Feb 13 2023

How to Make Sure You’re Not Accidentally Sharing Your Location

Category: Information PrivacyDISC @ 10:42 am

YOUR DEVICES AND apps really, really want to know where you are—whether it’s to tell you the weather, recommend some restaurants you might like, or better target advertising at you. Managing what you’re sharing and what you’re not sharing, and when, can quickly get confusing.

It’s also possible that you have inconsistencies in the various location histories logged by your devices: Times when you thought you’d switched off and blocked location sharing but you’re still being tracked, or vice versa.

Here we’ll cover everything you need to consider when it comes to location tracking, and hopefully simplify it along the way. Whether you want to give out access to your current location or not, you should be in control of these settings, and not be caught unawares by additional options that you missed.How Location Tracking Gets Confusing

Screenshot of Google location sharing history

What happens if you distinctly remember turning location tracking off on a device, yet your position is still popping up on a map? Or maybe you thought you’d left the feature on, yet you’re seeing gaps in your location history? There are a few explanations, but essentially you need to remember all the different ways your location can be logged: by your devices, by your apps, and by websites you visit.

For example, you might have disabled location tracking on a phone but left it enabled on a tablet. Alternatively, you might have a laptop that’s tracking where you are in the background, even though you thought you’d disabled the feature in the apps you use. If you want location tracking completely enabled or disabled, you need to factor in all these different ways of keeping tabs on where you are.

If you have a Google account, this is a good illustration. Head to your account settings on the web, then choose Data and Privacy and Location History. Select Devices on This Account, which may reveal some phones, tablets, and laptops that you’d forgotten about—any device with a check next to it in this list is saving your movements to your Google account for future reference.

You can click Turn Off to disable this, but note the caveats that are listed in the confirmation box that appears onscreen: Your location might still be logged by your mobile devices, by the Find My Device service that helps you recover lost hardware, and by Google Maps when you’re navigating or searching around the area you’re in. This Location History setting is more of an overall toggle switch, affecting features such as the Google Timeline and the ability to quickly look up places you visit regularly.

From the main Google account screen, there are several more places where your location gets logged and shared: Click Data and Privacy then Web & App Activity to manage location data saved by Google Maps and other apps and websites, and click People andSharing then Manage Location Sharing to see a list of specific contacts who can see where you are through various Google services.Managing Location Tracking on Mobile

Screenshot of Android location sharing settings

The steps to manage your location on Android vary slightly depending on the manufacturer of your phone, but the menus and instructions involved are broadly similar. On Google Pixel devices, you can open up Settings then select Location: You’ll see the Use Location toggle switch, and if you turn this off, none of your apps will be able to know where you are, nor will Google.

If you leave the Use Location toggle switch on, you can customize location access for individual apps further down on the same screen. Note that you can choose to allow apps to know where you are at all times, or only when the app in question is running in the foreground—tap on any app in the list to make changes.

Over on iOS, it’s a similar setup. If you select Privacy & Security from Settings, and then tap Location Services, you can turn off location tracking for the phone and all the apps on it. If you choose to leave this enabled, you can manage individual app access to your location via the list underneath. As on Android, you can choose to restrict apps to knowing your location only when the particular app itself is running, or allow them to monitor it in the background too.MOST POPULAR

Erasing the location data that’s been collected on you is a complex process, as you need to check the records and the settings of every app that’s ever had access to your location. For Google and Google’s apps, you can head to your Google account on the web, then choose either Location History or Web & App Activity under Data and Privacy to wipe this data from the record. You’ll also find options for automatically deleting this data after 3, 18, or 36 months.

Apple doesn’t log your movements in quite the same way, but it does build up a list of places you visit frequently (like your home and perhaps your office) so you can quickly get to them again. To clear this list on your iPhone, open Settings then choose Privacy & SecurityLocation ServicesSystem Services, and Significant Locations. You can clear this list and stop it from populating in the future.Managing Location Tracking on Desktop

Screenshot of Windows location sharing settings

Your laptop or desktop computer is unlikely to be fitted with GPS capabilities, so it won’t track your location in quite the same way as your phone, but applications, websites, and the operating system will still have some idea where you are—primarily through the locations that you sign into the web from (via your home Wi-Fi, for example).

On Windows, you can open up Settings and then choose Privacy & Security and Location. As on Android and iOS, you’ll see you can turn location tracking off for individual applications (via the toggle switches on the right) or shut it down for the entire computer (the option at the top). The same screen lets you see which apps have been using your location, and enables you to wipe the log of your travels—click Clear next to Location History to do this.

When it comes to the same process on macOS, you need to click the Apple menu and select System SettingsPrivacy & Security, and Location Services. The next screen looks very similar to the Windows one, with toggle switches for individual applications as well as for macOS itself—turn off any of the switches where you don’t want location access to be given. If you click Details next to System Services on this screen, you can clear the list of “significant locations” Apple has saved for you, just like on iOS.

If location tracking is on for your computer and your browser of choice, that means individual websites such as Facebook, Amazon, or the Google Search can know where you are as well. Sometimes this is useful, of course (for getting the right weather forecast), but there might be times when you want to turn it off if you’re trying to keep your whereabouts private.

https://www.wired.com/story/how-to-not-accidentally-share-your-location/

Incognito Toolkit: Tools, Apps, and Creative Methods for Remaining Anonymous, Private, and Secure While Communicating, Publishing, Buying, and Researching Online

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Anonymity, privacy

Dec 03 2021

KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays

Category: AnonymousDISC @ 10:33 am
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays

KAX17 ran relay servers in various positions within the Tor network, including entry and exit nodes, researchers at the Tor Project have removed hundreds of servers set up by the threat actor in October and November 2021.

In August 2020, the security researcher that goes online with the moniker Nusenu revealed that in May 2020 a threat actor managed to control roughly 23% of the entire Tor network’s exit nodes. Experts warned that this was the first time that a single actor controlled such a large number of Tor exit nodes. A Tor exit relay is the final relay that Tor traffic passes through before it reaches the intended destination. The Tor traffic exits through these relays, this means that the IP address of the exit relay is interpreted as the source of the traffic.  Tor Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor user.

Controlling these relays it is possible to see which website the user connects to and, if an insecure connection is used, it is also possible to manipulate traffic. In May 2020, the threat actor managed to control over 380 Tor exit nodes, with a peak on May 22, when he controlled the 23.95% of Tor exit relay.

Nusenu told The Record that it has observed a recrudescence of the phenomenon associated to the same attacker.

“But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017.” reads the post published by The Record. “Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.”

KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays

Tags: Anonymity, Anonymous (group)

Jun 22 2021

Apple Will Offer Onion Routing for iCloud/Safari Users

Category: Information PrivacyDISC @ 10:05 am
Apple Will Offer Onion Routing for iCloud/Safari Users

TOR Anonymity Network 101 If you have been searching for how to access the most private and secure part of the internet, then look no more! The TOR Anonymity Network 101 – An Introduction To The Most Private Part Of The Internet has everything you’ve ever wanted to learn about how to be completely anonymous online. We live in an age where despite our best intentions, everything we do online is open to monitoring or attack. Our own advances in technology which were supposed to make our lives easier can be twisted and used against us. Knowing how to protect our own best interests is a vital skill that everyone should be aware of. The TOR Anonymity Network 101 includes: * How to maintain your anonymity online * The key to networking 101 * An introduction to the most private parts of the internet & much more! TOR doesn’t stop you from being seen on the internet, but it will prevent people from learning your location and using that information against you. If you value your privacy, then you need to check out TOR Anonymity Network 101 – An Introduction To The Most Private Part Of The Internet for yourself!

Tor Anonymity Network 101

Tags: Anonymity, Onion Routing

Apr 09 2009

Social networks and revealing anonymous

Category: Information PrivacyDISC @ 3:02 am

Image representing Twitter as depicted in Crun...
Image via CrunchBase

Privacy is a fundamental human right and in US a constitutional right. Advancement in technology are breaking every barrier to our privacy; at this rate individuals will be stripped of their privacy unless we enact policy protections. In this situation we need to define reasonable privacy for a society in general while keeping threats and public safety as a separate issue. Social networks are becoming a repository of sensitive information and usually privacy is anonymize by striping names and addresses. Fake profiles have been created on social network to be anonymous and a user may create multiple profiles with contradictory or fake information.

Arvind Narayanan and Dr. Vitaly Shmatikov from Univ. of Texas at Austin established an algorithm which reversed the anonymous data back into names and addresses.

The algorithm looks at the relationships between all the members of social networks an individual has established. More heavily an anonymous individual is involved in the social media, easier it gets for the algorithm to determine the identity of anonymous individual.

One third of those who are both on Flickr & Twitter can be identified from the completely anonymous Twitter graph, which deduces that anonymity is not enough to keep privacy on social network. The idea of “de-anonym zing” social networks extends beyond Twitter and Flickr. It is equally applicable in other social networks where confidential and medical data can be exposed such as medical records in healthcare.

“If an unethical company were able to de-anonymize the graph using publicly available data, it could engage in abusive marketing aimed at specific individuals. Phishing and spamming also gain from social-network de-anonymization. Using detailed information about the victim gleaned from his or her de-anonymized social-network profile, a phisher or a spammer will be able to craft a highly individualized, believable message”

Now is it reasonable to say that social network wears no clothes?

Personally identifiable information
California Senate Bill 1386 defines “personal information” as follows:
• Social security number.
• Driver’s license number or California Identification Card number.
• Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Names, addresses, email addresses and telephone numbers do not fall under the scope of SB 1386.

HIPAA Privacy defines “Individually identifiable health information” as follows
1. That identifies the individual; or
2. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
The term “reasonable basis” leaves the defining line open to interpretation by case law.

Arvind Narayanan and Dr. Vitaly Shmatikov paper.


Social network privacy video


httpv://www.youtube.com/watch?v=X7gWEgHeXcA

Reblog this post [with Zemanta]




Tags: Anonymity, Flickr, Personally identifiable information, privacy, Security, Social network, Twitter, Vitaly Shmatikov