 |
| An illustration of an example IPv6 address (Photo credit: Wikipedia) |
July 27, 2015 Deadline
September 2015 Issue
That convenient flashlight app knows where you are. So do your social media apps, your Web browser, your clock and many other apps on your phone, tablet and computer.
And there’s not much you can do to hide.
Many people don’t understand how their devices offer the functionality we love and worry upon hearing our devices and software track us constantly. And much of that information remains behind on our devices, or stored elsewhere beyond our control, because we agree to that in return for features, convenience and cheap (or free) apps.
When you download an application or operating system, you agree to various terms and conditions. For example, to use Adobe Creative Cloud or Microsoft Office365, you agree that your computer will connect to corporate servers weekly and verify your subscription is paid. Adobe and Microsoft servers ask your computer or tablet to verify it is the licensed device and they can collect a lot more information, if you’ve agreed to the license terms.
We might expect Adobe and Microsoft to verify subscriptions, but why would my flashlight app on a phone tell a company where I am?
The simple answer is that all data are valuable to someone. The Android flashlight app “Brightest Flashlight” was part of a Federal Trade Commission investigation in 2014. The publisher of the app was selling location data obtained through standard network protocols, GPS (Global Positioning Service), cellular triangulation and other techniques. In return for a free flashlight, users agreed that data could be sold to advertisers and market research companies.
When users downloaded the app, they agreed to the license terms. We all read those license terms, right?
When you take photos with a newer camera or computing device, lots of metadata are stored along with the images. Metadata include things like time, date, and location. Many of us add metadata to images, such as the names of people in photos. Online services analyze that metadata to learn more about us.
People mistakenly believe that if you disable “location services” on a phone or computer, then that information isn’t available in any form. That’s not quite the case. Your phone always has to know where you are, or it cannot communicate within a cellular or wireless network. Location data has to be sent and received for a phone to work, and for many online apps to work.
Every network device has at least one media access control (MAC) address. This unique identifier lets networks communicate. On top of the MAC address, our devices receive temporary IP addresses that connect to the Internet or our internal networks. Think of these numbers like phone numbers and street addresses. My phone number (MAC address) goes where I go, while my street location (IP address) changes. Together, these identifiers reveal where a device has been and when it was there.
Phones have one or more additional identifiers, the most obvious being your cell number. As you move from the range of one tower to another, the network follows your phone or calls would be impossible. There is no alternative to make this magic happen: cell networks must track devices. When the law enforcement and security agencies seek “metadata” from networks, this location data is what they receive. Voice calls and data exchanges via cell networks reveal who we call and what data services we use.
Even mundane features we take for granted share information about us.
For a simple example, consider how your devices keep the time accurate. Modern operating systems use the Internet or cellular networks to set time by verifying your current location. How do Apple, Microsoft and Google achieve this magic? Network addresses are assigned in blocks to service providers. When my MacBook Pro awakens, it sends a request via Network Time Protocol (NTP) to an Apple server. The request includes the current Internet Protocol (IP) address of my device or its network router, revealing where I am in the world. NTP guarantees my computer’s clock is accurate when I travel across time zones. In return, Apple could save a record of where my computer is.
Like many computer and phone users, I ask Apple to remember the locations of my devices. A mix of network protocols and unique identifiers lets me use “Back to My Mac” and “Find My Mac” from anywhere in the world. I can see my home computer’s screen from my iPad, thanks to these features. Apple’s services know where I am, and where my other devices are.
Is there a benefit to turning off location services on your tablet or phone? Maybe. I turn off location services and notifications for most apps on my phone and tablet.
If an application is honest and developed according to the guidelines of Apple, Google and Microsoft then turning off location services prevents that app from obtaining GPS or cellular location data. However, this does not prevent analysis of your IP address. It is impossible to use the Internet without an IP address, because that’s the address to which apps send the data you want to see or hear.
When you turn off the location services of a phone or tablet for a specific application, it can conserve battery power. Disabling location services also makes it less likely an app will publish your location data for others to see. Generally, this restricts what can be shared with advertisers, too.
As for the location and metadata stored on your phone, tablet or computer, it isn’t easy to erase data entirely. Secure deletion from the flash memory of a phone requires encrypting current data, deleting the newly scrambled data, writing new “dummy data” to the storage and then erasing data yet again. Department of Defense standard for secure deletion is to encrypt data, erase everything, write dummy data and repeat three times. Phones and tablets generally don’t offer secure wiping, but there are apps that can do this.
Erasing the history data from your phone or computer does not erase any location data stored by your cellular company, Internet service provider or operating system vendor. Sorry, but Google tells you they keep data, and you agree to that if you use a Google service.
Most of us like to “check in” at locations, tag photos and get map directions. We cannot do those things without location services. The convenience outweighs the loss of privacy, we have decided.
Comments
Post a Comment