Archive
AirTags: Update
Last year we reviewed Apple’s new AirTags and some of the concerns that had been raised with respect to personal location tracking. The consensus then was although these new devices were easy to use and worked well, there wasn’t enough detailed information available describing how AirTags worked or sufficient transparency in how personal location information could be used.
Fast forward to January 2022 and Apple have now released The Personal User Safety Guide, which includes a section on how to stay safe with AirTags. Providing the device with the Find My application (phone or iPad) is running iOS or iPadOS 14.5 or later, the device will notify the owner if another device has been detected moving in sync.
Apple have also published an additional set of instructions describing what to do if you get such as an alert and, if necessary, how to disable the locations services on the various supported devices. A new tracker detect app for Android phones has also been released.
Although the additional information and device identification resources available now are good to see, some concerns remain as to whether devices such as AirTags should still be available in their current form if there is still the possibility of unwanted tracking. Instead of unknown devices being allowed to follow by default, why not turn that around and block all unknown devices unless permission is granted?
AirTags: Who’s watching who?
When I saw the announcement about Apple’s new AirTags, my first thought was to forget tracking the location of my personal possessions, I could use one of these to track my elderly, and occasionally forgetful, Mother. Attach an AirTag to her bag, subject to her consent, and I’d be able to keep an eye on her whereabouts when she heads out to walk her dog.
However, not long after the initial release and reassurances that location privacy was an integral part of the design, a software update for AirTags was made available to counter unintended or surreptitious tracking by other suitably enabled devices in the vicinity. The initial configuration for sending safety alerts for an AirTag separated from its paired iPhone or the presence of AirTag not owned by you but in some way tied to your location (nearby or slipped into a pocket?) and tracked by others, meant alerts were not triggered for three days if you didn’t have an iPhone with IOS 14.5 or had an Android phone. Given the number of iPhones in circulation and the extent of Apple’s Find My network, millions of people could be tracked unwittingly through AirTags and be none the wiser for three days. Even after an upgrade to iOS 14.5 and the AirTags software update, it could still take a couple of hours to alert an iPhone owner to the presence of a so-called stalker AirTag. Chances are nothing would happen but is broadcasting your location like this worth the risk?
In this day and age of heightened awareness of creepy apps, issues related to location tracking and so on, it seems odd this particular scenario hadn’t been considered as a potential security threat. As Brenda Stoylar noted in her Mashable article …
‘AirTags are easy to use and effective, but their extensive location tracking and ability to go beyond Bluetooth range is also what makes them dangerous for the rest of us.‘
What makes AirTags potentially dangerous to use is the lack of detailed information describing how they work and a lack of transparency in how location information is, or could be, collected.
Best practice guidance and tools for geospatial data managers and onwards to 2025…
Following on from their search engine optimisation recommendations for data publishing, the UK Government Cabinet Office and Geospatial Commission have combined forces to produce a comprehensive set of best practice guides and tools for geospatial data managers. Included in the set are:
- Linked identifier schemes: How to apply unique identifiers to integrate spatial and non spatial data
- Geospatial glossary: An A-Z of geospatial terms and useful links
- Geospatial data relevance assessment guide: Guidance on organisation trustworthiness and geospatial data confidence assessment procedures
- Access to geospatial data: Data sharing assessment tool
- Finding geospatial data: The importance of search engines and metadata
Also recently published by the Geospatial Commission is the UK’s geospatial strategy 2020 to 2025 – Unlocking the power of location. The report identifies four critical mission objectives and nine opportunities to pursue with the end goal of a ‘coherent national location data framework‘ by 2025. Highlighted in the report is the importance of open data sources/formats and collaboration with organisations such as the Open Geospatial Consortium, as key components for meeting those objectives.
Verifying location data with blockchain cryptography
Following on from Joseph’s recent post on some of the issues associated with the plethora of image resources we now have access to, another interesting aspect of verifying those data sources relates to the basic premise of proof. How can a data provider, whether that’s an individual or global company, prove the data they collect and publish are an authoritative and accurate representation of the locations they seek to record? The problems associated with Geolocation and GPS Spoofing are not new, with many protocols and procedures now in place to help prevent this type of deception. Conversely, GPS simulators are generally available, making it relatively easy for location hackers to interfere with GPS signals.
So how do data providers prove entities, in both the physical and human-made environments, really do exist at a particular location? One company, XYO, has been working on an alternative to satellite networks as a source of verified location information – the XYO Network. By augmenting our increasingly interconnected network of digital devices with location tracking technologies that incorporate blockchain cryptography, these co-opted devices (acting as sentinels or bridges) can be configured to recognise, validate and confirm the location of each other. As each device acts as a witness to the location of other devices; the more witnesses there are confirming a device’s location, the less chance there is that location is incorrect. The end result is a decentralised location data network that is arguably at less risk of being compromised.
Bound witnesses (sentinel and bridge devices) in San Francisco – https://matrix.xyo.network/map
Using device networks in this manner is an interesting new development in evolution of geospatial data and an emerging technology to watch.
Quality Matters…
When Apple Maps was launched six years ago it was not a resounding success, by any measure. Although much of the criticism levelled at Apple focussed on the application interface and the lack of some keys features Google Maps users took for granted, for many the main issue was the quality of the map data. Apple Maps was originally delivered on a platform of third party map data, including TomTom and OpenStreetMap, with the majority of the satellite imagery sourced from DigitalGlobe. In response to the criticism, Apple vowed to do better and set off on a mission to improve the application and challenge the dominance of Google Maps.
Many application upgrades later, the map data is still not considered to be of the same quality as Google Maps. For example, zoom into a location in Queens, New York and compare the quality and range of information reported for local transport services in Google Maps compared to the same site and services reported in Apple Maps. Both Apple and Google Maps provide the number of the bus service using a particular stop but Google Maps provides more … street view data to visualise (and confirm) the location of the bus stop and better integration of supplementary traffic and transport service information.
The same bus stop in Apple Maps is shown at a slightly different location (further to the east along 48th Ave) and lacks the integrated street view.
All that is set to change with an ambitious plan from Apple to rebuild their map data platform (see reports in TechCrunch and Medium). Taking a leaf out of the Google handbook on data collection, Apple have invested in specially equipped vans and drones, decked out with GPS, LiDAR, high resolution cameras and other data capture tools. In addition, Apple is also generating map information from anonymised iOS device data, adopting a strict ‘privacy-by-design’ methodology, to improve road network and pedestrian traffic information.
The new in-house Apple Maps service has been available on a limited basis in California, USA for a few months now and there are plans to roll the service out to the whole USA over the next year. No word yet on when it will be available further afield.
Latitude Mark II: All change and no change
A recent article on BusinessInsider reported the re-launch of Google’s location sharing feature as an update to Google Maps. Originally available as Google Latitude, the first version prompted a report highlighting the risks of inadvertently sharing personal location information. Although the location sharing options seem similar second time around, the focus seems to be on the benefits of sharing this type of information and as the article notes, although the privacy concerns haven’t away, they are a footnote rather than the headline.
What has changed in the intervening years appears to be the perceptions about sharing personal location information. Is this because consumers of such services heeded the warnings and shared with discretion so fears were unfounded, or because the risks were not as great as originally thought? Other location sharing applications, such as Glympse and Swarm, stayed the course and developed their niche products away from the spotlight that tends to focus on Google. Have these services paved the way for Google to try again? Whatever the reason, Google is confident enough of a favourable reception to re-release their location sharing technology as part of their flagship application.
Meeting the challenge of up-to-the-minute maps
A few weeks ago we wrote about autonomous cars and some of the associated location data privacy issues that this new type of transport raised. In a related article in Automotive News, the challenge of collecting and maintaining the highly accurate map data that would be required to support these vehicles and provide the locational context for the various data sources collected by in-car sensors was also discussed. As the report author commented, ‘History’s most intrepid explorers were often at the mercy of their maps. The self-driving cars of the future won’t be any different.‘
Jim Keller (Chief Engineer, Honda R&D Americas Inc.) has acknowledged that mapping is going to be critical to the success of the autonomous car and he considers the relationship between map makers and car manufacturers as both vital and symbiotic. He argues that data collected by the cars will augment the data available from more traditional sources and data available from those more traditional sources will in turn help the car manufacturers.
While this suggests a new location data collecting dynamic – crowd-sourcing meets Street View, with cars altruistically recording and sharing the data they collect – it also highlights some of the challenges ahead. These cars have the potential to provide unprecedented volumes of detailed road network data but for that data to be useful, they have to be accurate, current and consistent with the standards adopted by other map data providers to ensure integration with existing data sets, reliability and ultimately safe driving for all road users.
Autonomous cars and location data privacy
Location data privacy issues continue to challenge both the providers and consumers of location based services. With news last week that Audi has become the first car maker to obtain a permit from the state of California to test autonomous or self-driving cars on public roads, the prospect of so-called robot cars on the roads and highways gets ever closer. This will not only herald a new age in car usage and traffic management, but there will also be some far reaching implications for the collection and use of personal location data. The recording and archiving of navigation histories, monitoring individual driving behaviour, potential links to social media and other online accounts, and the insatiable desire from advertising companies to know as much as they can about where we are going to and what we do when we get there, exposes a minefield of location data privacy issues (What If Your Autonomous Car Keeps Routing You Past Krispy Kreme?). As one motor industry VP of marketing commented at CES earlier in the year, ‘We have GPS in your car, so we know what you’re doing”.
Self-driving car technology (Source: http://www.mechanicalengineeringblog.com/tag/self-driving-car-lidar/)
US government research into in-car location services has already prompted a call for location data privacy legislation. The Location Privacy Protection Act, updated and reintroduced this year, would require all companies who provide such location based services to obtain explicit permission from their customers before collecting and reusing their personal location data. If passed the bill would also require companies to publicly disclose how the location data is being used.
Should traffic management and law enforcement authorities have access to an individual’s location data while they are on the road? Would the fear of being ‘caught’ violating road and traffic regulations make us more responsible drivers and would the prospect of safer car operation and a reduction in accidents due to the extra surveillance be sufficient to persuade us to relinquish some control over our personal location data? It will be interesting to see what the response to these data privacy issues will be when self-drive cars finally hit the roads.
Always on: The analysts are watching …
We recently came across the Moves App, the always-on data logger that records walking, cycling and running activities, with the option to monitor over 60 other activities that can be configured manually. By keeping track of both activity and idle time calorie burn, the app provides ‘ an automatic diary of your life’ .. and by implication, assuming location tracking is always enabled as well, an automatic log of your location throughout each day. While this highlights a number of privacy concerns we have written about in the past (including Location Privacy: Cellphones vs. GPS, and Location Data Privacy Guidelines Released), it also opens up the possibilities for some insightful, and real-time or near real-time, analytical investigations into what wearers of a particular device or users of a particular app are doing at any given time.
Gizmodo reported today on the activity chart released by Jawbone, makers of the Jawbone UP wristband tracking device, which showed a spike in activity for UP users at the time a 6.0 magnitude earthquake occurred in the Bay Area of Central California in the early hours of Sunday 24th August 2014. Analysis of the users data revealed some insight into the geographic extent of the impact of the quake, with the number of UP wearers active at the time of the quake decreasing with increasing distance from the epicentre.
How the NAPA earthquake affected Bay Area sleepers.
Source: The Jawbone Blog
This example provides another timely illustration of just how much personal location data is being collected and how that data may be used in ways never really anticipated by the end users. However, it also shows the potential for using devices and apps like these to provide real-time monitoring of what’s going on at any given location, information that could be used to help save lives and property. As with all new innovations, there are pros and cons to consider; getting the right balance between respecting the privacy of users and reusing some of the location data will help ensure that data mining initiatives such as this will be seen as positive and beneficial and not invasive and creepy.
How much is our personal location information worth?
Just as the open government data and free public access movement continues to go from strength to strength, it seems that personal data could soon be a new currency in the digital information markets, where companies and other interested parties bid for the right to use that data for their own purposes.
Jacopo Staiano at the University of Trento in Italy recently conducted an experiment to the perceived value of personal location information. The study, reported in the MIT Technology review, involved 60 participants using smartphones that collected a variety of information including the number of calls made, applications used, the participant’s location throughout the day and the number of photographs taken. Using an auction system, the participants were given the opportunity to sell either the raw data or the data after it had been processed in some way to add value. Of all the information collected during the experiment, personal location data emerged as the most highly valued, and perhaps not surprisingly those who travelled more each day generally placed a higher value on their location data than those who didn’t.
Daily median bid values (Euro)
per category. Vertical lines indicate interventions. Staiano et al. 2014
The valuable insights into personal behaviour and preferences provided by such information are what compel the marketers to find ever pervasive ways to tap into that resource. Mobile location-aware applications and services are now commonplace and for many recording location data is the default setting; users have to proactively opt out to avoid being tracked. During the course of the experiment the participants were also asked who they trusted most when it came to managing their personal location data; the responses indicated concerns about the trustworthiness of financial institutions, telecom and insurance companies when it came to collecting and using this information.
The research suggests the emergence of ‘.…a decentralised and user-centric architecture for personal data management‘, one that gives users more control over what data is collected, how it is stored and who has access to it. The study also reports that several research groups are already starting to design and build such personal data repositories and it is increasingly likely that some type of market for personal location information will soon emerge.
Contributors
Gallery
Spatial Reserves 
Recent Comments