Friday, 6 February 2009

Twitter & Google Latitude Security – Just be careful

Twittering is really taking off in the UK at the moment, thanks to celebratory endorsements by regular twitters such as Stephen Fry, Jonathan Ross, Phillip Schofield, Andy Murray and Alan Carr to name a few.  In simple terms, Twitter allows you to write and share 140 character statements with other Twitters, which is a kind of a current status update, with the majority tweeters using mobile devices to provide regular updates of what they are currently doing or thinking about. It's as not as boring as it sounds, for instance Stephen Fry just posted "Just landed in a rainy LA. Phones banned in customs hall these days. Will confiscate them if used. Gulp.", while Alan Carr posts "Get back to school you little s**s and stop throwing snowballs at my hanging baskets."
I’m not one for social networking as I don’t like the idea of sharing all my personal details with the whole world, only my views on information security.  However I have been giving Twittering a go (www.twitter.com/SecurityExpert - follow me if you wish!), although I have to say I am having a few difficulties.  I really don’t like revealing where I am, nor can I talk about what I’m doing most of the time for client confidentiality and general security reasons, and I don’t really want to go on about what I had for breakfast either!  Another problem for me is I’m not really good a doing short posts, as you will gather from reading this blog, but nether-the-less I am going to persist with twittering, mainly to keep a couple of nagging mates happy, and besides I find reading some of those celebratory tweets rather amusing.
  
Security wise, I don’t want to appear hypocritical and some sort of kill joy or an alarmist, but I do have a nagging security concern with Twitter which bothers me. I simply don’t think it’s a good idea to tell the world where you are all the time, especially when out of the country or on holiday. Surely telling the world where you are is bound to increase the risk of having your home burgled, especially if you are a celebrity who is followed by countless anonymous thousands.  For instance seven Liverpool football players have had their houses broke into while they were playing football matches, because the thieves knew where they lived, and knew the players wouldn’t be at home.  http://news.bbc.co.uk/cbbcnews/hi/newsid_7710000/newsid_7716500/7716505.stm.
  
Google launched Google Latitude this week, which allows mobile phones to be tracked within Google Maps. The initial response by non-tech savvy media was to prey on people’s privacy fears.  But I have to say Google have got privacy approach right, which is to have the privacy set to “on” as the default position. Most social networking sites adopt the opposite position with privacy settings, for example the privacy default in Twitter is allow anyone to follow your posts, rather than trusted friends.
 

Let's make the privacy of Google Latitude clear. For any mobile phone to be tracked on Google Maps by Google Latitude, the mobile phone owner must first enable the tracking feature on their mobile phone. The entry of phone numbers via the Google Latitude webpage (see above) is just a misleading rouse, and merely sends a text message with a link to Google Maps to the phone. So you just cannot track anyone or any phone number you want!
 
The mobile phone user must enable the tracking on the mobile phone itself, and then select who he\she would like to see his location. The default setting is to not allow anyone to track, with the user selecting specific Google friends to be allowed to see his or her location, rather than the entire world. And finally the user can select the level of tracking detail, which for instance can be set to track by city name rather than to specific streets.

My security advice with Google Latitude is to be careful about being too over zealous in who you are allowing to known your location; I mean, do you really want your boss and work colleagues to know where you are at the weekend?

Google Latitude is certainly an interesting tool, sure there are some privacy concerns to think about, but I think Google’s approach is spot on, and it could have some interesting uses, such as tracking where your kids are!

No comments: