This week, Google launched Google Latitude, a new Google Maps feature that lets users share location data with friends, using either a mobile phone or through an interface on iGoogle. (see how it works here)
Unsurprisingly, concerns have arisen regarding the privacy implications of Latitude, and I, of course, have taken issue in the past with Google’s approach to (not) protecting locational privacy (as well as cellphone tracking in general).
But this time, I think Google got it right, and designed Latitude with user privacy in mind.
Here’s a quick rundown (based on my analysis of the help pages and this video) of what Google’s done to help give users control of their information flows in Latitude:
- Only friends you have explicitly invited or accepted can see your location
- You can hide your location to everyone so no friends can see where you are (and neither will Google)
- You can hide your location to select friends
- You can share only city-level data with select friends
- You can manually select a location on the map that will be shared with friends (which means you can send the wrong location to obfuscate your location)
- And, perhaps most importantly, Google is not logging your pings to servers; they only keep you latest location on file
Now, Privacy International has made some waves with their strongly-worded condemnation of Latitude. PI’s main concern is that someone could have Latitude surreptitiously activated on their phone, allowing employers, spouses, parents, stalkers, etc to track their location. While possible, this seems an unlikely scenario (and, besides, businesses have much better ways of tracking employees, as do parents their kids). That said, I do agree with PI that it would be wise for Google to create some kind of persistent warning/reminder to users that they are sharing their location with the data-servers in Mountain View (this alrleady exists on some phones, and only after a period of inactivity).
:: As an aside, Google seems to customize the maps that appear on the Latitude homepage based on the geographic location of your IP address. When I pulled up the page from my office, it showed a map of Milwaukee. When I used a proxy, it showed Cambridge. When I used an unresolvable IP, it just showed Manhattan (unless, of course, Google knows I spent my last 7 years in NYC, and that’s why it’s showing that by default! 🙂 ).
I mostly agree with you. I’m a bit concerned about coercion; maybe your employer will openly demand that you carry a Latitude-enabled phone, not just secretly install it. I’m also concerned about unpleasant surprises. Your point for a persistent warning is part of it; people will forget that the phone is telling other people where they are. I really like the “lie about where you are” feature, but the social pressures around it will be interesting. Some friends may be offended if they realize you’ve activated it — or try to figure out who you activated it to hide from. (Someone watching closely may well realize you’ve gone into stealth mode, which is itself a slight privacy issue.) I want to watch this one closely to see how the street makes use of it; the applications and social complexities are likely to be emergent and surprising.
Thanks for the comment, James. I understand the coercion issue, but certainly employers have had this ability long before Latitude (and ways that are much harder for the employee to notice or switch off themselves).
But your “unpleasant surprises” concern is spot-on.