You may recall a month or so back I wrote about Facebook and how we are now keenly aware of how our data is being accessed and manipulated, often without our knowledge.
And if you post a picture of yourself, and your face is visible, you can be identified by those nosey parkers. Well, there is a whole new meaning to nosey parker now.
Google tracks your movements even if you have turned location history off. An investigation has found that even if you explicitly tell Google not to track your location and movements on your iPhone or your Android smartphone, they do anyway.
The investigation found that users are being misled by Google’s claim that for those who turn off Location History “the places you go are no longer stored.” In fact, even with Location History turned off, some Google apps automatically store time-stamped location data without asking. For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches which have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude, accurate to the square foot, and save it to your Google account.
So many of the company’s services track your location, it’s virtually impossible for the user to know just how many services they need to disable to regain their privacy. Now that you have digested that, take a swallow of this next revelation.
There is a powerful new “face search” engine that could be a privacy nightmare. Cybersecurity firm Trustwave has released an open source tool to find accounts of large volumes of people across social media platforms by automatically matching names and profile pictures.
The tool, Social Mapper, is designed for testing security measures and gain access to computers. Social Mapper users provide their own login credentials to various social networks, along with a file specifying names and facial images of the people they are interested in targeting. The tool then logs into the likes of Facebook, LinkedIn and Instagram, and uses the sites search tools and open source facial recognition tools to find and log likely matches.
Whilst designed for a specific security purpose, there have to be concerns about whether it could be used for malicious purposes or to violate people’s privacy. And we already know privacy doesn’t count for much in this techno world. Once Social Mapper has finished running and the reports have been collected here are just a couple of uses that information could be used for:
- Create fake social media profiles to ‘friend’ the targets and send them links to credential capturing landing pages or download malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email.
- Trick users into disclosing their emails and phone numbers.
- View target photos looking for employee access card badges and familiarise yourself with building interiors.
In San Francisco, hiQ, a data mining company helps employers predict which of their employees are thinking about jumping ship.
They built their business on the back of a valuable cache of data – public user profiles on the professional networking site LinkedIn. Is the data you share publically on social networking sites like an announcement in a public space?
LinkedIn says ‘No’.
hiQ says ‘Yes’ and recently a California judge sided with hiQ.
First published in the Franklin County News Thursday 6th September 2018.
