We agree to give up some degree of privacy anytime we search Google to find a nearby restaurant or use other location-based apps on our mobile devices.
The occasional search may be fine, but an Iowa State University researcher says repeatedly pinpointing our location reveals information about our identity, which may be sold or shared with others. It is a problem Ying Cai, an associate professor of computer science, recognized more than a decade ago when he first started working on a solution, and it has only gotten worse.
A team of New York Times reporters demonstrated that when it used location information collected through a single company’s database to identify individual users and track their daily activities. According to the December 2018 story, companies sell, use or analyze this data for insight into consumer behavior.
It may seem consumers have no choice if they want to use such apps and services. However, Cai says there is a way to limit what companies can glean from location information. Working with ISU’s Office of Intellectual Property and Technology Transfer, Cai received two patents for his location-cloaking technology (one in 2014, a second in 2017).
The technology makes it possible to search and use apps on mobile devices while keeping your privacy under control. Despite some initial interest, Cai says he is not aware of any service providers using the technology. However, he says that might change if consumers know this type of protection exists.
“Privacy is a big issue. We can all agree on this,” Cai said. “If customers ask about cloaking technology and service providers realize location privacy is critical to customers, providers may see the value and offer this service.”
How does it work?
The concept behind the technology is simple: to provide a location that is as precise as possible, but still sufficient to protect the user’s privacy. Specifically, users give examples of locations matching their personal privacy level. Cai says service providers then use that information to calculate a cloaking region with a similar popularity.
The size or traffic of a particular location will vary based on the user’s comfort level. It is similar to going to the doctor and selecting a pain threshold on a scale of one to five, Cai said. For example, you may select a city park or a big box store – a location you feel is larger enough or has a certain traffic volume that makes it difficult to track a single individual at any given time. Then whenever you want to report your location, your service provider will identify an appropriate region to report, Cai said.
“That way, every time you report your location, you make sure it cannot be linked to people who were there at the time when the location was reported,” Cai said. “This gives you protection from the time dimension, which is important.”
What your location can reveal
When you use location-based services frequently, it creates a trajectory that makes it possible for companies to identify you as an individual. For example, Cai says if he uses his location at home and later at work, it is easy to search online public databases to make the link. Your location can reveal not only your identity, but other sensitive information.
“If I visit someone in the hospital or attend a political or social event, even though I’m not doing anything wrong or bad, I don’t want someone I don’t know or trust to track my information,” he said. “Absolute privacy does not exist. We may not solve the problem to the full extent, but we want people to be aware and to be able to manage their risk.”