How to stalk someone via a trail mapping app.

For those that don’t know, I’m an avid hiker and biker. In fact, I’m currently undertaking a challenge that I created for myself to do 90 different trails in 100 days. Currently, I’m 2/3rds through that challenge with ~30 days to go. One of the keys tools I use for finding and following trails is a mobile App called AllTrails.

I’ve used it for years but now I’m using it daily. While I’ve known that trail apps have potential privacy problems  (I even included building a privacy friendly trail app as an example in my book, see illustration), my recent use has pinpointed how problematic.

 

Screenshot of AllTrails

In the App on a phone, when you pull up to explore the area looking for trails you’re presented the pinpoints of a bunch of curated trails, as shown at left. You can click on a trail and get a description, trail map, reviews, popular activities and features. There is a slight problem in that reviews, I think, are public by default, but it appears that when your profile is private or individual recordings are private, your reviews aren’t shown. 

In my search for trails, though, I’ve found lots of unlabeled trails. In other words, trails at parks, greenways and forests that haven’t been curated and cataloged. You can submit new trails for consideration, and I’ve done that with a few. I’ve also recorded via the app some hikes and walks that aren’t official trails, like when I dropped a rental truck off and walked home 5 miles because I needed to get a hike in that day or when my car was getting an oil change and I hiked to a park to kill time. Because of the challenge, I wanted to document these “hikes” to record my mileage. Now even though my recordings are private and my profile is private, uploading these recordings seemed even less problematic because they weren’t linked to an official trail and thus unfindable by the public. At least I assumed so. [Yes, privacy professionals, I know, AllTrails could be monetizing me by selling geolocation information to advertisers. I assume so, at least, with any app I use.

It turns out that my statement about recordings unlinked to trails is not quite accurate. In the App it appears to be true, but on the AllTrails website, you can look at curated trails OR community content. 

This community content contains all sorts of hikes people take, including official but uncurated trails, trips to visit grandmother in Ohio (I saw on where someone recorded their road trip) or walking around their neighborhood. I’ve yellowed out the map above to reduce the chance of someone finding this particular hiker’s location based on the road topography. Clicking on the recording in the list of community content leads to the details (shown below). As you can see this hiker left their house (black point) and walked around their neighborhood and turned off the recording as they approached their house at the end of the cul-de-sac (green point). Mousing over the endpoints yields the latitude and longitude to 5 decimal places, which is accurate to within a meter. I’ve attempted to obscure as much information as possible, like street names, exact lat/long and other houses, but I’m sure  someone with enough resources could identify this from the unique street outline. However, I’m not going to make it easy. 

You may be thinking, well this isn’t bad because I don’t know who lives at some random house (i.e. I don’t know their name, though it might be part of the public records on home ownership).  It other words its an attribute disclosure about this person (their walk details) but not an identity disclosure. I won’t debate the problems of attribute disclosures in this blog but that’s not what’s happening here. Clicking the profile icon will take you to their profile. Note, this person did at least not upload a picture of themselves so the profile icon (under the words Morning Hike on the left) is generic. Unfortunately, they DID include their full name (changed to a gender neutral generic name below). 

On my recent hiking challenge, I generally listen to podcasts, mostly privacy related. One I’ve become very fond of is Michael Bazzell’s “Privacy, Security and OSINT” podcast. It’s fairly frequent (I’m listening to podcasts daily now) and provides both tips on how to protect your privacy and OSINT (Open Source Intelligence) techniques, to which people need to be familiar with in order to protect their privacy. 

Of course, being a privacy by design specialist, my take is people shouldn’t have to go to extremes to protect their privacy. The onus is on organizations to build better products and services. AllTrails, I like your app, really, I do. But it needs so many improvements from a privacy perspective. So many, in fact, I’d be happy to offer you some free consulting. Just contact me rjc at enterprivacy.com.  I don’t mean to single AllTrails out. I’m sure this is a problem with many or most of the trail apps. AllTrails just happens to be the one I use. 

For others who don’t want their organizations to be on the cover of the NY Times , sign up for some privacy by design training or contact me about a consulting engagement. Become a privacy hero with your customers. 

Predictive policing

At 7:15 this morning I was rudely awaken by a police SWAT team banging on the door. I’m currently in a cold northeastern city visiting a friend (whom I happened to take to the airport last night to fly to my home state of Florida). He offered to let me stay here for a few days until I return to D.C. It’s a great savings of a few hundred dollars in hotel nights and the solitude has given me an opportunity to concentrate on some much needed work. Of course, solitude is not exactly what I had this morning. First there was a knock. As I peered bleary eyed out the window to see if it was an obnoxious solicitor, the knock grew furious. “Police, Open Up” was the shout. I scurried towards the door in only underwear and a tshirt. I opened it to approximately 10-15 police officers in full gear (bullet proof vest, helmets, guns). I stated to the officer at the door (who clearly recognized that I wasn’t whom they were looking for) that I was a house guest. He showed me a picture and asked if I recognized the man and I said no. He gave me his card and ask me to have the resident (my friend) call him.

I passed the information on to my friend who called the detective and spoke at length. Apparently, this is not the first time his house had been visited by the police. The detective explained that the suspect, wanted in connection with a shooting, and his family were listing this address as theirs. My friend explained that he had been there for 3 months and the owner of the house, who previously lived there, had been there many years. The detective offered to email my friend the picture of the suspect and asked to be contacted if he saw him in the neighborhood.

My friend called me back to discuss the incident and we discussed in light of the book I had been reading the previous day while my friend was at the house. That book was Big Data by Viktor Mayer-Schonberger and Kenneth Cukier. Predictive policing, not quite like Minority Report, is the use of big data style analysis for policing. The concept is fairly straight-forword, amalgamate large amounts of information relevant to criminal behavior and find connections that were heretofore unidentifiable. While arrests won’t be made as a result of predictive policing, suspicious actors could be uncovered and scrutinized thereby improving the efficiency of the police department. The risk, however, is having innocent associations place certain members of the population under enhanced scrutiny while others commit crimes. In the old days, this was called profiling and while dispassionate data analysis could be beneficial in removing stereotypes and biases from policing, the risks remains of being caught in a associative bucket of bad guys. My friend, who innocently occupies an address picked by criminals, now potentially will be forever associated with them. Will his car be pulled over more often then not, as police hope to catch him in the act? What other subtle things will threaten his peaceable right to be let alone now? Will credit reporting agencies ding his credit score because he shared an address with a family of criminals?

My ex-girlfriend used to carry her social security card in her wallet, much to my dismay. I pleaded with her not to but her retort was that she had no credit history worthy of stealing so what was the risk? She had a somewhat legitimate need as her drivers license had a different name that her birth certificate, due to custody battle and judges decree when she was just a toddler. She used the SSN as an alternative proof of her name, when her license didn’t match. It is an unfortunately byproduct of living in a society that is hellbent on using identity as a means of security. But the risk to her, were clear. What happens when her identity is stolen for criminal purposes? Or when a criminal uses her identity to commit a violent crime and her name is now tied as an alias to that criminal? While law enforcement making contact with John Smith may do a double take before arresting him on an outstanding warrant, her unique name would not be so lucky.

While efficiencies in the competitive industry of ferreting out criminals is a goal worth pursuing, appropriate safeguards must be in place to not make unwarranted connections. Further, oppression, warrantless searches, identity tattoos (ala WWII germany) make policing efficient but that doesn’t make them ethical. Society must weigh the political repercussions before embarking on the use of big data in this realm.