How to stalk someone via a trail mapping app.

For those that don’t know, I’m an avid hiker and biker. In fact, I’m currently undertaking a challenge that I created for myself to do 90 different trails in 100 days. Currently, I’m 2/3rds through that challenge with ~30 days to go. One of the keys tools I use for finding and following trails is a mobile App called AllTrails.

I’ve used it for years but now I’m using it daily. While I’ve known that trail apps have potential privacy problems  (I even included building a privacy friendly trail app as an example in my book, see illustration), my recent use has pinpointed how problematic.

 

Screenshot of AllTrails

In the App on a phone, when you pull up to explore the area looking for trails you’re presented the pinpoints of a bunch of curated trails, as shown at left. You can click on a trail and get a description, trail map, reviews, popular activities and features. There is a slight problem in that reviews, I think, are public by default, but it appears that when your profile is private or individual recordings are private, your reviews aren’t shown. 

In my search for trails, though, I’ve found lots of unlabeled trails. In other words, trails at parks, greenways and forests that haven’t been curated and cataloged. You can submit new trails for consideration, and I’ve done that with a few. I’ve also recorded via the app some hikes and walks that aren’t official trails, like when I dropped a rental truck off and walked home 5 miles because I needed to get a hike in that day or when my car was getting an oil change and I hiked to a park to kill time. Because of the challenge, I wanted to document these “hikes” to record my mileage. Now even though my recordings are private and my profile is private, uploading these recordings seemed even less problematic because they weren’t linked to an official trail and thus unfindable by the public. At least I assumed so. [Yes, privacy professionals, I know, AllTrails could be monetizing me by selling geolocation information to advertisers. I assume so, at least, with any app I use.

It turns out that my statement about recordings unlinked to trails is not quite accurate. In the App it appears to be true, but on the AllTrails website, you can look at curated trails OR community content. 

This community content contains all sorts of hikes people take, including official but uncurated trails, trips to visit grandmother in Ohio (I saw on where someone recorded their road trip) or walking around their neighborhood. I’ve yellowed out the map above to reduce the chance of someone finding this particular hiker’s location based on the road topography. Clicking on the recording in the list of community content leads to the details (shown below). As you can see this hiker left their house (black point) and walked around their neighborhood and turned off the recording as they approached their house at the end of the cul-de-sac (green point). Mousing over the endpoints yields the latitude and longitude to 5 decimal places, which is accurate to within a meter. I’ve attempted to obscure as much information as possible, like street names, exact lat/long and other houses, but I’m sure  someone with enough resources could identify this from the unique street outline. However, I’m not going to make it easy. 

You may be thinking, well this isn’t bad because I don’t know who lives at some random house (i.e. I don’t know their name, though it might be part of the public records on home ownership).  It other words its an attribute disclosure about this person (their walk details) but not an identity disclosure. I won’t debate the problems of attribute disclosures in this blog but that’s not what’s happening here. Clicking the profile icon will take you to their profile. Note, this person did at least not upload a picture of themselves so the profile icon (under the words Morning Hike on the left) is generic. Unfortunately, they DID include their full name (changed to a gender neutral generic name below). 

On my recent hiking challenge, I generally listen to podcasts, mostly privacy related. One I’ve become very fond of is Michael Bazzell’s “Privacy, Security and OSINT” podcast. It’s fairly frequent (I’m listening to podcasts daily now) and provides both tips on how to protect your privacy and OSINT (Open Source Intelligence) techniques, to which people need to be familiar with in order to protect their privacy. 

Of course, being a privacy by design specialist, my take is people shouldn’t have to go to extremes to protect their privacy. The onus is on organizations to build better products and services. AllTrails, I like your app, really, I do. But it needs so many improvements from a privacy perspective. So many, in fact, I’d be happy to offer you some free consulting. Just contact me rjc at enterprivacy.com.  I don’t mean to single AllTrails out. I’m sure this is a problem with many or most of the trail apps. AllTrails just happens to be the one I use. 

For others who don’t want their organizations to be on the cover of the NY Times , sign up for some privacy by design training or contact me about a consulting engagement. Become a privacy hero with your customers. 

Unlimited talk, text and data?

This is a bit off topic for me but I wanted to post about the common usage in the mobile phone industry to tout unlimited talk, text and data.  I question the practice as it relates to data.  While unlimited in popular vernacular would seem to imply infinite, in reality we are constrained by the physical limitations of our existence.  Unlimited talk in the confines of a month means we can’t exceed 43200 minutes within a given month (except months with 31 days of course). It’s an impossibility on one phone to use more minutes that we’ve divided a month into.  Similarly with text, we are limited to the physical number of texts we can type or receive within a month.  I dare guess the number that a teenage girl could obtain but suffice to say, theoretically, I’m sure it’s pretty high. Now, I don’t know if the companies limit or monitor automated software. What if I download an app that sends out 1000 texts per minute?  Would they notice? Would they care?  Afterall, it’s unlimited, right.  Truth be told I haven’t read my contract or others but I suspect they may put the brakes on automated texting.

Now consider data.  Most, if not all plans, throttle data once you’ve reached a certain threshold.  So 4g, at least as specified, has a theoretical limit of 1Gigabit/second.  That’s about 324,000 Gigabytes per month.  However, most service providers throttle usage down to 3g or 2g once a certain amount of Gigabytes have been processed (my provider is 5 Gigs).  Now, at 2g speed, running full speed all month, the maximum could theoretically get is 61.79 Gigs.  To say that I still have “unlimited” data is a stretch by any imagination.

I’m not a trial attorney, but this is a lawsuit in the making.

 

Note, Ive been informed that several carriers do offer truly unlimited service (or have in the past).  I’m going based on my experience and my carrier which touts unlimited data but then throttles after 5gigs.

Mobile Privacy

The California Attorney General has released her recommendations for privacy in mobile space.  Overall, it is a fairly good set of recommendations though some groups have already criticized it.  Two notable recommendations are the integration of privacy into the design process. While not full on privacy by design or privacy engineering, it does give some advice to the mobile developer on how to think about privacy (particularly data minimization) before creating their apps.