WORSE THAN FACEBOOK SCANDAL: ANYONE COULD GEOLOCATE ANYONE REALTIME

Visualization of 2.5 million GPS points for 3.5 years by Aaron Parecki (profile)(source)


(This is the SHORT version of this post)

Full Version HERE
• For a Slightly-Longer-But Still Pretty Short Version, Go To The MAIN POINT of that post
Or just check out its LINKS
 


First we learned that our private location information could be easily retrieved by almost any police officer in America.  Without a warrant. Supposedly with, but in actuality without, informed consent.  With little to no oversight.

Then, LocationSmart was busted by Robert Xiao, a brilliant up-and-coming academic security researcher (curriculum vitae PDF).

He demonstrated that, until recently, your location information could be retrieved by absolutely anyone with your phone number.


Robert Xiao's dissection of the vulnerability
I repeat, up until may 17th, 2018, it was trivially easy for absolutely anyone to locate absolutely anyone else's phone WITH ONLY THE NUMBER

… and it very probably still isn't that hard. 

I say "until may 17th, 2018," because that's when LocationSmart "fixed" the security vulnerability that enabled anyone, armed with a cell number, to locate it geographically in real time.  They disabled the free demo of the service after being found out. 


That's all they did to fix it: they took the 'free demo' webpage down.


LocationSmart OnAsset Case Study
I say "and it very probably still isn't that hard" because the page was to a free demo. Anyone who already has an account can still do what was demonstrated.  It is not a stretch of the imagination to think that anyone with a business name and enough money can still, easily, open a new account.

And surely, if there is one company, there are more.
 
A Possible Solution


NOW I AM NOT A LAWYER, AND THE THIS IS THEREFORE NOT LEGAL ADVICE.

We have to start somewhere.  Because situation untenable. I invite you, Gentle Reader, to please leave a comment, send an email, or @ me on twitter, if you have a better idea. 

Without a reasonable expectation, personal privacy is much, much harder to defend. If 'everyone knows' that 'all the information' on 'everyone' is 'collected,' we would have no legal basis to complain. None.

Illogical though this may seem, however, if on the other hand, the opposite is believed to be true, as I understand it, that would be anther matter, entirely.  As with community standards, so with common law.  If we all expect our privacy honored it would have to be.

So say this aloud:

"As an American citizen, I have every expectation of privacy."


Tell your friends.



Be seeing you. 



(This is the SHORT version of this post)

Full Version HERE
for the slightly longer but still pretty short version, 
go to the MAIN POINT of that post
or just check out its LINKS

No comments:

Post a Comment