CloudServices/Location/Privacy: Difference between revisions
(→Wifi) |
m (Telliott moved page Services/Location/Privacy to CloudServices/Location/Privacy) |
(No difference)
| |
Revision as of 20:24, 19 November 2013
Privacy
Location information is a sensitive topic and there are many privacy concerns in this area.
At the heart of a geo-location service lies it ability to report back the physical location of a user, based on public signal sources around the user. This is an exchange of very private and sensitive data, so we must do our utmost to protect this exchange and minimize the risk of tracking users across multiple service requests or uniquely identifying users in any way.
In addition to the service user, we need to protect the operators of public wifi networks, respect their privacy choices and enable them to opt-out of our service.
Privacy concerns for specific technologies:
Cell towers
Cell towers are understood to be public radio signal sources, and there are no privacy concerns known to us. We'll only use metadata information about the available cell towers and networks and never any actual network traffic.
Wifi
While Wifi networks send radio signals into the public space, different countries have very different views on the privacy aspects of them.
For the purposes of the geo-location service we are only interested in the public metadata about wifi networks, specifically the technology standard in-use, the frequency it's operated on, the signal strength and the technical network name (bssid). We'll never listen in or record actual network traffic.
For the wifi operator to opt-out, we follow the industry standard of filtering out any wifi networks with a clear text name (ssid) ending in '_nomap' and ignore any ad-hoc wifi networks. Both of these filter actions happen on the client side, so our service never sees them.
On the lookup side, we follow the best practice and require two co-located pieces of information to provide a location answer. This further minimizes the risk of someone being able to lookup the whereabouts of a single bssid over time.
IP addresses
In the future we might want to use Geo-IP based lookups to enhance or provide coarse-grained fallback for the service. Before we do this, we'll do a thorough analysis of the involved risk, as the combination of IP address and time of service usage can uniquely identify users.