Thursday, March 31, 2011

Comprehensive Guide to Twitter Privacy: Where are you?

Comprehensive Guide to Twitter Privacy

I've become fascinated with how Twitter has such simple settings, and yet Twitter privacy is in many ways quite complex, so I'm starting to put all of this information together. This is part 2 of... a bunch.

[Part 1: Who hears what you say?]
[Part 2: Where are you?] <-- you are here!

Now read on to learn How your iPhone may be letting people know where you live and what being responsible about sharing your location really entails!

Part 2: Where are you?

A year ago, I talked about How Foursquare can help people steal your stuff. Someone had set up a handy site called which let you search to find out who in a given area wasn't at home based on their Foursquare checkins. (The site now says the the authors have made their point about oversharing and have disabled the search.)

The point being that while sharing your location can be a neat way to meet up with friends, it can also be used in dangerous ways. So whether it's Foursquare, Yelp, Facebook Places, Google Latitude, or Twitter, you need to think about what you're sharing and why.

Twitter's built-in location settings

At the time I wrote about, I don't think location was built into Twitter, but it's since been made an option for any Twitter post. I have to say, that I really love how twitter has done to make this option clear... including doing their best to make it possible to recover from an "oops" moment where you realise you've been sharing waaay too much information and want to delete all the location data to be safe:

They've also done a nice job with the "Learn more" help document, which includes the following message:
Be cautious and careful about the amount of information you share online. There may be some updates where you want to share your location ("The parade is starting now." or "A truck just spilled delicious candy all over the roadway!"), and some updates where you want to keep your location private. Just like you might not want to tweet your home address, please be cautious in tweeting coordinates you don't want others to see.

That pretty much sums up the advice any security/privacy expert would give you, although the complete document also explains how to turn things on and off, when one might prefer a precise location and when one might prefer just the city, etc.

But just like with the tweet privacy settings we talked about in part 1, this isn't the only way your location can be shared. Only this time, we're not going to blame your followers... we're going to blame your camera.

How your iPhone may be telling everyone where you live

Many modern smartphones and cameras, including the iPhone, have a GPS built-in such that you can store location data with every photo. That's pretty cool when it comes to sorting photos later, but because this information is stored with a photo, each picture you share could potentially tell someone exactly where you are (or were when you took the photo).

In Cybercasing the Joint: On the Privacy Implications of Geo-Tagging, Friedland and Sommer started looking at how many people share location data, whether they did so in unsafe ways, and whether they were aware of what information they were sharing. I highly recommend you flip through their HotSec presentation to look at the examples. (Even better if you can catch them presenting -- I really enjoyed seeing that presentation in person! -- but the slides are pretty informative on their own.)

My favourite one involves William Shatner accidentally revealing a "secret" studio location when he posted about recording there! And perhaps more relevant to "cybercasing the joint" are the craigslist posts that show expensive items, their exact geolocation, and the list of times when someone will be at home to take a phone call from an interested buyer.

The issue here is that geodata is often recorded by default. And it can even be dangerous to share this information. As a parent, how would you feel if you realized your teenage daughter had been taking photos of herself in her bedroom and it turned out that any predator could figure out where she lived? How do you feel about the fact that your friends' photos from your last party may have told everyone on the internet where you live?

Many photo services, such as Twitpic and Flickr, allow you to generalize your data so that it shows up as being in a city without showing precisely where within that city. But if you choose to have it visible (or just don't hide the data), you can often get a nice map where you can zoom in:

On Flickr you can view the exif data (Exchangeable image file format -- basically extended meta-information for pictures of the photo) and get the coordinates there...

All ready for someone's stalking pleasure!

The moral of this story

Sharing your location can be scary, and protecting your location privacy doesn't stop at turning off location on Twitter or refusing to sign in to Foursquare/Facebook places/Yelp. If you don't want everyone to know exactly where you are, you also have to make sure your camera and your friends' cameras aren't giving the game away.

Stay tuned for more Twitter privacy posts in April! And in case you missed it, here's [Part 1: Who hears what you say?] which talks about tweet privacy.

Monday, March 7, 2011

Comprehensive Guide to Twitter Privacy: Who hears what you say?

Comprehensive Guide to Twitter Privacy

I've become fascinated with how Twitter has such simple settings, and yet Twitter privacy is in many ways quite complex, so I'm starting to put all of this information together. This is part 1 of... many.

[Part 1: Who hears what you say?] <-- you are here! [Part 2: Where are you?]

Note that many of the things I'm saying here are true of other social networks or any place you might share information online, but I decided this would be most readable with examples from one site, so I've decided to use Twitter, which I like and use regularly.

Part 1: Who hears what you say?

On the surface, Twitter has perhaps the simplest privacy policy of any social network:

Either everyone can read your tweets (everything you say on twitter is public) or you can make your feed private (and then maintain a list of people who are allowed to see it).

You also, regardless of which option you choose, have the option of blocking individuals from following you. Blocking someone isn't hugely effective if they can then log out and read your public feed anyhow, but it can cut down on spam.


Blocking everyone you don't know is not necessarily the end of the story. Just like gossip, anyone who can read what you've said can also share it. It's fairly common in twitter parlance to "retweet" a message: that is, repeat the message verbatim or sometimes with small edits for length or the addition of commentary.

When you have a public account, retweeting is pretty much harmless behaviour. Anyone could see that funny thing you said if they looked, so if one of your followers retweets it, you're really just winding up with a few more strangers seeing it than you might otherwise. But they could have looked at that tweet at any time if they so chose. Often it's a really positive thing: more people get to hear about a cause you believe in or something cool you've done.

However, the story can be quite different if you have a private account. Perhaps you have chosen to keep your account private because you and your boss don't share political views. That "funny" thing you said could become seriously awkward if she winds up seeing it retweeted. Probably you chose to make your account private for a reason, and retweets can violate your expectation of privacy.

Violating privacy with retweets?

There's actual a whole paper on this subject that appeared in Web 2.0 Security and Privacy 2010. It has the cheesy-cute title RT @IWantPrivacy: Widespread Violation of Privacy Settings in the Twitter Social Network. They found that while some clients did block users from retweeting private feeds, many didn't and of course users could always just type RT and repeat the whole message anyhow. The researchers collected 4.42 million tweets that were exposing private information in this manner, and they expect that the numbers will continue to climb.

It's hard to tell, however, whether those millions of exposed tweets were really problematic for the people who wound up exposed, however. Perhaps millions of people asked before retweeting (something you should always do before sharing private information, but I know even I forget to do this sometimes when telling a good story I heard, so I suspect retweeting is no different). Perhaps most of the tweets were cute pictures of cats that no one really minded sharing. But either way, you should be aware of what you retweet and aware of what you say that could be retweeted.

RETWEET @josef (Experiment)

Retweeting lies

It's also worth noting that even though researchers assumed that most of those tweets were actual privacy exposures, it's equally possible that many of them were made up. If someone can type RT and your name and cut and paste in the message, there's no reason that it has to be your message that they post in. Often edits are minor, but there's nothing stopping one from going RT @twitter we hate kittens or something significantly more damaging to someone's reputation. Without a public feed, it's hard to refute since no one can check what you said, and even with a public feed people may expect that you deleted the offending message. A recent defamation lawsuit in the US may serve as a reminder that what you say and what you seem to say on twitter could have real implications.

So that little checkbox? It's clearly not the end of the story.

Stay tuned for Part 2 next week!

[Part 1: Who hears what you say?] <-- you are here! [Part 2: Where are you?]

Tuesday, March 1, 2011

News: Facebook still going to share your address/phone # with external sites

Over a month ago, I wrote Facebook now enabling annoying phone calls and paper junk mail? and shortly thereafter they pulled the plan.

But it sounds like it's back on the table, along with an updated privacy policy format.

Given that anyone can buy a targeted Facebook advertisement, is this going to lead to new levels of stalking and general harassment from "adveritisers" who think it's totally worth a few bucks to get the phone #s of all the women who they might find attractive in their metro area? Awkward.

As usual, I recommend not having private contact information available in Facebook for your own safety.