Another week, another host of privacy concerns that somehow sound both utterly horrifying and totally obvious.
Amazon announced Monday that its voice assistant Alexa can now be set up to perform location-based tasks: reminding you to do certain things when you’re in specific locations, or running through a preset routine each time you walk out the door of your house. (Alexa can also read and summarize your emails now.)
This isn’t such a big deal, because you have to give Alexa access to your location and set up all the activities yourself, but it is a good reminder that Google’s personal assistant has had the same feature since March, and Google already had the ability to track your location — probably the entire time you’ve been using a smartphone.
Also on Monday, BuzzFeed News’s Nicole Nguyen reported on three Facebook patents pertaining to location data. One, filed last May, is called “Offline Trajectories” and is a method of using Facebook users’ previous location data — and the previous location data of people they know or have been physically near — to predict their future location. For the purpose of highly-targeted ads, obviously.
It’s been a week of bad news if you care about your privacy in physical space
Nguyen points out that Google Maps faced a backlash in 2016 when it launched a predictive feature that used location and search history to guess where users were going when they started driving. In that case, Google clarified that the tech could only predict if you were going to destinations you’d labeled in the app previously (e.g. “Work” or “Home”) or recently searched for.
The Facebook patents demonstrate a far more specific intent to track, with fairly explicit aims. The second patent application Nguyen found talks about using wifi, Bluetooth, and cellular signals to track users in a manner that is more accurate than GPS. The application explains that the super-precise data could be paired with information about local business hours and used to visualize popular routes through clusters of businesses — again, extrapolating data from users who are near each other or behave similarly. The third patent expands on this, explaining how collecting data at scale in small geographic regions could even differentiate between tourists and people who actually live there.
(Facebook told BuzzFeed News, “We often seek patents for technology we never implement, and patent applications — such as this one — should not be taken as an indication of future plans.”)
Also on Monday, the New York Times launched a giant interactive feature about how hundreds of apps collect extremely precise location data from their users — data that companies claim is anonymized:
The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.
It’s “anonymized” data only on a technicality, as the NYT found it remarkably easy to identify individuals based on the home addresses their devices spent the most time in and where they traveled to most often. For example, a middle school teacher’s device was the only one going from her house to the local middle school every day. They also followed her to the doctor, the gym, and Weight Watchers meetings.
The reporters also found it shockingly easy to, uh, track the president:
Two location firms, Fysical and SafeGraph, mapped people attending the 2017 presidential inauguration. On Fysical’s map, a bright red box near the Capitol steps indicated the general location of President Trump and those around him, cellphones pinging away. Fysical’s chief executive said in an email that the data it used was anonymous. SafeGraph did not respond to requests for comment.
Phones belonging to children and teenagers were easy to track, bouncing consistently from their home addresses to their schools. Doctors’ phones were easy to track. The NYT followed what it assumed might be a detective from the site of a Manhattan homicide to a hospital, then back and forth to a police station several times.
Location-targeted advertising is worth an estimated $21 billion a year, according to the NYT report, and it points out that around 1,200 Android apps and 200 iOS apps contain location-sharing code.
As for the biggest players in mobile ads — Google and Facebook — there is some incentive to tout privacy. Keeping the data they collect exclusive to their own platforms means they can sell that advertising at a premium, while coming off as protectors of your personal data.
Plus, as the NYT report highlights, device makers — particularly those in the phone game — know that privacy is still something consumers value, so they make some efforts to keep both consumers and app developers happy at the same time. For example, Google collects your location constantly, but Android allows apps that are running in the background of your phone to pull your location only a few times an hour. Apple requires iOS app makers to warn you about data collection with explanatory pop-ups, though it doesn’t actually require them to say whether the data will be used to target ads.
Have you ever wandered into a new store on a whim, then gotten barraged with ads for it? It’s extremely creepy! Data on where you are and where you might go is most useful to advertisers because it tells them about things far less guessable or generic than your idle online browsing habits — it can elucidate your real habits, your lived beliefs, your actual preferences.
Maybe you spend all day reading fancy foodie blogs, but you really walk over to Chipotle four nights a week. Maybe you click through ads for trendy new sneakers out of curiosity about how “the culture” is living, but actually spend your weekends looking for shoes in thrift stores. More seriously, the New York Times was able to track phones that went to Planned Parenthood and see how long they stayed; they could surely see how long phones rested in other places that have specific medical or political or cultural connotations. Maybe you tweet regularly about how the country has become godless and unmoored, yet spend every Sunday not at the church with your name on its register but at, like, a bowling alley bar. Who knows! (Hundreds of companies.) (Quick reminder that GPS jammers are illegal!)
This week’s news dump is as good a reminder as any that we’ve largely slipped down the slope from being individuals with reasonable expectations of privacy to “anonymized” balls of almost entirely public data points.
With Google and Amazon and Facebook, you turn this data over on purpose in order to use their services. With hundreds of other apps — your weather app, your restaurant recommendation app, your dating app, and so on — you do the same, reasoning that there is logic behind the request to know where you are. The problem isn’t that logic; it’s the logic of whoever gets the data next. Maybe throw your phone in the river? I for one will be dedicating at least an hour a day to walking in and out of random businesses and places of worship, then serpentining toward my home.