Google’s “Latitude”: A major security flaw in Google’s global phone tracking system

 

One day after the global launch of Google’s “Latitude” phone tracking system, Privacy International has identified what appears to be a fundamental design problem that could substantially endanger user privacy.

Google Latitude, a new service from Google that allows you to send your location to Google Maps and share it with friends via many mobile phones.

With Google Latitude, you can:

  • See where your friends are and what they are up to
  • Quickly contact them with SMS, IM, or a phone call
  • Maintain complete control over your privacy

Latitude is not a separate service that people need to separately adopt and configure but an extension of existing Maps for Mobile functionality. People simply need to download the latest version of Maps for their phone and opt-in to location sharing.

Latitude’s location-awareness capabilities are built on Google’s Wifi and cell tower triangulation that form the basis for its My Location tool.

image

After studying the system documentation, PI has determined that the Google system lacks adequate safeguards to protect users from covert opt-in to Latitude’s tracking technology. While it is clear that Google has made at least some effort to embed privacy protections, Latitude appears to present an immediate privacy threat.

 image

Latitude is based on a reciprocal opt-in system. That is, before a person can be tracked, a sharing arrangement must be agreed with a requesting party. After this process has been executed, location data is made available on a time-to-time or continuous basis. On the face of it, this arrangement might seem an adequate protection. However this safeguard is largely useless if Latitude could be enabled by a second party without a user’s knowledge or consent. Privacy International believes this risk is substantial and could in the future adversely affect millions of phone users.

The following scenarios has been considered as some of the ways that the service can be abused:

  • An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
  • A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
  • A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
  • A Latitude-enabled phone is given as a gift.
  • A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.

Privacy International believes Google has created an unnecessary danger to the privacy and security of users. It is clear the company is aware of the need to create a message alert on Latitude-enabled phones but has chosen to launch the service without universal access to this safeguard. The Director of Privacy International, Simon Davies, said:

Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security. The company has a long way to go before it can capture the trust of phone users.

As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user’s privacy and security are as limitless as the imagination of those who would abuse this technology."

 

Reference: www.privacyinternational.org

665 Comments

  1. Luiz Gastao Bittencourt da Silva

    I got this web page from my pal who told me about this website and at the moment this time I am browsing this web site and reading very informative articles at this place.|

    Reply
  2. Lelio Junior

    bookmarked!!, I like your website!|

    Reply
  3. Carlos Eduardo Correa da Veig

    I’m gone to tell my little brother, that he should also visit this blog on regular basis to take updated from hottest news update.|

    Reply
  4. true religion store online

    How is it that just anyone can create a blog and get as popular as this? Its not like youve said anything incredibly impressive more like youve painted a pretty picture about an issue that you know nothing about! I dont want to sound mean, right here. But do you actually think that you can get away with adding some quite pictures and not genuinely say anything?
    true religion store online http://www.truereligiononline.store

    Reply
  5. birkenstock sale

    I’ll be back as soon as once more within the long run to examine out your blogposts down the road. Thanks!
    birkenstock sale http://www.birkenstocksale.cc

    Reply
  6. merrell shoes online

    Can I make a suggestion? I believe youve obtained something good here. But what should you added a pair links to a page that backs up what youre saying? Or possibly you could give us one thing to look at, one thing that may connect what youre saying to one thing tangible? Only a suggestion. Anyway, in my language, there arent much good source like this.
    merrell shoes online http://www.cheapmerrell.online

    Reply
  7. cheap coach outlet uk

    go to the Crafting Guild south-west of Falador, wearing your brown apron. You will be able to get inside. Then, mine gold ores until your inventory is full. There are many players there so be sure to be in a less populated world. After, go to Falador and put all the gold ores in the bank. Go back to the Crafting Guild and repeat over and over again until you have at least over 100 gold ores in your bank. Then go to the Grand Exchange and sell everything.
    cheap coach outlet uk http://www.poollyanna.co.uk

    Reply
  8. Jose Wilame Araujo Rodrigues

    Thanks for sharing your thoughts on %meta_keyword%. Regards|

    Reply
  9. Grupo Coral presidios

    Genuinely when someone doesn’t know afterward its up to other viewers that they will help, so here it occurs.|

    Reply
  10. website whenever

    Have you ever considered about including a little bit more than just your articles?
    I mean, what you say is important and everything. However imagine if you added some great images or video clips to
    give your posts more, “pop”! Your content is excellent
    but with images and videos, this website could undeniably be one of the best in its niche.
    Excellent blog!

    Reply
  11. José Wilame Araújo Rodrigues

    Thanks a bunch for sharing this with all people you actually recognise what you are talking about! Bookmarked. Please additionally seek advice from my web site =). We will have a hyperlink trade arrangement between us|

    Reply
  12. www.mayanrocks.com

    I think the admin of this web site is genuinely working hard in favor of his website,
    as here every data is quality based information.

    Reply
  13. Luiz Fernando Monteiro Bittencourt

    Hi! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?|

    Reply
  14. Cleveland

    Greetings from Colorado! I’m bored to death at work so I decided to check out your
    site on my iphone during lunch break. I love the information you provide here and can’t wait to take a look when I get home.
    I’m amazed at how fast your blog loaded on my
    mobile .. I’m not even using WIFI, just 3G ..
    Anyways, good blog!

    Reply
  15. Lelio Junior

    Everything is very open with a very clear description of the issues. It was really informative. Your site is very helpful. Thank you for sharing!|

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *