There has been a lot of excitement in the privacy community around the introduction of a social location service by Facebook. Having blown the dust off my test account, I don’t really understand all the fuss.

It appears that this capability only applies to mobile devices right now (although I have blogged in the past about the ability to locate your computer). When using the mobile site, or the FaceBook app, there is a button that allows you to “Check In” at your current location. It appears that this is exclusively an overt act, and that nothing is taking place passively in the background.

The privacy defaults (at least for me) were fairly restrictive. My check-in is only shared with “friends” by default. The only really interesting setting was that it defaults to show your location to others who are checked-in at the same location around the same time, but that was easily changed.

The FAQ talks about and links to the privacy settings in a prominent way. It feels strange to say this, but I don’t think they have done a bad thing here. Obviously there are major privacy and security implications to telling people where you are all the time, and it may lead to stalking and/or home robberies, but you really have to ask them to do it to you. Caveat emptor.

Of course, none of this should suggest that I have any intention of ever using the service myself.

I note that most of the other social location players, like Gowalla, Yelp, Booyah and Foursquare were at the announcement. This could certainly impact them in a big way, either for good or ill. That seems like the real story, and my thoughts on that are well out of scope for this blog.

Hack Exploits Google Street View to Find Victims – The New New Internet

This very short article describes a really simple attack that enables someone to discover your physical location with a very high degree of reliability and accuracy.

It involves using JavaScript to access the MAC address of your WiFi wireless access point (base station). The examples for this I have seen are IE specific. Any malware that has gotten itself installed on your computer could also do this.

Given that information, it is easy to pass this information to a Location Services API which returns a location good to a few hundred feet, sometimes much closer. Here is a website that does this for you.

In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is “much greater transparency and no anonymity.”

I have not seen the arguments and evidence behind such a bold claim. I would have argued exactly the opposite. We need MORE anonymity for users and more transparency and accountability from data collectors like Google.

In April, Apple Ditched Google And Skyhook In Favor Of Its Own Location Databases:

This article reports on Apple’s admission that they are building their own location database to replace Skyhook (which is a WiFi location database).

Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village | The Onion – America’s Finest News Source | Onion News Network: “”

Finally a viable solution to the privacy problem!!!

This Article on Wired.com is about an initiative by Juniper Networks in collaboration with Feeva to sell a new tracking technology to ISPs.

The enhanced router would be sold to ISPs and will automatically insert your ZIP+4 into HTML headers. This will allow marketers to have much more accurate information about the user’s physical location.

They claim that the “consumer is not in any way stripped of their privacy” but fail to actually explain how that is the case. The point is for ISPs to get a piece of the advertising pie. The ZIP will be encoded, not sent in the clear, but will be available to some undefined set of “trusted third parties”. That does not give me much comfort.

I have seen many examples of websites which charge different prices based on where you live, or otherwise restrict access to web pages. This kind of targeting does not help me at all. If I want to be located, I have many ways of explicitly telling the site where I am.

This is another example of why you can’t trust your ISP. Their interests are not the same as yours. They have a strong incentive to track and monetize your activity.

Fortunately it is easy to take back control. If your traffic is encrypted within a VPN, then the ISP will be unable to insert this information. It gives you the absolute ability to enforce your own “opt out” even if the ISP does not want to give you the option. Anonymizer Universal(TM) provides an easy tool to accomplish this.

Many sites, including the Los Angeles Times are reporting on a change to Apple’s privacy policy that allows collection and sharing of “anonymous” location information. The only way to prevent this seems to be completely disabling location services on the iPhone.

It appears that Google’s privacy policy allows a similar level of information collection.

Much of the chatter I have seen about this issue talks about targeted advertising and user tracking. While I have no doubt that both companies are very interested in doing that I don’t think this particular disclosure is about that. Message targeting is more likely to happen within applications where the user has granted explicit permission to push location based advertising and alerts.

I think this is all about improving Enhanced GPS services. My guess (and it is just a guess at this point) is that the phones are reporting back GPS location, Cell tower IDs and signal strength, and all visible WiFi base stations and signal strengths. Given enough of these sets of measurements, they can provide extremely accurate location information given only WiFi information (which takes much less power than GPS and also works indoors). It has been well established that multiple companies, including Google, are building such databases from trucks driving around the world (see my last post).

One purely anecdotal data point I have is from my WiFi only iPad. For background, I live on a fairly large lot and the only WiFi I can detect is my own. One of the first things I did with the new iPad was to open up the map application. It almost instantly centered the location reticule on my house. The only available location information was from the WiFi. I know that the Street View truck has never been through my neighborhood, and doubt that any others have been. My suspicion is that phones used within my house have been providing the correlating data between my physical location and my personal WiFi base station hardware ID.