That is quite a bold post title, but it turns out to be very true. I was sent a link on Sunday to a Google service called Location History, where you could log in (with your Google account) and for any given day it would show you where you was at any point in the day, or more accurately where a phone that was registered with Google was during the day. I think it is safe to assume this is just for Android devices, but I would be surprised if Apple isn’t doing this too.
Don’t believe me, then look at the first image below:
This image shows my typical commute to work. In this case on Monday 7th July 2014. The data here is generally pretty accurate. There are a few points that are not quite right, but this is pretty damn close to my commute route to work via train. I don’t mind posting this you can find out the organisation I work from quite easily for this site and my LinkedIn Profile. The image doesn’t show where I live though. I positioned that out of the view.
What was even scarier was that when I zoomed into my office, you could see where I sit and the locations of various meetings I had during the day, which you can see below.
This is both very cool, and very scary. This site does let you delete the location history, but I do wonder whether it is a hard delete and not just marked as invisible. I am pretty sure it would be the latter, as how often do companies actually delete data? Not very often in my experience. Apart from deleting your history, you can stop this data being recorded by turning off Location Services on your phone.
See further down in this post on how to turn off Location History Recording.
Whilst I was in the “ohh cool” mode, I showed this to my wife Amanda, who has a Samsung Galaxy S3. We logged into her Google account and low and behold there was lots of location history. In the example below, you can see a day from our recent holiday to Lake Garda in Italy where we did a boat trip to different parts of the lake. The data points here are very accurate. There are a few outliers, but this sums up the day very well indeed.
Whenever we are away from the house for any period of time, Me and Amanda have an agreement that we won’t write any Facebook statuses or post photos about the trip until we are back home. This is common sense security so that you don’t advertise you are away from your home. This little revelation from Google got us a little spooked. What if someone managed to gain access to your Google account, it is just a password after-all which more often then not is pretty weak. With this tool someone could check whether you are away from your home, i.e. in Italy, and then pay a little visit to your home.
This got Me and Amanda talking, would this information ever be used in evidence against you in a criminal investigation. Imagine the scenario, you have committed a crime and have a family member agree to be an alibi. The police question you, under oath, and ask whether you was at the pub at 8pm on a particular Saturday. You say No, because you are dodgy, but then the police lean on Google and get your location history, and if you are unwitting and not turned off location services (like us on our holiday), they can see that you was indeed at the pub at the time the crime was carried out. Obviously this is a fictitious example for a criminal, but to me, this feels like a privacy invasion.
Another point is that if this was ever used in evidence, we notice a few data-points that were not accurate and landed in some random places. If this is being used to prove or disprove your innocence, then these anomalies could end up being quite important.
Another example, could be a partner playing away from home with a little extra marital bump and grind. The other half gets suspicious, and confronts their partner who denies everything. Somehow she/he accesses their partners Google account, under duress, and low and behold, there they are at someone else’s house or hotel. Naturally, this person has been caught bang to rights if you recognise the venue they are at, but is it fair that another company knows this information? I don’t think so personally because where will it stop!
Going forward, I am going to delete all my location history, even though I am not convinced it will actually be a hard delete, and in future when we are away from the house, Me and Amanda have agreed that as-well as not posting to Facebook, we will both turn off location services, or at least opt our of data collection.
Is It Just Google?
It is very easy to pick on Google here because they have given a nice convenient way to view your location tracking information, but to be fair to Google they make it obvious and explicit when you turn on location services that they are going to store your data, as you can see in the picture below from my Nexus 7 table (sorry for the fuzzy picture)
Also In the image above, if you click on “Google Location Reporting” you are taken to another screen where you can explicitly turn off/on location history. It will also explain about it recording the data and give you the link to the location history page on Google Maps. So we can’t be too harsh on Google I suppose.
I am willing to bet Microsoft and Apple are doing the same, but I don’t have any of their phone handsets to try it with. It would be interesting to know in more detail what Google does with this data. I am sure they have some business use for it, and with Google’s Mantra about not being Evil, you would hope you could trust them, but the paranoid side of me thinks not as they are, after all, a colossal money making machine.
Before the Snowden revelations you probably wouldn’t have given this much thought, but now that in subsequent leaks, it is becoming apparent about what tools our governments are using. For example, take a look at the list of hacks, exploits, and tool GCHQ are using. The list in that link is probably quite old now. Who is to say they don’t have a tool to mine the location information from Google. It has already been exposed that the NSA have had feeds into Google, Facebook etc.
At the end of the day the only thing you can do as an android user is either turn off location services all together, or turn it on but opt out of data storage and use the Location History Viewer to double check nothing is being recorded.
Right, time to put on our tin foil hats to avoid the satellite mind beams !! 🙂