The whole privacy issue thing is really getting interesting lately. Perhaps it’s a good thing… In this article I look at sharing your location, geo-tagged media, privacy concerns, and offer a sample stalker exercise that begins with a simple foursquare checkin.
I don’t actually think anything will get resolved just because a company/app like Path stirs the pot by "accidentally" downloading users’ contact data from their iPhones, however, the added recognition from such a mix-up is going be good. People’s ideas about privacy are mixed. Many folks are concerned, others feel that the user is simply putting themselves in harms way by willfully sharing what they do, where they go, who they see, and much more. Of particular concern, and a focus of this article, is privacy with regards to location information. According to a report from ProofPoint Inc, location information was a top concern in the Top 10 privacy issues of 2011 See http://www.itbusinessedge.com/slideshows/show.aspx?c=85523 – Note, this article does not explore the topic of privacy legislation, rather, I look at the kind of information people are freely sharing and some potential issues.
Indeed users, myself included, do willfully share too much (or so it seems) but really, haven’t we all been baited into it? Heck, even President Obama boasted a foursquare check in last year! Are we all expected to read and comprehend the 10 page terms and conditions associated with every application that we use? The recently updated Apple iTunes TOS was more than 40 pages, did you read it? Are we all expected to be able to understand just how to setup and control our Facebook privacy settings in order to have sharing just the way we want? Are we all supposed to know exactly how to setup and configure our Google+ (G+) mobile clients so that we aren’t automatically sharing our photos captured with a Smartphone? Likely so, but it’s hardly a realistic expectation. A case in point: I recall several years ago being confused about how to setup and control location sharing with photos uploaded to Flickr. In order to really get a grasp of my settings I had to be fully aware, and in control, of settings on my phone’s OS, location sharing provisioning of my GPS setup, specific settings of every app that pushed to Flickr, and then the actual setup within my Flickr account. It was a challenge, and I was a pretty savvy, experienced user… Imagine your mom trying to take control of her settings? This is what we now face but on a much larger scale. Yes we are complacent with sharing too much information but in order to be part of the cool, social crowd it’s kind of expected of us, don’t you think?
So how about a test?
Using my iPad what can I find out about a Random person? I’m writing at Starbucks and have just checked in to the venue via foursquare (speaking of foursquare, how do you like the new use of OSM basemaps courtesy of MapBox? see http://www.gisuser.com/content/view/26088/2/). I’m thinking this is a good test bed for my privacy exercise. I can see that there’s a young woman also here – foursquare tells me this. I proceed to click on her profile and see a large photo of her along with her full name. One more click and I see her email address and twitter handle. I suppose now I could make contact via a foursquare message, email, or even twitter @mention her. A side note,I’ve elected to start with foursquare because I find that people seem to be very free about making connections and adding friends regardless of knowing the person – I will admit that I do this also, however, I do so to enhance my online persona! I never exchange messages with strangers.
Moving on, I can easily view Jane’s (I’ll call her Jane) check in history – she has 4000 checkins. I can now pretty easily determine places she likes to go, when she goes there, and which neighborhoods she favors. In all likelihood these clues may reveal to me approximately where she lives and or works. Getting freaked out yet?
I’ll pause here to go look at Jane’s twitter account. It seems that it is not protected so her tweets are open to all for viewing – very common. Just 10 minutes ago Jane tweeted that she was heading out for exercise. I’m willing to bet that she may do a foursquare check in at a gym or similar place very shortly. Oh and by the way, an earlier tweet she mentioned where she plans on going on Friday night for drinks… given that tidbit I can assume where she will be at a given time and that also means she won’t be at home, quite amazing right? Ok, enough of the live stalking!
Back to mapping… Something that you may not know is that it’s possible to locate on Flickr user history contained in a Geo-RSS feed or KML file (foursquare users are also provided with an RSS feed of their history). Since the feed also contains location information it can be easily displayed on a Google map. Simply go to maps.Google.com and copy/paste a GeoRSS feed url into the search bar. Voila, I can now see a much clearer picture of a user’s history and likely revealing spatial patterns and clusters of activity. Most people tend to share data close to work and home so it really isn’t rocket science to go from here and extrapolate information. I’ll go all "Criminal Minds" here now – think about it, if a stalker has a photo, knows favorite hangouts and patterns of behavior etc… it’s pretty darned simple how to imagine something could be happening with this information.
Sharing Location with Google
This is just one example of the kind of information that we share all the time without any thought of how it can be used or mis-used. Imagine what you can share when you don’t realize that you are actually sharing information. As an example, I’ve accidentally left sharing turned on in Google latitude and G+ before. Doing this meant my actual real-time location was posting to my Google account and photos I was snapping on my android device were going to G+ in real time – Ouch! I’ve also forgotten in the past to disable sharing my location with Google Latitude.
Other Privacy Policies:
Sharing Too Much
So, how do we "Accidentally" share too much? It’s actually relatively easy and pretty common to share too much information. Some examples commonly seen:
- geotagging a tweet, for example, one can easily forget that "location sharing" is enabled on their twitter client and then send a tweet from their home
- doing a foursquare checkin and accidentally sharing their check in via foursquare and/or twitter
- uploading a photo to Flickr or other photo sharing site and including geolocation (geotag) with a photo
- people using your email address and sending an email en mass and including your address and many others in the cc rather than using Bcc (blind carbon copy)
- "tagging" people or getting tagged in photos. Using facebook as an example, unless privacy settings prevent it, people can tag their friends in photos. This means you can potentially be labeled in a photo being shared by others.
- posting data to facebook as "public" meaning all can see it
- an application accessing your data and sharing it
- being mentioned in a tweet. We can’t prevent others from talking about us so what if someone shares that they have seen you, for example, "I just saw Bob at Starbucks".. well, what if Bob had called in to work sick and Bob’s boss saw the tweet.
- an area of huge concern that I see is the open sharing of photos by young people. It astounds me how free and open young women in particular are at uploading photos of themselves to open sharing services like Pinterest, Streamzoo, Instagram and others
Understand how your content is shared on facebook
Accidents are a sad reality and they will happen. Users will forget to disable location sharing and other sensitive information. Devices with tricky OS settings mean that users may be sharing information without their knowledge, Applications may use data that users are unaware of. For example, the recent incident with Path. The short story here was that the mobile application was accidentally storing users’ address book data. There was a huge backlash and outrage shared on social media and the company had to scramble to come up with a solution, or an apology in this case. Most recently, U.S. lawmakers asked Apple representatives to brief members of the House Energy and Commerce Committee on the company’s mobile privacy policies, in particular, relating to the Path privacy breach (See Details here)
Related to this, Ricky Cadden, a popular mobile tech blogger shared the following on G+… "The iOS address book row is no longer just a tempest in the internet’s teapot: members of the US Congress have just sent a letter to Apple, demanding answers about its app approval process and the privacy and security of data that’s accessed or transmitted by iOS apps. The letter follows a wave of complaints and bickering this week that ignited with the revelation that Path was uploading data from iPhone address books without asking for explicit permission. Path has since apologized…"
This comment was in reference to this article on The Verge – Congress sends Apple letter filled with questions about iOS address book privacy
Lets pick on Flickr again
As I mentioned previously, Flickr provides what’s known as Geo-RSS data. This is an RSS feed archive of a user’s activity including geotags. Using these data basically anyone can use open map mashup tools, like Google maps or GeoCommons to plot data on a map. A number of social services make available historical data that can be used by such a service. Examples include Brightkite (no longer in service), foursquare, and Flickr. Mashing up these feeds is simple and can convey interesting patterns. For more, see this mashup map of my data as an example – I wrote about this in an article last year – see Mash Up Your Social Media Location data from foursquare, Brightkite, and Flickr with GeoCommons.
Explosive Use of Smartphones
Smartphones are pervasive. Recent research has revealed that smartphone use has overtaken PC usage (Source: Canalys) and its happening fast! Case in point, sales of smartphones rose more than 55% in Q4 2011 compared to Q4 2010. By comparison, the global client PC market grew 15% in 2011 – Vendors shipped 488 million smart phones in 2011, compared to 415 million client PCs. No consider also that most smartphones now ship with built in GPS and typically sport 2 cameras (front and rear). And let us not forget about Tablets which also are location-enabled and typically have a camera. Can you see how we are being encouraged to take more photos and share them?
One can hardly resist capturing and sharing photos via smartphone. The quality of camera on a typical smartphone now rivals a low end DSLR. For example, the iPhone 4S comes with an 8 megapixel camera that also shoots HD video. The Nokia Lumia 800 Windows Phone has a primary camera that is 8 MP, (up to 3264×2448 pixels), Carl Zeiss optics, autofocus, 720p video, and dual-LED flash. The popular Samsung Galaxy S II (Android) smartphone has a 8 MP, 3264×2448 pixels, autofocus, LED flash, and 1080p video. Source of camera specs: http://www.gsmarena.com
Photo sharing on social media is rampant, with new applications popping up almost daily. I recently searched Quora for facebook stats and found that its estimated that there are over 200 million photos uploaded to facebook each day or around 6 billion per month. There are currently almost 90 billion photos total on Facebook (See Quora). Instagram is a popular photo sharing application for iOS. The application has soared in usage and is a top download on the iTunes store. According to recent stats, as of Dec 5 2011 there was over 14 million users. Recently, Pinterest, another social photo sharing app, has seen explosive growth. Pinterest is touted as a social referral app and is ideally suited for sharing photos and images. According to stats, visitors to Pinterest grew by 429% between Sept and Dec 2011! Source: DailyInfographic
So why all the hype about photos? Photo sharing is huge (an understatement). To better understand the significance you need to know how it works, Simply put, when you capture a digital photo data (tags) are written to the JPG file. These tags contain a fair bit of information. Applications are designed to access the EXIF data (amount of info divulged depends on your privacy settings) and the application can then act accordingly. this is how a mobile app like foursquare or Flickr mobile app can upload your photos and include location information. It’s amazing to think that it was only December, 2010 when foursquare added photo support. See: Foursquare Adds Photo (and comment) Support
EXIF – Exchangeable image file format
Exchangeable image file format (Exif) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.
Understanding Privacy Settings
This is now a simple task, particularly with facebook. I’ll pick on FB because its the grand-daddy! Understanding privacy settings and how information is shared on facebook takes some time and likely a little homework. The account privacy settings control what kind of information you’ll share and who you’ll share it with. The account settings determine your default settings that will be applied when you post. A particularly important basic setting is who can see your profile. Unfortunately many users neglect to lock down their profile. What this means is that much private information is potentially viewable via the Internet to anyone.
More about Jane
A test – a random Google search using the name of Jane from my foursquare example, resulted in another person with the same name’s facebook page being a top hit. Obviously I wasn’t connected with her and it turns out I could see her bio. This included the name and location of her place of employment, her high school, all her friends, all her photos… everything was wide open to the World! It turns out she was a young lady who may be sharing her life without even knowing it. Honestly, I felt I should message her and inform her as I suspect she had no idea about this. As luck would have it even her messaging was open so I was able to message her directly even though we were not connected in any way!
In an effort to locate more information about Jane I turned to Google. Interesting that when I tried a Google search on her name (I searched full name + city name) Google suggested a different spelling, turns out Google knew the correct spelling as I had made a mistake… Google was helping me!
Places I could find her
- MeetUp.com – a list of meeting groups she belongs to. this can potentially reveal meeting time and places where she will be. It looks like she may be going out with a walking group this week-end, the time and place is shared.
- Personal Blog – more photos are shared, a twitter timeline, loads of personal information including a complete and detailed calendar including work start/finish time, complete workout routine, week-end activities.
- Photos – a number of Flickr photos were revealed as she had been tagged in them. Again, this is completely out of her control as they were posted by other people, likely her friends.
- Tweets – many mentions in Twitter turned up as tweets are instantly available via Google search results.
- Google+ – very little activity but her Google+ profile turned up and with her profile was a list of cities where she once lived, links to multiple twitter accounts she maintained, and a couple of photos.
- LinkedIn – details of her profession and professional contacts
- Google Images – numerous photos and images
- DailyMile – a social community for runners. A complete running log was viewable, luckily the GPS tracks were not open to the World for viewing.
- Instagram – another site that turns up in Google. This app shows off photos shared via iPhone. If geotagged photos are easily viewed on a map using a service like InstaEarth, an app that places Instagram photos on a map
I’ll admit it, I also have tons of social resources online, most are easily located through Google search and many of these reveal information and media that is location tagged. Alone, most of the media is harmless and reveals very little, however, by putting together all the individual pieces and very clear puzzle begins to appear. There’s no doubt that much of this information will be used in the future to paint a picture of me, my habits, my preferences etc… all in an effort to present me with highly relevant ads, coupons, deals, and other teasers – think Google ads, facebook ads, mobile coupons etc…
What can people do?
Oh the privacy issue… it’s huge, it’s a heated debate and there’s no way that it’s going to disappear for a long time. I noticed recently in some industry research on location intel that Privacy and data rank as the top concern for technology professionals. Is it a top concern of yours?
Perhaps not, however, if so there are a few things that you can do to start. Review privacy settings, particularly with facebook and Twitter; Check privacy and GPS settings on devices; Use apps from reputable developers; Clear your computer cache and look at your social media accounts (not logged in) to see how they appear to the public; Google yourself; Repeat!
This from an article I wrote 2 years ago titled Geolocation sharing with Social Media and Privacy Concerns – Facebook has recently taken steps to make setting privacy for users a little easier, however, I would urge any user of facebook who posts personal data to carefully go through and check all the privacy settings (a tip, make sure your WALL is visible only to your friends). And if all this doesn’t freak you out consider this, again from last year, Sharing Your Date of Birth + location can reveal your personal identity
- Even President Obama checks in with foursquare, so why shouldn’t everyone else? Obama Checks In with Foursquare
- Facebook executive takes heat in hearing on privacy
- Mobile Photo Tip – GPS Tag your Flickr Photos
- Details of Hearing on Location Information and Privacy
- Developers Scraping Social Location Updates – Clever or Sleazy?? You Decide
- Location Privacy and How not to Be Seen
- ArcGIS How To Hack Tip – A Fast, Simple ArcGIS Map Mashup of Flickr Photos and Foursquare Checkins – this article describes how to access your social check in data history
- Mall Privacy Flap highlights Americans Uncertainty About use of Location-based Data – a brouhaha broke out over a mall owner’s use of cell phone tracking antennas to keep tabs on shoppers’ locations.
About Photos, Location information, and Privacy
How is location data shared in a photo? Photos captured with smartphones are digital. This means that additional information is also contained within an image file. A typical JPG photo image file found on twitter. From Flickr What is EXIF data? EXIF data is a record of the settings a camera used to take a photo or video. This information is embedded into the files the camera saves, and we read and display it here.
What else can people see or do (potentially) with your Flickr photos:
– location of photo on a map
– exact time/date of capture
– exact time/data of upload
– share your images with others
– download original files
– add to a public gallery or embed on a website
– see application you use for uploading
– locate photos in public search
– see you name, email address, current city, real name
– see geographic coordinates
You can prevent other people from seeing the EXIF data for your photos by changing your EXIF privacy settings.