Location Sharing Technology and Privacy
Guest blog post by Lorrie Faith Cranor, Associate Professor of Computer Science and Engineering & Public Policy, Carnegie Mellon University
Location-based services use a variety of technologies to acquire a user’s location based on the current position of her cell phone, computer, or other device. These technologies typically use triangulation to locate the device based on signals from GPS satellites, cell towers, or WiFi access points – often within a few hundred feet. Cellular providers can obtain location information of mobile phones in this manner even when the phones are not being used to place a call. The Internet address of a user’s computer can also be used to determine an approximate geographic location, typically at a city level.
In April 2009 my students in the CyLab Usable Privacy and Security Laboratory conducted a survey to understand consumer perceptions of location-sharing services. We asked participants about the degree of harm or benefit they associated with each of 24 scenarios. Participants rated finding people in an emergency as the scenario with the most significant benefit. Other highly beneficial scenarios included being able to track one’s children and relatives, finding information based on one’s location, and checking to see if people are ok. On the risks side, participants had significant privacy concerns. They saw great harm in scenarios involving stalking or revealing one’s home address. They were also concerned about being found by people one wants to avoid or when one wants to be alone, having others intrude on one’s personal space, being tracked by the government, and receiving location-based ads.
We also evaluated 89 location-sharing applications and systems to determine the types of privacy protections each offered. We found that most of these applications provided fairly limited privacy controls and about a third of them did not provide readily accessible privacy policies on their websites. Some location-sharing applications have generic privacy policies that don’t explicitly mention location information. Others mention that they provide privacy controls, but in order to see what controls are provided a consumer has to actually use the service.
Some of the privacy controls that allow users to specify that their location information should be shared only with their friends rather than with the general public turn out to have exceptions. For example, many services have a simple privacy switch that can be set to “on” or “off.” But in one service we examined, text positioned four paragraphs below the switch mentions “two exceptions” in which location information will be shared publicly even when the privacy switch is not set to share this information.
Our research at Carnegie Mellon has explored offering fine-grained and expressive privacy controls. The Locaccino system we developed allows users to specify location-sharing rules based on time, location, and the person making a location request. For example, I have setup a rule that allows students to find my location when I am on campus so that they can determine whether I am in my office or teaching in another building. Another rule allows my family members to locate me at all times and locations. And another rule allows people I work with to locate me between 8 am and 6 pm on weekdays. Locaccino is not being used for advertising, but a similar approach could be used to control when and where location information is used for location-based advertising.
Our research suggests that Internet users are concerned about their location privacy, but that most currently available location-sharing services do not do a good job informing them about how their location information will be used or provide users with expressive location privacy controls and privacy-protective default settings.
See http://cups.cs.cmu.edu/LBSprivacy/ to read more about our work on location sharing and privacy.
Comments
Next entry: Privacy Programming and Public Libraries
Previous entry: Students and Choose Privacy Week
Join a legion of privacy advocates across the nation. Click here to add your name and lend your voice to those who are calling for change.
Privacy Revolution's latest Tweet
RT @dotRights Yikes -- Twitter plans to record all links clicked http://bit.ly/dtUwLk Will it allow users to opt out?
© 2009 Privacy Revolution. American Library Association. Web Design by Digital Peabody and Unleaded Software