Google’s “Latitude”: A major security flaw in Google’s global phone tracking system

 

One day after the global launch of Google’s “Latitude” phone tracking system, Privacy International has identified what appears to be a fundamental design problem that could substantially endanger user privacy.

Google Latitude, a new service from Google that allows you to send your location to Google Maps and share it with friends via many mobile phones.

With Google Latitude, you can:

  • See where your friends are and what they are up to
  • Quickly contact them with SMS, IM, or a phone call
  • Maintain complete control over your privacy

Latitude is not a separate service that people need to separately adopt and configure but an extension of existing Maps for Mobile functionality. People simply need to download the latest version of Maps for their phone and opt-in to location sharing.

Latitude’s location-awareness capabilities are built on Google’s Wifi and cell tower triangulation that form the basis for its My Location tool.

image

After studying the system documentation, PI has determined that the Google system lacks adequate safeguards to protect users from covert opt-in to Latitude’s tracking technology. While it is clear that Google has made at least some effort to embed privacy protections, Latitude appears to present an immediate privacy threat.

 image

Latitude is based on a reciprocal opt-in system. That is, before a person can be tracked, a sharing arrangement must be agreed with a requesting party. After this process has been executed, location data is made available on a time-to-time or continuous basis. On the face of it, this arrangement might seem an adequate protection. However this safeguard is largely useless if Latitude could be enabled by a second party without a user’s knowledge or consent. Privacy International believes this risk is substantial and could in the future adversely affect millions of phone users.

The following scenarios has been considered as some of the ways that the service can be abused:

  • An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
  • A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
  • A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
  • A Latitude-enabled phone is given as a gift.
  • A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.

Privacy International believes Google has created an unnecessary danger to the privacy and security of users. It is clear the company is aware of the need to create a message alert on Latitude-enabled phones but has chosen to launch the service without universal access to this safeguard. The Director of Privacy International, Simon Davies, said:

Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security. The company has a long way to go before it can capture the trust of phone users.

As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user’s privacy and security are as limitless as the imagination of those who would abuse this technology."

 

Reference: www.privacyinternational.org

746 Comments

  1. Gabriel

    How is this different than the other location-aware services on internet-enabled PDAs/smartphones?

    There are much simpler ways to track someone covertly using existing software.

    Reply
  2. Gabriel

    How is this different than the other location-aware services on internet-enabled PDAs/smartphones?

    There are much simpler ways to track someone covertly using existing software.

    Reply
  3. talksmart

    hi. This blog is currently one of the nominees for the Filipino Blog of the Week award (week 170). You may visit the site and vote. Poll is on the sidebar.

    Reply
  4. talksmart

    hi. This blog is currently one of the nominees for the Filipino Blog of the Week award (week 170). You may visit the site and vote. Poll is on the sidebar.

    Reply
  5. Pingback: cook county process server

  6. Pingback: nike basketball shoes

  7. Pingback: barbour jacket

  8. Pingback: l?s upp telia

  9. Pingback: burberry outlet

  10. Pingback: air max 2015

  11. Pingback: beats by dre cheap

  12. Pingback: ugg boots sale

  13. Pingback: balenciaga outlet

  14. Pingback: burberry sale

  15. Pingback: nike air max 2015

  16. Pingback: GTA Investments

  17. Pingback: louboutin shoes

  18. Pingback: balenciaga handbags

  19. Pingback: ugg outlet online

  20. Pingback: cheap uggs

  21. Pingback: uggs on sale

  22. Pingback: canada goose jacket

  23. Pingback: air max 2013

  24. Pingback: cheap jordans

  25. Pingback: cheap nike basketball shoes

  26. Pingback: ugg boots uk

  27. Pingback: celine outlet

  28. Pingback: belstaff jackets

  29. Pingback: canada goose jackets

  30. Pingback: christian louboutin shoes

  31. Pingback: belstaff outlet

  32. Pingback: cheap ugg boots uk

  33. Pingback: lebron james shoes

  34. Pingback: cheap beats by dr dre

  35. Pingback: celine bag

  36. Pingback: New York City real estate

  37. Pingback: nike shox

  38. Pingback: nike air max 2014

  39. Pingback: oakley sunglasses

  40. Pingback: mcm bags

  41. Pingback: cheap nike air max

  42. Pingback: canada goose jackets sale

  43. Pingback: nether hacks

  44. Pingback: lista serwerów minecraft

  45. Pingback: Krynica Morska pensjonaty

  46. Pingback: cheap ugg boots

  47. Pingback: canada goose sale

  48. Pingback: fuckbook

  49. Pingback: cheap developer

  50. Pingback: air max

Leave a Comment

Your email address will not be published. Required fields are marked *