How safe are you online when you use location-based services?
Anyone who has been downloading apps or using the web over the past few years will have encountered location-based services – even if they aren’t aware of them. Commonly used as a way to deliver targeted content and ads, these tools are a massive part of marketing strategies all over the world.
But do they have any hidden dangers? This article will look at whether giving away your location is such a good idea. Hopefully, we’ll find out what the risks are, and what you can do about them.
What are Location Based Services?
Location Based Services (LBS) involve delivering content to computer and smartphone users based on their geographical location.
With the rise of smartphone apps in marketing, LBS have become a vital tool for many companies, and they often have some very handy uses.
For example, restaurant review apps can use your location to recommend Indian eateries within 500 metres – perfect for when you’re visiting a strange town and need a pitstop for an evening meal.
Newspapers might use location detection to deliver relevant stories. Dating apps use them to match users in similar areas – the applications are multiplying all the time.
However, the most common application involves delivering targeted advertising. When websites know where a user is located, they can track their online movements and deliver ads that are (supposedly) relevant to their individual needs.
How do Location Based Services work?
All LBS services need a way to isolate the location of an individual user. This sometimes needs to be extremely accurate (say, if the service in question is recommending restaurants). But other systems can afford to be less precise.
Broadly speaking, there are a few ways to gather location information:
Via smartphone GPS data – When you use your smartphone, you don’t just send SMS messages to friends or take part in WhatsApp groups that you control. Your device is also constantly communicating with your mobile phone company, as well as any other services for which you’ve granted permission to receive data. So, companies delivering location-based services can directly harvest GPS information from your phone – a huge help for all sorts of businesses.
Mobile base stations – A less precise, but potentially cheaper and faster, way to gather data is via mobile phone base stations. When you roam with your phone, you pass from station to station, and your phone company knows which is your closest node at any moment. This can be used to provide a rough readout of where you are.
IP addresses – When users are surfing the web, IP addresses are often the tool of choice for businesses who want to know their location. Your IP address provides a vague idea of where your device is located, and this is usually enough for marketers to know which town you live in.
What are the dangers associated with Location Based Services?
All of this probably sounds unobjectionable. And LBS isn’t a problem when companies are using it to deliver relevant, useful information. But this isn’t always the case, and LBS has actually given rise to some important security concerns. That’s why you’re reading about it on a security-focused blog.
These concerns aren’t vague online rumors. In fact, the US Government Accountability Office (GAO) flagged fundamental concerns as far back as 2014.
According to the GAO, many companies adopted LBS but had failed to inform users what would be done with their personal data. This focused on car companies using smart tech in their vehicles, but expanded to include Google and other tech giants.
Location targeting was essentially a case of “mission creep.” From a basic agreement between users and companies to allow the latter to collect data, it has become a way to build detailed individual profiles for corporate profit.
Have these worries eased since 2014? Not really.
In May 2018, Wired reported a disturbing story. Apparently, an LBS broker called Securus had been selling the location of almost any US citizen, and local sheriffs had been buying – giving them a shocking level of insight into the whereabouts of citizens.
Securus doesn’t collect data itself. It buys data from a company called LocationSmart, which buys data from mobile phone companies. It’s like the Wild Wild West.
Therefore, your location data could end up anywhere, in anyone’s hands
We’re now learning the truth about location-based services. They are far from just a convenient way to link companies and consumers. Instead, the rapid rise of LBS has provided a vast treasure trove of data about societies across the world. And this is immensely valuable to all kinds of groups.
We mentioned rogue law enforcement officials – and that’s one worry. But the profiles drawn up by marketers using LBS can also be used by the supposed enemies of sheriffs: cyber criminals.
The Dark Web is crammed with leaked records containing information about individuals’ medical histories, their finances, addresses, and even their passports. When you add mapping data showing where they travel, how they shop, and their daily habits, it’s possible to “know” targets in incredible detail.
You can even use algorithms to match up the location maps from separate individuals to work out who meets who, when, and where.
Criminals can use this data to perfect their identity theft techniques. They could use it to mount blackmail campaigns; it could be used by terrorists to target vulnerable groups – the implications are pretty worrying.
So what can we do? Should we just boycott location-based services altogether? Probably not. They are too ingrained in the way the web works to abandon entirely. From an individual perspective, the best we can do is probably to lock down our devices and provide as few “permissions” as possible.
How to minimise your personal risk when using Location Based Services
There are a couple of actions we can take to mitigate the risk of betraying our location, and everybody should at least be aware of them.
1. Use a VPN
Firstly, if you use your smartphone or laptop on the move, and you are exposed to sites that use LBS, it’s vital to have a Virtual Private Network (VPN) on your device.
VPNs encrypt the data you send and route your traffic through servers located halfway around the world. So as far as external observers are concerned, your “location” isn’t where you actually are.
In some cases, using a VPN will actually stop location detectors working – which could make sites unusable. If so, there’s a good chance these sites aren’t configured with privacy in mind. And you should be able to change your privacy settings on those sites to deny permissions in any case. But be aware that when you use a VPN, some apps may malfunction.
2. Get smart about granting permissions
The only way location based services have been able to grow so quickly is by obscuring the way they work. In almost every case, individuals must grant permission to websites or apps to detect and transmit their location. But the way this is done can be hard to discern. Additionally, sites aren’t always transparent about how far these permissions reach.
This means that it’s often necessary to audit your permissions to make sure you haven’t granted away huge amounts of data.
On Android phones, this is fairly simple. Head to Apps, choose each individual app, and press the Permissions button. You should see whether the app uses location-based services, and you may be surprised at how many do so.
On iPhones, the process is similar. Just head to the Settings menu, choose General, and then Restrictions. Now choose Enable restrictions, and you’ll be able to alter the permissions granted to various apps.
If you’re using web browsers, double check that they are set to request when you grant location data. Chrome and Firefox definitely provide this kind of alert, and you should be told when websites want to know where you are.
Don’t let your data maps become public knowledge
There’s no doubt that location-based services are useful – even game-changing for some industries. But they also come with risks and downsides. If you want to avoid leaking your location data indiscriminately, adding a good VPN to your toolkit is a good start. And managing your app permissions is a sensible second step.
But above all, just be aware that if you’re not careful, the whole world will know your most intimate details. And as we’ve seen, that’s a situation full of potential dangers.
