This is the second installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first segment.
From McAfee Threat Report – Exploiting Social Media: Geolocation services:
Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.
What this means to you
There are two categories of geolocation tracking threats; the first covers the spectrum of malicious or criminal abuse of information as described above. The second category covers the non-criminal tracking and use of your location information for commercial purposes without your knowledge or express consent. A few examples of this type of use/abuse seen in 2010 include Google’s collection of personal data via WiFi networks (See my blog Google’s WiFi Data Collection Larger than Previously Known) and the explosion of consumer behavior and location tracking both online and offline by stores and advertisers (See my blogs The One-Way-Mirror Society – Privacy Implications of Surveillance Monitoring Networks, Managing Behavioral Advertising, and FTC’s Do-Not-Track Proposal for more information on these location/privacy controversies).
To a large extent, the actions needed take to protect yourself from one of these threat categories will also protect you against the other so I’ll address these together.
First, understand that your information, even things you find trivial, has financial value. Whether it be age, gender, relationship status, other demographic information, personally identifiable information, indirectly identifiable information, information about your emotional state, financial solvency, interest in purchasing, etc., information about your preferences of brands, books, movies, music, etc. – you get the point – all of it has financial value to some types of people, crooks, or companies. Your location information can have particularly high value.
Information has value in entirely legitimate scenarios – to predict the fashions that will be a ‘hit’ next season or to offer you ads or discounts to nearby stores. Or, the value may be for use in legitimate-but-potentially-less-savory scenarios – reselling your data to data-brokers who use it in a variety of ways that you don’t know about, may not appreciate, and which may threaten your privacy or safety. Or, the value may be for entirely criminal endeavors.
What makes sharing location information particularly valuable – and particularly risky – is that you are physically findable. Your property is findable. Your patterns are discoverable. This risk necessitates the need to make conscious choices about whom you choose to share this with – while erring on the side of caution.
Sometimes the value of your location is in knowing where you aren’t – for example, you aren’t home when you’re tweeting from another city, or across town, making it an ideal time to burglarize your home. Sometimes the value is in your patterns – if you always stop at a doughnut shop on the way to work, but never stop at a gym, it may be of interest to your health insurance company, or the health insurance company with whom you’re applying for coverage.
Next, you need to identify how these people, entities, or companies are protecting and/or sharing your information with others. How public is your information in the hands of friends? What are the privacy policies of the sites you are registered with? How much information is being collected about you from websites you just happen to visit? What information is being collected about you or your device at the WiFi hotspots you use? See my blog Starbucks Launches Digital Network – 6 Steps to Safer WiFi Use to learn more.
Consider Google’s response to the Canadian Privacy minister during hearings about their WiFi data collection Google’s future plans for its location-based services: Google still intends to offer location-based services, but does not intend to resume collection of WiFi data through its Street View cars. Collection is discontinued and Google has no plans to resume it. [Instead]Google intends to rely on its users’ handsets to collect the information on the location of WiFi networks that it needs for its location-based services database. The improvements in smart-phone technology in the past few years have allowed Google to obtain the data it needs for this purpose from the handsets themselves.
In many cases a service may not be selling, renting or sharing your information behind the scenes, your location may be the primary information being shared, and shared with a potentially very broad audience. For example, if you’re a FourSquare user, ask yourself if being mayor of a bar is worth a potential increase in your auto insurance premiums, or having a would-be employer think twice about your drinking habits, or the potential impact this could have in a child custody dispute, etc.
Once you understand the potential financial value and potential risks associated with sharing your location information, you are positioned to make more informed decisions about the individuals, entities, or companies with whom you choose to share your location, and to what extent. My recommendation? Be VERY conservative about giving anyone, any company, or any other entity access to your location information.