Risk Factory Geo-location Security Issues & Best Practices
Geo-Location Security: Issues & Best Practices
“Her father had taught her about a dogs paws. Whenever her father was alonewith a dog in a house he would lean over and smell the skin at the base of its paw.This, he would say, as if coming away from a brandy snifter, is the greatest smellin the world! A bouquet! Great rumours of travel! Its a cathedral! her father hadsaid, so-and-sos garden, that field of grasses, a walk through cyclamen--aconcentration of hints of all the paths the animal had taken during the day.” Michael Ondaatje, The English Patient
HowA desktop browser is likely to use WiFi(accurate to 20m) or IP Geolocationwhich is accurate to the city or post codedepending on your ISP.Mobile devices tend to use triangulationtechniques such as GPS (accurate to 10mand only works outside), WiFi andGSM/CDMA cell IDs (accurate to1000m).
Browser BasedThe Geolocation API is default in the following desktopbrowsers:•Firefox 3.5+•Chrome 5.0+•Safari 5.0+•Opera 10.60+•Internet Explorer 9.0+•And for updates on earlier versions for all of the above
App BasedAnd the W3C Geolocation API on mobile devices:•Android 2.0+•iPhone 3.0+•Opera Mobile 10.1+•Symbian (S60 3rd & 5th generation)•Blackberry OS 6•Maemo
Business Uses A US-based car rental company started using deployed GPS tracking devices to monitor driving speeds of its customers. If a customers car exceeded 79 miles per hour for 2 continuous minutes, they were charged an additional $150 (without their consent).
Example A French Insurance company used both mobile phone and car GPS data to track sales executive locations and cross reference to their expense accounts. Policy resulted in 21 employee dismissals and the identification of over .5 million euro in false claims.
Example Earlier this year, a large New York-based charity used geo-location data from Grindr to identify homosexuals working in their offices. 4 employees were fired for “inappropriate behavior.”
Every Word You Say • Tracking customers • Tracking employees • Tracking competitors • Tracking subjects
Every Single Day • Competitive Intelligence – Location of executives easily disclose activities such as mergers and acquisitions or real estate sittings. • Targeting Intelligence – Location of subjects by private detectives – Location of subjects by the media
Every Word You Say• How the app exposes the users is not the problem.• How Google Maps, Facebook and Foursquare expose the users without their knowledge is the problem.• Opt out is the default not opt in.• Social networking business model = get everyone to share everything• Your personal information (your life) is their product
I’ll Be Watching You "If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place," Former Google CEO: Eric Schmidt
Regulatory ConundrumGeo-location data falls under special categoryof data subject to E-Privacy Directive. Tocomply you must either: – Obtain prior consent - or: – Process the data anonymously (Good luck as this includes UDID, IMEI, Mac or IP addresses)
DIYApple Safari:• Go to the ‘Display a menu of General Safari settings’• Go to ‘Preferences’• Go to ‘Security’• Uncheck ‘Allow websites to ask for location information’Comodo Dragon:• Go to the ‘Customize and control Comodo Dragon icon• Go to ‘Options’• Go to ‘Under the Bonnet’• Choose ‘Content Settings’• Choose ‘Location’• Check ‘Do not allow any site to track my physical location’Facebook:• Go to Privacy Settings• Click ‘Custom’• Click ‘Custom Settings’• Disable ‘Places I check in’• Disable ‘People here now’• Disable ‘Friends can check me in to places’
DIYGoogle Chrome:• Go to the ‘Customize and control Google Chrome’ icon• Go to ‘Options’• Go to ‘Under the Bonnet’• Choose ‘Content Settings’• Choose ‘Location’• Check ‘Do not allow any site to track my physical location’Google GMail:• Scroll down on your GMail page until your reach Last account activity:• Hit Details• Scroll down• Check Never show an alert for unusual activityGoogle Toolbar:• Go to the ‘Adjust Toolbar options’ icon• Go to Tools• Uncheck ‘My Location’• Hit Save