Eight realities about location-based apps
- 23 March, 2012 03:10
The desire to be cool and embrace new technologies definitely overtook the desire to be safe with the very buzzy mobile, location-based apps on view at South by Southwest this year . You've got to love a smartphone app that broadcasts all sorts of information about you -- your likes, your age, your job -- to everyone within sight who has the same app. Because it reduces friction, right? It makes it easier to meet that good-looking guy or girl right over there who shares your love of kiteboarding and Gorillaz. You can cut down lame conversations about things you have no interest in at all.
The hype says these apps are all about possibility. But when reality sets in, you start to think about probability. For example, the probability that a certain percentage of the people who look appealing to you when apps like Glancee or Highlight bring them to your attention are going to be, well, creeps -- or worse. The probability that apps like these are putting out more information about you than you're really comfortable with. The probability that your privacy, once compromised, will never be whole again.
CNN's Soledad O'Brien, who is easily the most tech-savvy mainstream news anchor, summarized such apps best as "creepy." The Harvard-educated O'Brien interviewed Paul Davison, the young CEO of Highlight , and she was quick to ask him about the creepiness factor.
Davison, who looks like an undergraduate but actually earned his MBA five years ago, was more interested in gushing about the coolness of the app, but he did answer O'Brien's questions about privacy. Tellingly, though, the first and most effective privacy safeguard that Davison cited was that "Highlight is entirely opt-in." To me, this sounds like an admission that the only real way to protect your privacy when it comes to Highlight is to not install it on your phone in the first place. Maybe we are meant to feel grateful that Highlight is giving us the option of not using the app.
You shouldn't think of this as a case of an inexperienced executive stumbling when the camera lights went on. Davison said much the same thing in another interview, with whatstrending.com's Shira Lazar .
He also noted that, since all the information that Highlight broadcasts comes from your Facebook profile, you can limit the information dispersal to friends of your Facebook friends. And by using Facebook as the base, he said, Highlight was assuring that "everyone is using their real identity."
You don't see a problem with any of that? Then read on. I have put together a list of eight things everyone should know about location-based services and social networks in general.
No. 1 -- Your future rapist will like these apps more than your future husband
Location-based services are a dream for sexual predators and other criminals. They make it easy for predators to locate potential victims, and then they give the criminal more than enough information to manipulate his target.
Unless you have unusual insight into the criminal mind, you probably don't realize how your Facebook profile can signal vulnerability. A criminal will not be casual in his use of apps like these; he will study your profile until he knows things about you that you aren't aware of yourself.
But it's not just the social location-based apps that can be dangerous. Any app that lets the people around you know that you are, say, at the mall with them is also telling them that you are not at home. Big deal, you say? Well, let's say you are also broadcasting a photo of yourself. And that photo is geotagged. And it was taken at your house. Oops! Geotagged photos carry the precise longitude and latitude of where they were taken. Hope no one breaks in and steals your plasma TV while you're at the mall.
That is a real danger, significant enough to cause the U.S. Army recently to publish a story warning about it . That article cited an incident from a few years ago, when some soldiers posted on a social network a picture of helicopters arriving in Iraq. The geotag attached to the photo gave insurgents the location where the picture was taken, and they launched a mortar attack that destroyed four of the newly arrived helicopters.
No. 2 -- If it is anywhere on the Internet, consider it public
If you think you can put something on the Internet, mark it as private, and then not worry about it becoming public, you are wrong. There really is no such thing as private data.
Social networks do other things that put our privacy at risk. For example, many apps will suck up all of your friends' information. How can you stop every one of your scores of friends from using one of those apps that tell them, say, the type of dog they would be if they were a dog? You can't, and you can't be sure that they won't ignore the warning that the app might take a look at all of their information as well as the information that their friends make available.
No. 3 -- Your circle of friends is much bigger than you think
As I said earlier, Davison, the CEO of Highlight, touted that you can limit his application so that it distributes your information only to friends of Facebook friends. Question: Do you really know all of the people you have friended on Facebook? Many people have hundreds of "friends" on Facebook, and not a few have thousands. That means the friends of your friends could number in the hundreds of thousands. Considering that you likely are not true friends with your Facebook friends, it's safe to assume that at least some of them are less than trustworthy. And when you consider "friends" of "friends," the chances that some are reprobates, sickos or perverts are much larger.
Apps like Glancee and Highlight won't do you much good if you limit them to friends (though they will tell you that a friend is nearby), but they could do you a great deal of harm if you go beyond that level. So, limiting them to friends of friends doesn't seem like much of a limit at all. But I suspect that many users will be naive enough to use no limits whatsoever, so that they can find all the cool people nearby who share their interests. Believe me, I have no delusions that all the people who list "computer security " as an interest are beyond reproach. (In fact, their interest in that topic might be the breaching of it.) Face it, an app that tries to hook you up with people based on a shared interest in fitness, scuba diving or clog dancing provides you with no protection at all.
No. 4 -- We all make mistakes
You might decide to give these apps a try and just be careful with them. You'll turn them on only when you are surrounded by friends and actively seeking to contact people. Inevitably, though, because we all make mistakes, you will forget to turn the service off from time to time, or you will set the parameters incorrectly. And since we're mostly talking about people in social situations, we can probably assume that there will be drinking involved at least some of the time. Friends shouldn't let friends connect through location-based apps drunk.
No. 5 -- People lie
Back to that CNN interview: Davison said that using Facebook helps assure that "everyone is using their real identity." After all, it's widely recognized that no one lies on Facebook. (In case you're wondering, that is sarcasm.)
Some of those lies might be considered harmless enough, but the thing that worries me about location-based social apps is that they can expose you to sociopaths and criminals. A sociopath who wants to meet you would have no qualms about checking out your interests and then going to Facebook to revise his own to bring them in line with yours. Then he's back in your vicinity with a profile that Highlight or Glancee is all excited about. Hey, nice to meet you!
No. 6 -- Small pieces of information add up
I saw another segment on CNN in which SXSW attendees were asked how they protected their privacy. One person said privacy means controlling what you put out on the Internet. That isn't just mistaken thinking; it's delusional, and unfortunately it is possibly the most common misperception that I hear about Internet use.
>Cisco Systems' Lance Hayden, who is a part-time faculty member at the University of Texas and a former CIA operative, told me about an exercise he conducts with his students -- most of whom tend to have that same idea that they control the information about them on the Internet. He asks them to put together an intelligence dossier on themselves, using information available only on public Internet sites. Invariably, he said, as soon as the students start their projects, they show up early for the next class to ask him how they can get all of the information about them off of the Internet. So who's in control?
Hayden's students started with basic information, like a name. But it seems that all you really need is a face. A Carnegie Mellon study , found that when a photo was combined with facial-recognition software, it was possible to accurately determine whom the person was and then to retrieve private information on that person, including Social Security numbers, by using information readily available from social networks, such as Facebook, where remember Highlight gets their information from.
No. 7 -- No, you can't have separate online and offline lives
Another comment from those SXSW attendees was that they protect their lives by having separate personas -- one for online one and one for offline. They believe that what they do on social media can be kept completely separate from what they do in the workplace and other venues. Sorry to break it to them, but social network monitoring is a thriving business. Companies use such services to screen potential employees.
One attendee said he could switch from his public to private persona by switching off the apps that publicly broadcast information about him. He likened this to Clark Kent ducking into a phone booth and changing his identity by removing his glasses. Personally, I always thought that Lois Lane had to be an idiot if a pair of glasses kept her from recognizing that Clark Kent was Superman. Similarly, it's foolish to believe that you're protected because you've shut down location-based apps. If you have had them turned on, you have sent out information about yourself (and more than you probably realize, as I've already noted). If you have a stalker, he could well know where you live and might be waiting for you there, despite your Clark Kent disguise.
No. 8 -- You can't predict all the ways these things can work against you
Years ago, when you went to buy a car, the dealership could use the information from your driver's license to pull your credit report while you were out on a test-drive. By the time you got back, they knew whether you had good or bad credit, as well as other basic information. Thankfully, the Fair Credit Reporting Act made that illegal.
Now, suppose you go into a dealership today with your smartphone in your pocket. The salesperson could use Highlight or Glancee to find out your marital status and how many kids you have. He can discover where you work and your job title. He can see whether you have checked in at other dealerships via Foursquare. He might be able to learn that you have asked your Facebook friends for car recommendations. In short, he can arm himself with a lot of information that will be useful in any negotiation. I think I would rather have them just pull my credit report.
Remember those soldiers in Iraq, the ones who posted a photograph of helicopters? It must have seemed innocent to them; they never thought that posting a picture could result in a mortar attack. And then there's the case of Dharun Ravi, the Rutgers University student who was recently found guilty of invasion of privacy and other charges for his webcam spying on his roommate. His conviction came about in large part due to a single tweet . You never know which tiny pieces of information could carry life-altering or life-threatening consequences.
The price of ignorance
The interesting thing about that car-buying example is that the advantage seems to go not to the person broadcasting the information, but to the one receiving it. Like so many other things on the Internet, these new location-based apps are "free" services. Those quotation marks are earned, as I have written previously, because the Internet is not free; you pay for these free services by surrendering personal information.
The big problem with location-based services is that they can place you at the whim of anyone who chooses to abuse you. Criminals are early adopters, and they never miss an opening. Is your need to be cool worth the risk of being a crime victim?
You know what, though? You don't have to be Harvard-educated or as tech-savvy as Soledad O'Brien to realize that apps that send out details about your private life to strangers are just creepy.
Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us. He can be contacted through his Web site, irawinkler.com .
Read more about security in Computerworld's Security Topic Center.
- SXSW: Location, location, location fuels mobile apps - Computerworld
- Highlight: Learn about people around you - CNN.com Video
- Paul Davison, the CEO of Highlight, the hottest app at SXSW 2012!
- Facebook: Complete coverage - Computerworld
- U.S. Army recently to publish a story warning about it
- Security Topic Center - Computerworld
- Face Recognition Study - FAQ
- Social Intelligence
- Lesson of Rutgers case: Online actions carry consequences – USATODAY.com
- Ira Winkler
- McAfee Whitepaper: Building the Business Case for Privacy
- New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection (Sponsored by McAfee)
- Choice and Control: Considerations for Developing Enterprise Cloud Strategies
- Virtualization and Consolidation Solutions
- Cloud and Co-Location Solutions
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
- Smartphone chips could replace server processors in HPC, researchers say
- iPhone 6 rumour rollup for the week ending May 24
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
Box buys iOS app to improve its own
Growing mobile malware threat swirls (mostly) around Android
Barracuda Networks raises free capacity of Copy.com to 15GB
Coke gives peace a chance ( +16 photos)