Social location privacy - what is the fuss?

Source Flikr. Creative commons

The legendary "what is the fuss" series continues,  adding onto Cloud Computing and Virtualization. Social media location services are all the rage right now, Foursquare and Gowalla both being established players and the big boys like Facebook trying the me too strategy with Facebook places.
There has been discussion and to be fair a lot of FUD about privacy and security concerns about these services mainly from ill informed people on CNN, USA Today and the BBC. About time to have a considered discussion on the real risks......

Background
Source: RWW http://rww.to/9nxxAL
In case your cave does not get the Mashable RSS feed, social location services basically provide the ability to "check in" or announce that you are at a specific place. This is done using the GPS ability in your mobile endpoint. So when you are at that restaurant you love, or doing some bar hopping on a Friday night or working in that Starbucks that makes the perfect Chai soy latte where you sit happily staring at how pretty your Mac Book pro is (yeah it is for those kind of people right now) you can tell everyone you are there. The business can then reward your loyalty (and the free advertising they get to your friends) by offering discounts, vouches, special offers etc.

Services currently range from basic: i.e Facebook places where you can just check in essentially and let your friends know, to a bit more advanced: i.e. Foursquare, Gowalla where you earn badges for completing various check in activities (e.g. check in 3 times in a day for the traveller badge, or most checkins become "Mayor). And even more advanced e.g. SCVNGR which provides games, treasure hunts, walking and discovery trails etc.
Whats the issue?
Source: Connect ID: http://bit.ly/9x5KPR
The main issue is the concern with privacy. i.e. suddenly your physical location (and its history i.e. where you have been ) is in a publicly discoverable Internet feed. This has the potential for abuse e.g. typically sighted attacks included robbers realizing your are on holiday, stalking made easier e.g. sites like: http://icanstalku.com/ .

Obviously the risk of physical harm to your person and/or your property is quite a scary thought for most people, especially if you are just getting comfortable with putting info on Facebook even with very tight privacy settings, using Twitter etc. If you are in a country or area where ransom and kindnap, home invasions are common place then this is far more amplified. It is also more information on the Internet so a future girlfriend/boyfriend, boss etc could find your that your favourite restaurant has golden arches.

Benefits of using social location services?
So with all those risks why actually use these services? Well there are a few reasons currently and they will no doubt grow, the key ones being:
Source Flikr. Creative commons
  • Discounts - vouchers and "mayor" discounts from stores, i.e. basically the 21st century update to loyalty cards and hey you don't even need to carry a card and get stamps! Just visit the store
  • Convenience to share - it is easy to review and comment on the places you like - this is why I use it, rather than typing into Twitter or Facebook: I love River cafe I can just let Checkmate check me in automatically. Simples!
  • Recommendations and handy tips - you can see photos of the place, find out what is the best on the menu, avoid queues, get recommendations all of this is valuable
  • You can find friends - it is nice to be able to know that your friends are at Burough market on the same Sunday morning as you and to bump into them for coffee.
  • In game rewards - humans are collectors and competitive by nature and we are trained at a young age to respond to rewards. Therefore collecting badges, having more checkins and leading your city or friend group, winning that SCVNGR game or completing that Gowalla trail provides a sense of satisfaction and keeps you going back for more (stickiness and addiction)
Security and privacy analysis

Source Flikr. Creative commons
I have no doubt that social location services reduces your privacy and increases the risk to your person and goods. There is simply no doubt that it increases your attack surface, but you know what it is just the same as when web site cookies first started (remember all those stories about the evils of websites tracking you - who now has cookies disabled?), crossing the road (actually a pretty big risk), driving (wow a bigger risk), drinking, smoking, going on holiday, you get where I'm going with this?

There is virtually no human activity without risk. Everything you do increases your risk, everyone makes decisions virtually every hour on risk for reward, humans do it intuitively - you have a built in risk vs reward function in your brain.

So work it out: are do these services currently provide you enough reward for the additional risk?

Let me try and convince you they do and you can take some steps to increase your privacy and security.

UPDATE: Although interestingly I was just reading this article on Read Write Web
Another interesting insight the data reveals is that the current users of location-based social networking services aren't overly concerned with their privacy, it seems. A whopping 77% of the users reported that they check in the most often from their own home. Work, restaurants, the gym and events trailed with 16%, 3%, 2% and 2% respectively as other popular check-in venues.
Source: RWW http://rww.to/9nxxAL
Maybe the media is exagurating how much people are actually scared of using these services due to privacy....


Source: RWW http://rww.to/9nxxAL


Seems like: "I don't care" beats privacy concerns

Other ways of finding your location and activities

Think about social location in context. If I was a robber or stalker how could I find out your location and whether your house is empty:

      Source Flikr. Creative commons
    • White pages: There is this amazing thing called the White pages. It allows you to enter someone's name and find their home address (wah! surely we should never use that because of privacy!). Once I have your address how do I know when you are not home? How about the middle of the day on a weekday? On summer holidays time in August? When your mail is not collected or your grass not cut? Yeah but that is not mass scale. Ok about about just wardialingSUV's parked outside in tiki taki houses on a hill? (love weeds :)
    • Phone GPS - even without enabling location services your phone is already a built in tracker for you. True you technically need a warrant and/or access to the provider to get this data but it is there. If you have also enabled any other apps that use your location e.g. Google maps at least these services also know where you are and where you have been.
      Source Flikr. Creative commons
      • CCTV cameras - there are a million and one camera's these days in every major city, combined with the advances and speed in facial recognition it is not that hard to find someone. Again technically you need a warrant and/or access to these system providers but again it exists
      • IP DNS - Do you use free wireless networks or access the Internet from different providers as your roam about with your mobile or laptop. Well guess what I can use IP dns lookup to track where you are to a very close proximity. Unless you use an anonymous proxy, IP spoofing or bounce your connection across a number of proxies this is fairly accurate
      • Social engineering - OMG its like I can look up your number on the white pages pretending to be your mobile company or your bank and ask you for your postcode for verification!!! WTF?
        So what is the incremental increase in risk for using social network location services? How sensitive is your location really?


        Examination of FUD

        Lets examine the FUD that is in Kim Komando's report for USA today. Amazingly it is sighted in two blogs: Jackson Shaw and Kim Cameron. My respect for both of these guys dropped considerably.
        "....complete stranger who tracked her online..... he pulled out his phone and showed her a photo. It was a picture of Louise that he found online."
        Is this really just limited to whether you use location services? I mean you could just as easily currently post on Twitter or Facebook (and if you similarly have it publicly available), "hey I'm going to this cool restaurant called: xxxxx". Some stalker guy picks this up, googles you - whala he has your picture (because of course have that publicly available also). So yes fair enough there is greater risk if you have geotagging on your tweet which allows said stalker to pickup things like tweets near you. But the mitigations I discuss below will reduce this risk.
        "Unless you have a stalker, these services aren't particularly dangerous on their own" 
        Compare this statement to her title:
        "Location services pose huge security risks"
        FUD anyone?
        "Let's say you post a photo of your new house to a photo site. The photo is geotagged. You've linked your photo account to Facebook. And you use Foursquare or Twitter on the go; updates are sent to your Facebook account.
        One night you go to the movies. You send a tweet as you wait in line. When you get home, you discover you've been robbed. The burglar used your photo to find your address. He learned more about you on Facebook. Your tweet tipped him off to your location.
        Thanks to a movie site, he knew exactly how long the movie ran. He scoped out your house and neighbourhood on Google Street View. He devised a plan to get in and out fast and undetected."
        Wow! lets look at the steps in this attack tree:
        1. You post a geotagged photo (of course this is not just limited to your friends privacy group)
        2. You have linked your photo account to twitter
        3. You use Foursquare or twitter
        4. These accounts are also linked to Facebook
        5. You tweet while you wait in line for the movies (of course again without any limits on who can access it)
        6. Your would be robber has picked up your tweet
        7. He then thinks this person is away from their house
        8. Dam I don't know where their house is: Light bulb moment! They may have posted a geo tagged photo of their house on a photo service let me google that (because that's the immediate next thought of every robber - but this is a super smart technology savy iPhone wielding robber)
        9. Wow he thinks: I found the geotag, this is close to where I am physically
        10. Let me get my crew and gear and van together
        11. Let me get past the house locks, alarms, not alert the neighbours etc (cause I am a leet robber)
        12. Bang: just like that when she gets home her house is robbed
        13. Oh well just call the insurance company...... arnt I glad that I wasn't home and didn't get killed when my house got robbed?......
        For a lot more balanced article read Can I Stalk You?: An Intro to Location-Based Service Security http://bit.ly/ddO6pk (don't worry about the title).

        Also have a read of this: Robbers used Facebook status update to see if the user was home. Again highlights that the incremental risk is not isolated to Location based services. If you do not  protect your Tweets, Facebook status updates etc then the risk of getting your house robbed still applies.


        Mitigation's - Technical

        So what can you do to reduce your risk? Some technical measures:
        Source Flikr. Creative commons
        • Limit who you add to your social location network and choose not to make your location data publicly available or searchable. Most of the services have this option
        • Choose who you share with - in the case of Facebook choose which groups have access to your location data, disable the option to allow friends to check you into places
        • Choose not to broadcast your check-ins to Twitter, Facebook, your Blog etc. You can choose to set a password on your tweets also if you really want 
        • Setup some Google alerts on your name combined with locations to see if this information is getting out.  Check sites like istalku.com to see what information is available
        • Turn off geolocation features in services like Twitter, Flikr, iPhone etc especially if you are going to post pictures of your house, work etc and not just cool cats and Friday night escapades at the local watering hole. You can also turn off geolocation on your phone or only enable it for applications that need it (e.g. Google maps probably needs your location, HD screensaver application probably doesn't). 

        Mitigation's - Traditional
        Remember long before there was social location services there was a risk to your person and possessions. How did we ever defend ourselves... lets think about this:

        Person
        Source Flikr. Creative commons
        • Common sense - do you really need to go into that gheto? Walk home alone in a dark street at night
        • Personal protection - If you have to do one of these things take some personal protection - learn some basic self defence, pepper spray?, gun? (if you are American its your 2nd amendment right you know!), taser?
        • Stick in a crowd - nothing like safety in numbers
        • If you have to walk home at 2am through the park after announcing on Foursquare that you are sloshed and checking into your favourite club..... well there is something called the Darwin awards Google it
        Possessions
        • Strong locks for your door and if paranoid (and not afraid of fire) windows
        • Alarm system and monitoring
        • Insurance - I mean really wouldn't you really rather have your house robbed when you are not there? I know I would, just about everything I own is replaceable and insured, my most important possessions e.g. photos are backed up on Dropbox
        • Dog?
        Analysis against EU privacy principles

        I actually believe that majority of social location services comply with the key principles in privacy legislation:
        Source Flikr. Creative commons
        • Notice - you are clearly informed when data is being collected (i.e. you choose when you checkin), what is being collected (your gps location and any comments), how it will be used (to inform your friends, maintain location history, provide businesses so that they can provide you specials and cheaper products and services)
        • Choice - you can just not use these services. You can choose where and when you checkin. You know that this data will be made available to advertisers and businesses where you checkin
        • Onward transfer - as above you know that data will be made available to advertisers and businesses where you checkin
        • Security - I have not looked into this in detail but all services provide authentication and authorization. Most support transport encryption and I really hope they either encrypt the data in storage and backup or at least have strong access controls to this data. One think you can bet on a major security incident at one of these companies will = bankruptcy, so it is in their best interests to protect your data. Also it is their competitive advantage, their crown jewels, the data is what they will earn money from so if they don't protect it they are crazy. Also being new companies they will most likely have security built in from the ground up and not be shackled by legacy systems and programs i.e. Chrome vs. Microsoft Windows.
        • Data integrity - all the data collected is relevant for the purpose i.e. location, tips, pictures etc
        • Access - this is maybe something that is breached - I could not see a simple option on Foursquare and Gowalla mobile to edit or delete my checkin history. There is of course the nuclear option of closing your account
        • Enforcement - all of this is enforced technically 


        Conclusions
        Source: Connect ID http://bit.ly/bNPama
        I hope this article has at least made you think about social location services. As I said earlier if you don't like revealing anything about yourself and you are consistent in that application e.g. you have a unlisted telephone number and address and you don't carry a mobile phone, don't use Facebook or Twitter - continue on your Hermit ways and do not use social location services. Everyone else I'll see you online and checked-in.

        No comments:

        Post a Comment

        Author

        Written by