is much less about the technical side of the issue and much more about what Ihnatko calls the “Ick Factor” … about how the public, led by the media, sees things.

Photo Credits: Stefan Andrej Shambora and Trevin Chow on Flickr.
Written and posted from home (51.427051, -0.333344)

Another Category Of Place You Really Don’t Want To Check In To

There are some places you really don’t want to check into using one of the many location based social networks. There’s a variety of suggestions of this nature on the web including funeral homes, an ex-partner’s house, jail or the same bar (every night). It now seems you can add military bases (when you’re in a war zone) to the list.

Camp Phoenix

A recent report highlighted concerns that the US Air Force has over troops using location based apps, with the Air Force posting a warning on an internal web site on the matter.

“All Airmen must understand the implications of using location-based services,” said a message on the internal Air Force network.
The features, such as Facebook’s ‘Check-in,’ Foursquare, Gowalla, and Loopt “allow individuals with a smartphone to easily tell their friends their location,” it said.
“Careless use of these services by Airmen can have devastating operations security and privacy implications,” said the message, which was posted on November 5, according to spokesman Major Chad Steffey.

The age old adage about Military Intelligence being an oxymoron springs to mind.

Written and posted from the Nokia gate5 office in Schönhauser Allee, Berlin (52.5308072, 13.4108176)

Does Location Need Some PR Love?

In an interview with GoMo News earlier this year, I talked about “the Bay Area bubble”, this is the mind-set found in Silicon Valley “where a lot of the products and services coming out seem to think your user will always have a smartphone, and will always have a GPS lock with an excellent data connection”. But does the so called location industry live in its own version of the Bay Area Bubble? Let’s call it the “location privacy bubble” for the sake of convenience.

Last week an article entitled “Can you digital photos reveal where you live?” was posted on the Big Brother Watch blog; pop over there and read it for a moment, it’s only three paragraphs long …

… welcome back. My first thought on reading that article was “well yeah, duuh“. Followed up by the slightly more lengthy thought of “well yeah, duh … of course a geotagged photo can reveal where you live, if you’ve enabled geotagging, if you understand EXIF data, if you’ve uploaded the photo to the internet and if you’ve set the visibility of that photo to public … upload enough photos and sufficient patterns will emerge that should give a good indication of where you live“.

But I’d be willing to bet that most people’s thought on reading that article was much more along the lines of “s**t … I didn’t know that“. For those of us in the location industry, we should sit up and take note of this reaction.

I Love PR

Here on the inside of the location industry it’s relatively easy to dismiss articles such as the Big Brother Watch one. We know enough to make an informed decision on whether the location component of a service is opt in or opt out. With a bit of background research we can even find out whether a service utilises your location in stealth mode, with potentially abusive consequences, such as recent news that some free apps on the Android mobile platform are secretly sharing their location without the user’s knowledge.

With today’s ever changing technology making a level of technical sophistication available to the mass market that would have been unheard of 10 years ago, maybe it’s time for Location to engage the services of a good Public Relations agency to move the visibility and benefits of the location component of services away from the dense legalese of the EULA and away from burying the control of location deep away inside a densely nested set of configuration options.

If we don’t then the first that the majority of the general public will hear of location privacy will be when a story hits the tabloid media, such as when proof of infidelity of a celebrity due to a location based app on their phone is used in a high profile divorce proceedings. And that will be a sad day for all of the location industry.

Photo Credits: DoktorSpinn on Flickr.
Written and posted from the BA Lounge at LHR T5 51.4735445775, -0.487390325)

Facebook Places; Haven’t We Been Here Before?

A week and a half ago Facebook finally launched their Places feature to a predictable media furore over location privacy, regardless of whether it’s justified or not and, to location industry watchers at least, a strong sense of deja vu. Haven’t we been here before?

Let’s look at the key issues that seem to be getting people hot, bothered and generally up in arms.

Deja vu the first. According to Facebook, at the time of writing they have 500M users. But how many of them will actually use the service, regardless of whether they’ve updated their privacy settings?

Deja vu the second. So you decide you want to use Facebook Places? Only on an iPhone I’m afraid or from Facebook’s HTML5 mobile web site. Want an Android or Nokia app? You’re out of luck, for now. Want to use it outside the US? You’re even more out of luck, for now.

Facebook Places. The UK Version

Deja vu the third. So you decide you don’t want to use Facebook Places? It’s a location app so there’s bound to be privacy implications. Granted, Facebook have chosen to go down the opt-out route for location privacy, though you still have to physically use the service, but even the most cursory of web searches for “disable facebook places” yields loads of different takes on the same basic set of actions. Cult of Mac and ReadWriteWeb have great write ups, in non threatening, non technical language for how to ensure Facebook Places never sullies your Facebook stream.

Now take a step back, re-read the three points above and substitute, in order, Google’s Latitude, Foursquare’s, err, Foursquare and Yahoo’s Fire Eagle for Facebook Places. Granted the opt-out vs. opt-in approach to location sharing differs substantially (for Latitude, Foursquare and Fire Eagle it’s implicitly opt-in) but we’ve been here before. Many times. A new location sharing service is launched, people get worried due to media coverage and eventually the status quo is restored and everyone gets on with their lives as before, maybe with an additional bit of location richness added, maybe not. It’s worth bearing this in mind before you buy into the latest media coverage which over-uses the phrase “sparks privacy concerns“.

Update 1/9/10 – turns out I’m not the only one thinking along these lines. After I originally posted this, my daily trawl through my RSS feeds uncovered a post from Jonathan Crowe over at The Map Room blog that draws pretty much the same conclusions over Facebook Places as I do.

Written and posted from home (51.427051, -0.333344)

Latitude Inconsistitude

In the midst of yesterday’s I/O event, Google announced the launch of the long rumoured API for their Latitude location sharing platform; there’s ample coverage and commentary on ReadWriteWeb and on TechCrunch and that’s just fine because that’s not what I want to write about.

When it was launched in early 2009, Latitude was the receipt of some fairly harsh press from the informed tech media and from the uninformed traditional media and I argued for some latitude in the discussions on, err, Latitude.

Latitude kept on getting compared to Yahoo’s Fire Eagle and the main gripes seemed to be:

  1. Latitude is a consumer application built into Google Maps, not a platform
  2. Latitude doesn’t have an API
  3. Latitide’s privacy model is opt-in but all or nothing

So now Latitude has an API and everyone’s happy. Right?

Unofficial Google Latitude T-Shirt

Wrong. The previous gripes have been done away with and replaced with three more gripes.

  1. Latitude needs to run in the background and so will either drain battery life or won’t run in the background on an iPhone at all.
  2. Latitude now has granular privacy controls but these are on the back-end so Google will know your location prior to federating it to location consumers via the API.
  3. Latitude needs a Google account to use.

There’s a lot of inconsistency here.

  1. Latitude, as part of Google Maps, already runs in the background on handsets that support that. The iPhone doesn’t, yet, but that’s an iPhone OS issue not a Latitude issue. Short battery life is a feature of almost all smartphone class handsets, Latitude or not.
  2. Latitude gains granular privacy controls but they’re on the back-end so this is a bad thing. Fire Eagle has granular privacy controls and they’re on the back-end but this has never been a source of complaint.
  3. Latitude needs a Google account to use. Correction. Latitude has always needed a Google account to use, so this is a bad thing. Fire Eagle has always needed a Yahoo! Id to use, and yet this is something not seen as a contentious issue.

One of the criticisms that was levelled at Fire Eagle was lack of a definitive consumer application at launch; a not unfair criticism. Latitude’s taken the inverse approach, launching with a consumer application and then opening up an API almost a year later.

Time will tell which of these two location sharing platforms will dominate or whether they will be usurped by another unseen contender.

Photo Credits: moleitau on Flickr.
Written and posted from the Yahoo! London office (51.5141985, -0.1292006)

Facebook’s (Creepy) Bid For Your Homepage

Most browsers have a variation on the theme of a home page, which automagically loads your favourite web page when you start the browser or open a new browser window or tab.

A lot of web sites try to capitalise on this, offering earnest entreaties to “make me your home page” … “no make me your home page” … “no, choose me for your home page, I have so much personalised content”.

They’re needy and somewhat neurotic entities these web sites, it’s not like I can have all of them as my home page.

Most of them personalise their content for you, based on a registration setting or some other insight, to give you what they think is the information your looking for.

This is not creepy.

A large amount of web sites are advertising supported and serve up ads which, again, are personalised, either from a demographic, behavioural or geographic point of view (sometimes it’s just from plain old fashioned key word matching with often hilarious results).

This is still not creepy.

But then this morning Facebook told me it wants to be my home page.

We've noticed you use Facebook regularly ... That's Creepy

Like most people I’ve evolved a filtering mechanism which understands why I’m being asked and which either ignores such pleas or uses the minimal amount of effort and mouse clicks to convey the message “buzz off, you’re not going to be my homepage and don’t bug me again“. I’m politely paraphrasing here you understand.

But when Facebook offers to be my home page because, and I’m quoting here, it’s noticed I use Facebook regularly … that smacks of Big Brother and is most definitely creepy, whichever way I look at it.

Written and posted from home (51.427051, -0.333344)