Privacy Group Calls Google Latitude a Real 'Danger'

CWmike writes "Privacy International is calling Google's new mapping application an 'unnecessary danger' to users' security and privacy. The criticism follows the unveiling this week of Google Latitude, an upgrade to Google Maps that allows people to track the exact location of friends or family through their mobile devices. Google Latitude not only shows the location of friends, but it can also be used to contact them via SMS, Google Talk or Gmail. 'Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security,' said Simon Davies, director of London-based Privacy International, in a statement. The group's chief concern is that Google Latitude lacks sufficient safeguards to keep someone from surreptitiously opting into the tracking feature on someone else's device."

Re:Frightening

[JorDan+Clock]

This is exactly how it works: You install software on your phone. If you have physical access to someone's phone long enough to install the software, I think there are other far more malicious things you could do, like copy contacts and such.

Re:Tell me again

[QuantumRiff]

I played with it on my blackberry, its pretty cool. When I quit the Map App, it asks if I want to keep tracking on, or disable it. Also, you have to give people permission to see your location. I can't help but think of some handy uses for it, such as your meeting friends at the game, and don't know where in the crowded parking lot they are, or what bar their sitting in downtown, and your trying to join them. It would be a hell of alot faster than trying to talk someone all the way to my location.

Re:Everyone focuses on the negative

[digitalchinky]

The current breed of signals and communications intelligence is built upon systems that log and database a wide range of their inputs. Certainly one would assume emerging or custom protocols can take a while to hit the sights of middle management before they too are included whenever possible. However, where you are wrong is with the assumption that the government actually knows who you are based on either your voice, or any in or out of band signalling present. Mostly they can't know who you are, and have no real interest in knowing either.

Signalling systems are complex at best for man (or woman) in the middle work, just reading through any of the spec sheets will make this pretty clear. Your bog standard GSM handset might send it's IMEI once upon a time when you first turned the phone on, but the network thereafter will assign it with a new identity on a regular basis. Unless you catch some of those initial bursts, it becomes a game of association between who you call, and what might be buried somewhere in the database. The mathematics of such things means that even with tons of terrabyte drives, resources are still finite and the depth of associations cannot extend too far before the system starts logging worthless crap.

I guess my point is this: All wiretaps over the last 10 years (at the very least) are not necessarily 'real time' or targeted against any specific individual. The net is routinely cast far and wide. This is why 'retroactive permission / immunity' exists.

When you understand the technology behind the scenes, it's only a very small leap to a broader appreciation for what the government may, or may not be doing behind your back. :-)

Re:Everyone focuses on the negative

[poptix_work]

| The only way that could work is if Google have mapped the physical location of every WiFi network and are using them to do the locating. I knew that was theoretically possible, but I didn't know Google had actually done it. For some reason, I found that slightly creepy.

Actually, Google didn't do it. This company did: http://www.loki.com/

It's pretty interesting and useful. Personally I don't have an issue with a public company doing anything a government can do without you noticing, it brings those things into the light where people can say 'hey, if $company can track my cell phone/laptop via wifi access points, so can the government'. I personally think Google worked *very* hard to ensure that privacy concerns would be avoided with Latitude. When you start Google Maps it mentions latitude, your icon changes significantly, exiting Google Maps asks if you wish to continue sharing your location. You must enable sharing on a per-friend basis when adding them, and the default is NO (even on the selection box). It's also possible to share at different levels of accuracy, AND to set a location to be reported in case you don't want anyone to know you're "hiding".