The spies in our pockets
Your devices – computers, mobile phones, and tablets – are constantly telling others where you are. Your mobile phone, in particular, is a very effective tracking device: Where you go, it goes, and it records your location all the time – even when you’re not connected to the internet.
Location data tells a detailed story
Location information collected over time can tell a surprisingly full story about who you are and what your life looks like. Add publicly-available addresses, tweets, photos, and/or your phone records, and the story gets really detailed.
Location information can reveal not just where you live and work, but also your visits to churches, clinics, bars, friends, and lovers; it can show which protests you’ve participated in, or which political organizations or support groups you’re part of.
A map-based visualization made recently by Open Data City and others shows how this works. Based on 6 months of communications records for Balthasar Glättli, a member of Switzerland’s Green Party, the visualization gives a remarkable amount of insight into Glättli’s life.
In Germany, newspaper Die Zeit did a similar thing with the phone records of Green Party politician Malte Spitz, which Spitz got out of his mobile phone provider. The records included logs of calls and texts as well as location, which Zeit used to create a detailed visualization about his life. His daily routine was crystal clear, as were any deviations from this routine.
Social Graph mapping
Location data can also be used to map out your relationships with others. If you and another person, or other people, are in the same place at specific times of the day, it’s possible to infer what relationships you have with these people – if, for example, they are co-workers, lovers, roommates, or family members. Or, to take another example, if you are a government employee and are in the same cafe as a specific journalist, you could be-be flagged as a leaker.
Who wants this information, and why?
This kind of detailed picture can be valuable to all kinds of people and organizations. For one, it can be sold by companies to make money; it can also be used to predict where you’ll be at a given point in the future; it can be used by governments.
Mobile phone towers and your phone
Mobile phone towers
To send and receive calls and messages, your phone must constantly communicate with mobile phone towers. This activity is monitored and logged by your mobile phone provider, allowing them to identify where you are and where you’ve been.
Your smartphone is a GPS device. Most smartphones are equipped with a GPS chip and if your phone’s ‘location services’ are on it will communicate with the GPS satellites, allowing you and others to pinpoint your location to a remarkably accurate degree.
Location information can then be logged by your phone and various apps on it. Most smartphones have a map app installed, and this goes so far as to log your location as you move, and even store where you’ve been in the past.
Who has access?
Your location history is accessible to anyone who has, or who can get, access to your phone. It is assumed that Google or Apple also have access to your phone’s location log since they own the location tracking apps in the first place, as well as the Operating Systems (OSs) that almost everyone’s phones run on.
See your location logs
Unless you’ve already turned off location services or frequent locations, your phone is probably logging your location on the device itself. On the iPhone, you can actually see it mapped out.
If your phone is running iOS7 or a later version, go to Settings –> Privacy –> location services –> system services –> frequent locations –> select a city from your history list –> and here’s the map.
How do they know where I live?
Again on an iPhone, you might see that the app has already identified and labeled where ‘home’ and ‘work’ are. Apple uses an algorithm, or formula, that assumes that if your phone regularly stays in one place at night… that’s probably home. And if it stays in another place all day, that must be your workplace.
Are there other ways to map my movements on my phone?
Yes, you could install an app that we recommend called Open Paths(iPhone or Android).
Note: If you install the Open Paths app you will still be giving your personal location data to The New York Times company, who own the app.
There are two main ways your phone can give away location information when Wifi is enabled.
Before you’re even connected to a network
You’re in a new cafe, and you open your computer. Wifi functionality is on, as always. Hungry to connect, your computer will immediately start looking for a wifi network – but not just any old network. Ideally, it would like to connect to a network it already knows.
To find out if there are any of these in the vicinity, your computer will start broadcasting names of previous networks it has connected to. This could include cafes, workplaces, airports, friends’ houses, or community spaces.
Who has access?
The owner of the network, as well as anyone who can hack into this broadcast by, for example, setting up a fake network, could gain quite a detailed picture of where you’ve been.
Within a network
Some networks are set up with multiple access points – for example, a network that covers a big company or conference building (set up using something like a Wireless Distribution System). Once you’re connected to a wifi network like this, your movements can be tracked as you move from one access point to another.
See your wifi history
There is no way to see your wifi connection history on an iPhone or Ipad, though you can delete all of your stored connections by going to
Settings → General → Reset → Reset Network Settings.
On Android phones and on your computer (including Mac), you can see the wifi networks you’ve connected to before, and delete them individually.
Websites, social media platforms, and email providers
When one of your devices connects to the internet, that device is assigned an IP address by the Internet service provider of the network you’re on (yours, for example, or your work’s).
This IP address is a set of numbers that identifies who the internet service provider is, as well as where you are connecting from. The accuracy of this location depends on how that particular provider assigns IP addresses, but it’s likely to be somewhere between the street you’re in, and the city.
You can check your IP address here.
Who has access?
Unless you’re using software that hides your IP, (eg Tor browser or a VPN), your computer shares your IP with every website and social media platform you visit.
Those who have access to your location information, therefore, include whoever owns the website you’re visiting, or who has access to the website’s analytics; any company running third party tracking technologies included on the website; or who is able to intercept your internet traffic.
See your recorded locations
Some services, like Gmail, Twitter, and Facebook, record your location data in a way that you can access.
In Gmail go to → Details, next to the ‘Last account activity‘ on the right at the bottom of any Gmail page
On Twitter go to → Settings → Your Twitter Data → Login history → enter your password
‘Checking in’ on social platforms
On some social media platforms like Foursquare, Twitter or Facebook, there is a feature which allows you to ‘check in’ to a public place like a restaurant, bar, museum, shop, or public building.
Who has access?
Anyone who wants to know. Check into enough places over enough time, and you create a detailed public record of your movements and routines.
Adding locations to social media posts
Twitter, Facebook, and others have the option to add your location to your post or tweets.
Who has access?
Unless your account is private or protected, this too could mean that what you’re actually doing is creating a detailed public record of your movements and routines.
Even if your account is only visible to a closed network of people, remember that things you post – including information about your location and movements – can still be shared by people in this network. This can happen by accident or because of lack of privacy awareness.
See your public location data
The website Please Rob Me shows you a stream of your location data, as shared via Twitter, Foursquare etc, so you might think harder next time you’re tempted to announce this information.
“The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home.” (From the website Please Rob Me)
Your browser history
How does my browser history reveal where I’ve been?
Some search engines, like Google, see where you are from (your IP address), and then redirect you to a local version of their search engine. If you’re in Germany and you type in Google.com, you get redirected to Google.de, or in Costa Rica, it will be Google.co.cr, and in Hong Kong Google.hk.
And the websites you visit are usually stored in your browser history (unless you have disabled this function, or clear your browser history regularly).
Who has access?
Anyone who has access to your computer or your browser.
See your browser history
On your computer:
Firefox: history → show all history
Chrome: history → show full history
On iPhone OS:
Settings → find the browser you use → advanced → website data
Open Firefox: History
Open Chrome: History
Photos, Google Maps and other sources of location data
If you have location information on your phone turned on for pictures, this information will get embedded in the picture (ie, the picture’s metadata will include where you took the picture). When you send or upload these pictures you can share your location data without thinking about it. Most social media providers extract location data when you upload the picture, but there are still many ways in which location data can be aggregated from the pictures you share.
In the summer of 2014, Android user Jean Yang returned from a trip through Europe to find a surprise package in her Google+ notifications: an organized photo scrapbook titled “Trip”. She hadn’t requested this and hadn’t notified Google that she was going on holiday.
But she didn’t need to. Google’s algorithms could pick up the break in routine, and take an obvious guess that she was on holiday.
Google+ was able to organize her photos using a combination of information sources: geotags on photos(information embedded in the photos, providing the longitude and latitude of where the photo was taken), location information from Google Now or Maps, and GPS data. Google’s algorithms could have also identified locations using machine vision to match key landmarks. By the end of the trip – despite the fact that Jean’s phone was actually off most of the time – Google was able to pull together enough information to organize her photos in a location timeline.