In an age where shady third-party vendors are able to parse, store, and resell private consumer data seemingly at will, it would seem obvious that we should think twice about sharing the sensitive details of our life: where we work, where we live and where we eat.
However, a new report from Wired shows the extent to which the data we thoughtlessly share online could reveal the precise location from which we make our posts.
According to the report, an international team of researchers from the University of Illinios and the Foundation for Research and Technology (FORTH) have created a new tool called LPAuditor (or Location Privacy Auditor) that can discover the exact GPS coordinates of users’ location tags, even when tweets were tagged with generic and broad locations such as the names of major cities like New York City or Los Angeles.
While your average Twitter user wouldn’t be able to see past the broad geo-tags, Twitter’s API still stores the precise GPS data in its API – and the researchers behind LPAuditor have cracked into what they describe as Twitter’s “invasive policy for collecting and sharing precise location data.”
In the report, the researchers note that “the exposure of location data constitutes a significant privacy risk to users as it can lead to de-anonymization, the inference of sensitive information, and even physical threats.”
Additionally, automated private data uploaded to Twitter is capable of not only pinpointing the precise postal address of users, but can also “uncover ‘sensitive’ locations that users have visited (pertaining to health, religion, and sex/nightlife).”
“We find that location metadata can provide additional context to tweets and thus lead to the exposure of private information that might not match the users’ intentions,” the study adds.
Clearly, when a user chooses to tag their home city in a tweet about the latest celebrity scandal or breaking news story, they’re not aiming to share the nightclubs, doctor’s offices, dispensaries or meetings they’re frequenting.
Driving home the importance of location tags in the Age of Data, the researchers explain:
“Our work demonstrates that by leveraging widely available geolocation databases attackers can pinpoint users’ key locations at a granularity that is orders of magnitude more precise than previously demonstrated. Without doubt, this level of accuracy renders the identification of users a trivial task. The privacy implications of our findings are even more alarming when considering the prominent role that platforms like Twitter play in protests and other forms of social activism.”
Did you get that? Basically, users have potentially been sabotaging their social movements and protest activity by inadvertently sharing their precise locations, potentially with law enforcement or other shady private actors, while laying out a clear map of their day-to-day lives.
This latest discovery is far from the first privacy scandal to hit the tech industry.
Facebook was rocked last March by the Cambridge Analytica scandal, which found that innocuous quizzes taken by the social media platform’s users allowed data-mining firms to access vast amounts of user data through the company’s API, which was then exploited and used to construct “psychological profiles” that later sold to political campaigners, including then-candidate Donald Trump’s presidential campaign.
Last May, VICE Motherboard blew the lid off of location data provider Securus, a vendor who provides phone-tracking services to U.S. law enforcement agencies. A hacker who approached the publication exposed the usernames and insecure passports used by law enforcement customers that would allow anyone to access a treasure trove of sensitive surveillance data on individuals across the country. Also that month, U.S.-based mobile phone tracking company LocationSmart was found to also be leaking sensitive information on basically all AT&T, Sprint, T-Mobile and Verizon phones within the United States.
Luckily, there does exist a remedy for the leaking of sensitive location data, which can be found in Twitter’s privacy settings. Simply navigate to your account’s privacy and safety settings, uncheck the “tweet with a location” box, and click on the “delete location information” button.
And while you can rest (partially) assured that much of your private geographical data has been deleted, Twitter will offer an important disclaimer noting “that deleting location information on Twitter does not guarantee the information will be removed from all copies of the data on third-party applications or in external search results.”
It is becoming increasingly more apparent that we all must be concerned about our day-to-day privacy whether or not we feel we have anything to hide.