Who needs a paper map when smartphones today can find your exact location and give you turn-by turn-directions to your destination? And what’s the harm in shooting a quick photo that can be shared in seconds with friends, family and followers online? These modern marvels make life easier and more gratifying in many ways but their benefits don’t come without a trade-off. Never before has your privacy been more at risk.
“I think perhaps the hottest issue right now is location. Location, location, location,” says Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation (EFF) in San Francisco.
Indeed, both Microsoft and Google were recently under fire for collecting the locations of millions of laptops, cell phones and other Wi-Fi-enabled devices around the world. The unique identifiers for those devices were then made public, meaning that if a person knew someone’s Media Access Control (MAC) address, he could infer where that person spent time with her phone in tow.
A MAC address is a device’s unique hardware number or physical address, and it allows a cellular carrier to find a phone and link it to its network.
While both Microsoft and Google have since made changes to their databases to assuage privacy concerns, the fact remains that our mobile phones can double as tracking devices.
“[Mobile phones] can reveal information about your location not only to your cell phone carrier but also to the cell phone manufacturer, the developer of the operating system of your phone or location-based service applications on your phone,” Bankston says, adding that some apps have no use for your location but simply want access to it for marketing purposes.
To keep those apps from tracking you, often it’s just a matter of making a few adjustments to your phone settings. On the iPhone, for example, you can turn off location features by going to Settings, General, Location Services. There you can enable or disable location functions for each app on your phone. Android handsets have a similar option in Settings, Location and Security.
But aside from shutting off your phone entirely, your cell phone carrier will always be able to triangulate tower signals to determine your location if law enforcement or some other entity should ask for it.
Geotags in Photos
“Anytime you use an electronic device, depending on what the device is, you’re leaving a data trail, whether it’s GPS meta data in a photograph you take or [the] cookies you pick up when you’re online,” says Rainey Reitman, activism director with the EFF.
She’s right. As we have pointed out, every time you take a photo with your cell phone, there’s a good chance your location is being stored along with the photo. Cell phones with GPS often default to storing this information when GPS is turned on. And some point-and-shoot and dSLR cameras also have GPS built into them.
There are a couple of ways to remove the location information from your photos, which is also called Exchangeable Image File Format (EXIF) data. First, you can download a simple program that strips out the EXIF data. For Windows PCs, try Easy Exif Delete (free on cnet.com) or iPhoto Exif Cleaner for Mac (free on cnet.com) for Macs. These programs will indiscriminately remove all of the EXIF data.
Cookies That Can’t Be Deleted
And the cookies Reitman mentioned are the reason the ads you see online seem to know that you’re old enough to possibly want to buy wrinkle cream, or that you’re in the market for a new car.
In studying the companies and technology behind this targeted advertising, The Wall Street Journal found that the nation's 50 top Web sites on average installed 64 pieces of tracking technology onto the computers of visitors.
“There are third-party tracking cookies on almost every popular commercial site so they’re virtually impossible to avoid,” says Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, Calif.
While tech-savvy Web surfers used to simply delete these tracking cookies from their machines, the WSJ found that “…new tools…scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.”
Understandably, some people think this kind of activity is wrong. Wired recently reported that Web site analytics firm KISSmetrics and more than 20 of its customers, including Spotify, AOL’s About.me, Etsy, Spokeo and the news site Gigaom.com were recently sued on the grounds that KISSmetrics’ tracking technology violated federal and state privacy laws.
All web browsers provide ways to delete cookies from your computer. The Web site ghacks.net gives a good tutorial on doing it in each major browser. You can also visit the Network Advertising Initiative to opt out of the behavioral advertising conducted by its member companies.
It might distress you to know how many Web sites display things like your address, phone number and other personal information.
“The problem is…if a consumer has a severe need to have privacy—if they’re a public defender or a law enforcement officer or the victim of stalking—it is practically impossible to truly keep your privacy online, especially your home address and such, because these information broker web sites don’t have to remove your information,” says Reitman, who adds that some sites such as Spokeo, which at one time posted maps that pointed to people’s houses, now offer an opt-out option.
The Privacy Rights Clearinghouse provides an excellent listing of the scads of online information brokers that may be collecting information about you, as well as links to opt-out pages at those sites if they are available. Unlistmy.info also provides a list of the most popular sites that might be storing data about you, as well as advice for getting off those lists, if an option exists.
To see some of the many sites collecting information about yourself, try searching for your name. I did and found all sorts of sites gathering my data. One site even offered maps to my house as well as a link to my wish list on Amazon, which also lists my birthday.
While many companies such as Amazon create public profiles for their customers, I find it unnerving that anyone can go snooping around my Amazon profile to find out what kinds of things I’d like to buy. I’ve been using Amazon since the company’s beginning and now can’t remember setting up a profile for myself. The point is that it’s important to check the privacy settings related to any kind of profile a site you use often may be keeping on you.
As another example, Health Month is an online game I occasionally like to play which involves setting health rules—such as “Eat fresh fruit every day”—and you win or lose points for following your own rules. After searching for “Christina DesMarais” and “profile” I realized my Health Month profile—including all my healthy and unhealthy habits—was there for the world to see. I then spent several minutes trying without luck to find some privacy settings at the site that I could adjust. As my only recourse I was forced to change my name, birthday and email address on the site so as to not contribute to the data online brokers are able to glean about me.
I emailed Health Month and received a response within minutes. Buster Benson, who created Health Month (and is a person who’s very sharing with his personal data), said the way I handled it—by changing details on my profile—was the best method for staying hidden, but that he would be letting users adjust privacy settings within the next few weeks.
This goes to show that it often pays to raise your privacy concerns with a company.
While Facebook is one of the companies the EFF says has fought for user privacy in Congress, it also makes use of facial recognition software which is actually the opposite of private. Google and Apple also are using it in their respective Picasa and iPhoto products.
What makes facial recognition disturbing is how it could be used in the future as technology progresses. Already in Japan there are billboards that can recognize your gender, approximate age and ethnicity so as to better target ads toward you. And you may have heard that after the recent riots in London police were using facial recognition to identify looters.
While identifying looters sounds like a good idea, think about what it would be like if everywhere you went cameras could determine who you were. Personally, I find the idea appalling. Remember the movie Minority Report, anyone?
And you might have reason to worry about those seemingly harmless Facebook photos that you’re tagged in.
Researchers from Carnegie Mellon University have found that it’s possible to use facial recognition technology to match the photos and real names from publicly available profiles (such as Facebook) to profiles where the user used a pseudonym and wouldn’t want his real name used, such as Match.com.
In a published report the authors wrote, “Hence, face recognition creates the potential for your face in the street (or online) to be linked to your online identity(ies), as well as to the sensitive inferences that can be made about you after blending together offline and online data.”
The LA Times recently posted a guide for disabling Facebook’s facial recognition.
Devices With Memory
If you’ve ever used a digital copy machine there’s a good chance the data you scanned is still saved to the copier’s memory. In fact, this poses such a privacy concern that several states are working on passing laws to require businesses to erase or encrypt stored data from digital copiers before recycling or disposing of them.
Any device with memory, including your PC or phone, should be cleared out before you part with it.
While some people think that deleting files and folders is sufficient before selling or disposing of a computer, they’re wrong. Deleted files can be undeleted. Even reformatting your hard drive can be undone. The most secure way to remove data from your computer is to use one of the wiping or erasing utilities we recommend when prepping your computer for disposal.
It’s also important to erase data from your phone before getting rid of it. With iOS, it’s a just a matter of hitting Settings, General, Reset, Erase All Content and Settings. For Android, you’ll want to format your microSD card, which you can do through SD Card and Phone Storage, under Settings. Then do a Factory Data Rest, under the Privacy menu in Settings.
The Bottom Line
There’s no doubt that as technology evolves privacy concerns grow.
As a final example, let me share another tidbit. The Air Force is working on tiny spying aircraft that might be as small as a dragonfly. While they’re not sure how the little bugs might be used, the point is that technology is capable of finding more information about people than ever before thought possible.