Addressing concerns over location sharing

I wrote a quick post on Sunday morning about the mobile location sharing hack I wrote at Open Hack London. My post tried to explain the tech behind it, but I wanted to follow it up with a post to explain my thinking around the social innovation in the idea.

Sharing your location with your friends. People have been talking about this for ages, but recently it’s started to hit the mainstream.

More and more mobile phones are coming with GPS. For the ones that don’t, systems like Skyhook and Google Maps for Mobile are getting smarter at using GSM Cell IDs and WiFi access point addresses to work out where you are.

The reaction to this stuff finally arriving for the masses hasn’t all been positive, though. The response to the UK launch of Google Latitude – Google’s mobile application for sharing your location with friends from your Google contact list – is a good example.

A threat to privacy?

Privacy International said that “…Google has created an unnecessary danger to the privacy and security of users…”. They argued that it was too easy for Latitude to be “…enabled by a second party without a user’s knowledge or consent…” and that once enabled it could remain undetected for a long time, with massive potential for abuse.

Liberal Democrat MPs Tom Brake and my local MP Chris Huhne submitted an Early Day Motion to Parliament arguing that Latitude “…could substantially endanger user privacy…” and that “…Google has created an unnecessary danger to user privacy…”.

Tom Brake followed this up with the now widely reported quote that “Google Latitude poses an insidious threat to our hard-won liberties“.

I personally think this was unnecessarily alarmist, but at any rate, it is clear that the model of granting ongoing access to your location (until / unless you revoke it) worries some people.

Signups and installs… a barrier to entry?

The location sharing systems I’ve seen – and whether this is a Fire Eagle based one, or brightkite, or Latitude, or any of them – follow a similar model. To share your location with someone, you need to:

  • sign up to a service
  • get them to sign up to the same service
  • add each other as ‘friends’

Some of them, such as Google Latitude, add the additional requirement of having to install an application on your phone to see where your friends are.

Until a service is widely adopted, this remains a barrier to entry for quick, inpromptu use. If I want to quickly show someone where I am, it’s just not practical to say “go to this website, create a new profile, go to my profile here, add me as a friend and I’ll approve you…”.

‘Guest Pass’ – using tokens for once-only, time-limited access

This was the thinking behind my hack. How can we address the privacy concerns being raised about services like Google Latitude, while making it quicker and easier for people to share their location while on the move?

A full description of what I came up with is in my post from Sunday, but in short, the idea was to allow users to create a “Guest Pass” to your location data. You create a unique, random token and anyone who has that token is allowed to see where you are.

For example, if the token is “a1b2c3d4”, then you send someone an SMS or an email telling them to go to http://hereIam/a1b2c3d4.

That web page will show them a map telling them where you are.

Addressing privacy concerns

The token will only work for a limited time – e.g. 10 minutes.

The example I gave on the day was meeting a client. You want to help them find you for the meeting, but you don’t necessarily want them to be able to track you home afterwards.

You allow access to your location for a specific purpose, for a specific event, for a limited time.

(You could always do this with conventional services like Latitude by granting access, and then remembering to revoke it after they find you. But that is a little clunky.)

Removing the sign-up barrier

The web address, containing the token, is itself all the authentication required. They don’t need to have any special app on their phone. They don’t need a password, or to create an account on any website.

The key is that the web page doesn’t need to be protected.

Security without passwords

The tokens (in reality longer than “a1b2c3d4”) are long and random enough that probably no-one will guess it.

But even if someone does go looking for valid tokens – starting from “aaaa…aaaaaa”, “aaaa…aaaaab”, “aaaa…aaaaac” etc. until they find one – all they will get is a web page with a picture of a map on it.

No names, user names, or any other personally identifying information need to be displayed on the page. The page is only useful to find a specific person if the person who created the token tells you that is their location. Otherwise, it just tells you that someone is somewhere.

This isn’t a better way… just a different way

I’ve sounded a little negative about location services, particularly Google Latitude. So let me backtrack a little – I think Google Latitude is awesome. I use it. I like it. I’m gonna keep using it.

And while I think some of the suggestions made by Privacy International and others to improve the transparency of Latitude are sensible ways to reduce misuse, I also think that some of the comments that have been made about it are frustratingly dramatic and alarmist.

At any rate, my token idea doesn’t suit all scenarios. The sign-up profile approach is better suited for long-term sharing with friends and family. For example, if my wife needs to know where I am, that is fine. But I can’t be bothered to create her a new URL every time she wants to check. The Latitude approach of adding her as someone authorised to see my location is a perfect fit.

So this wasn’t meant as a “this is how other services should do it” post. Rather an exploration of another way we could do things: improving the user experience by removing the need to get someone to sign up with a new website before you can share your location with them, while also addressing some of the concerns that people have with existing systems.

Tags: , , , , , , , , , , ,

2 Responses to “Addressing concerns over location sharing”

  1. Teknovis says:

    Interesting article… I used to work in this area, and I really enjoyed it!

    Your idea reminds me of the idea presented in “A Lightweight Approach to Managing Privacy in Location-Based Services” by Tom Rodden, Adrian Friday, Henk Muller, and Alan Dix. Available from http://www.comp.lancs.ac.uk/~adrian/Papers/rodden-lightweightprivacy-2002.pdf

  2. dale says:

    Thanks very much for the comment – that looks like a fascinating paper.