Monday, July 26, 2010

Why location privacy matters

I attended The Next HOPE, the 8th installment of the Hackers on Planet Earth conference, last weekend. I've attended "hacker" conferences over the past decade and I've rarely seen  location or geo content with the exception of the war driving contests in the early '00s. I was excited that HOPE had a number of geo related sessions ranging from location privacy to hacking your GPS.


Ben Jackson from Mayhemic Labs presented Locational Privacy and Wholesale Surveillance via Photo Services. Jackson sampled 2.5 million photo links posted to Twitter, Twitpic, YFrog and Sexypeek and retrieved latitude and longitude from the EXIF metadata from 65,000 photos. His message was that users are leaking location information, often with knowing it. To publicize his findings, Jackson established ICanStalkYou.com to let users know that they could be easily located. 


In a similar vein, Paul Vet presented Geotagging: Opting-in to Total Surveillance (video available). His tag line, "One geotag is anecdote, many geotags are data," summarizes his position that information about a person's location (home, work, entertainment) and habits (timing) can be derived from mining their twitter stream. Like Jackson, extracting tweets with key words such as bed, home, TV and extracting the location data could be used to build a profile of a person's home, place of work, and their habits. Even tweets from friends, such as "Playing XBox with @username" adds additional information. Vet used a clustering algorithm to further refine individual coordinates in probable locations.


I also followed the GeoLoco conference via Twitter. Panelists in the Future of Geo-Location Panel responded to predictions collected by Dr. Phil Hendrix, the moderator. Here are two predictions that impact location privacy:


2. Location-awareness will be integral to any mobile app.
The panelists mainly agreed with this statement, with the observation that not all mobile apps will need LBS.
“For me, this is obvious,” Eisnor said. “With increase in precision, we’re moving towards an ecosystem of location-aware devices.”
“We’re going to have way too many devices in 2014; we will need to know where they are,” said GigaOM’s Liz Gannes.
4. Virtually all user-generated content will be geo-tagged.
In Ron’s words, “That’s already happening today,” but some of the panelists had reservations about a totally geo-tagged world.
“We’re going to find situations where location-sharing can be very weird,” Scoble said, noting that a recent deal between Rackspace and NASA could have been discovered before it was announced if observers had been tracking both organization’s locations.
“We’re getting to the point where journalists could know what the intelligence community does,” Liebhold said. 
The attitude of conference attendees (via Twitter) towards location privacy seemed to take a back seat to the business of monetizing location, despite the possibility that location privacy issues could make or break a company.


Another week, another hacker conference. This time Thomas Ryan will be presenting Getting in Bed with Robin Sage; which describes his exercise of creating a fake twenty-something year old woman who worked for Naval Network Warfare Command. Robin Sage was able to collect 300 connections on LinkedIn, 110 Facebook friends, and 141 Twitter followers. Robin Sage was able to view photos with location information from Afghanistan and Iraq in Facebook and Twitter. Sage even received job offers and dinner invitations. More information about Robin Sage is available from darkreading.com.


While the US ponders the release of (six month to years old) information from WikiLeaks. It is worth noting that we might want be looking at social media when it comes to releases of information that endanger operational security in the present day.

No comments:

Post a Comment

Post a Comment