PDA

View Full Version : Big Brother, Thy Name Be Ye Google?



Peter Lemkin
02-11-2009, 02:54 PM
Privacy international identifies major security flaw in Google’s global phone tracking system

05/02/2009


One day after the global launch of Google’s “Latitude” phone tracking system, Privacy International has identified what appears to be a fundamental design problem that could substantially endanger user privacy.

After studying the system documentation, PI has determined that the Google system lacks adequate safeguards to protect users from covert opt-in to Latitude’s tracking technology. While it is clear that Google has made at least some effort to embed privacy protections, Latitude appears to present an immediate privacy threat.

Latitude is based on a reciprocal opt-in system. That is, before a person can be tracked, a sharing arrangement must be agreed with a requesting party. After this process has been executed, location data is made available on a time-to-time or continuous basis. On the face of it, this arrangement might seem an adequate protection. However this safeguard is largely useless if Latitude could be enabled by a second party without a user’s knowledge or consent. Privacy International believes this risk is substantial and could in the future adversely affect millions of phone users.

In summary, the danger arises when a second party can gain physical access to a user’s phone and enables Latitude without the owner’s knowledge. At present we are unaware of a way this could be achieved remotely.

We have considered the following five scenarios:
An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
A Latitude-enabled phone is given as a gift.
A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.

Once the phone has been enabled, the second party will be able to mask his phone’s presence, thus ensuring that the victim is unaware that her phone is being tracked. According to Google’s FAQ:

"From the Google Latitude privacy menu, you can choose to either detect and share your location automatically, set your location manually, hide your location from all friends, or turn off Latitude altogether."

The only means of minimizing this threat might be a regular message sent to a phone advising that it has been Latitude enabled.

However according to Google, this function is available only in certain circumstances. Again, quoting from the Google FAQ:

"After Google Maps for mobile with Latitude is installed and running on some (our emphasis) mobile devices, you may receive prompts on your device reminding you that you have enabled Latitude to share your location with selected friends.

These reminders allow you to continue or stop sharing your location with Latitude and will appear a limited number of times if you have enabled Latitude but have not used it recently" (our emphasis).

This means that only some users with certain unspecified phone types will receive a notification, but only in circumstances where Latitude has not been used for an unspecified period. If the tracked party is unaware that her phone has been enabled, the Latitude settings could indefinitely be set to continuous tracking, thus ensuring that the alert message is never sent from Google.
Conclusion

Privacy International believes Google has created an unnecessary danger to the privacy and security of users. It is clear the company is aware of the need to create a message alert on Latitude-enabled phones but has chosen to launch the service without universal access to this safeguard. The Director of Privacy International, Simon Davies, said:

"Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security. The company has a long way to go before it can capture the trust of phone users."

"As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user’s privacy and security are as limitless as the imagination of those who would abuse this technology."

David Guyatt
02-11-2009, 06:03 PM
It's amazing how these things have flaws which can be used against the public isn't it. One thinks of Bill Gates Windows and all the flaws in various internet browsers that can be hacked into.

On Latitude phones (mobiles/cell phones), here in the UK one outfit advertises on TV for enabling the mobile of their spouse to track them covertly if their partner/wife/hisband are concerned about their fidelity. Tracking owners via their mobile phone is SOP for the intelligence and security services, which can be exactly triangulated via mobile phone masts. But then again we spooked-upon-UK-citiizens cannot travel in a City without being remotely photographed upwards of 300 times a day.

Technology has allowed our government to make George Orwell's Big Brother state mild in comparison.

Paul Rigby
02-11-2009, 09:35 PM
we spooked-upon-UK-citiizens cannot travel in a City without being remotely photographed upwards of 300 times a day.

Unless, of course, you're engaged in planting bombs on the London underground, or on a bus. In which case, the cameras don't work, or miss you and your confederates at key junctures.

Weird.

David Guyatt
02-12-2009, 01:30 PM
we spooked-upon-UK-citiizens cannot travel in a City without being remotely photographed upwards of 300 times a day.

Unless, of course, you're engaged in planting bombs on the London underground, or on a bus. In which case, the cameras don't work, or miss you and your confederates at key junctures.

Weird.

Amen.

Wouldn't want to catch our own boys doing naughty stuff would we now...:dancing2:

Peter Lemkin
02-12-2009, 06:09 PM
Really disturbing interview on this - and related- here http://www.democracynow.org/2009/2/12/harry_lewis_blown_to_bits_your

Will post transcript when it is available.

Confirms any mobile can be converted into a 24-7 bugging[and positioning] device you can NOT shut off - all this can be done after you have it; without touching it; without you knowing about it - and 'legally' [as the empire now construe's what is legal]. And there is worse....