16

The Augmented Reality games from Niantic, Ingress, (where players travel to specific GPS locations to destroy and rebuild virtual targets, link locations, and team up with other players in order to carry out missions) and Pokémon GO (a reworking of the original Pokemon game that requires players to physically move to the same locations as in Ingress to capture and train Pokémon)

There are some immediate implications which all players are aware of, such as the risk of playing this game at night, standing in dark locations staring at a phone or tablet - which might make you a target for a mugger - but from a privacy perspective, the data Google are getting could include location, who you meet up with, favourite routes etc - which could be extrapolated to find your place of work etc.

So what sort of things could Google or other observers do that could affect my privacy or security?

Benoit Esnard
  • 13,979
  • 7
  • 65
  • 65
Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • 4
    As a security specialist, you are playing with a throwaway phone, right? – Deer Hunter Apr 16 '13 at 21:02
  • 1
    It's too bad that this question is limited to *your* privacy. In many things Google asks of me (such as WiFi network location data) I'm more worried about violating other people's privacy and contributing that data to an organization which then owns it instead of giving back to the community. As if you contribute map updates and then have to pay to use the map data, all the while giving away other people's private data. – Luc Jul 21 '16 at 11:36

2 Answers2

12

The range of possibilities is literally infinite, since the data collection and aggregation typically plays only a minor role in the overall malfeasance, whatever that may be.

Typically the worry surrounding location and other PII data is that it could be used to "identify" you in some context. By analyzing where you go, they may be able to deduce your favorite bar or club. Maybe they can deduce what sort of music you like by correlating that with band schedules. Perhaps if they want to steal your work, they'll send someone to meet you, seemingly by chance, who will steal your secret access tokens and leverage that to gain access to your encrypted files and steal the plans to your super top-secret thingamajig that clearly is important for this particular movie plot. If you aren't afraid about esoteric privacy risks, then clearly you don't watch enough television.

Aside from the far-flung movie-plot concerns which so typically drive legislation, here are the risk we know about for certain. These are things that happen today:

  • Law enforcement and similar Government Agencies use location data (typically freely-provided by the telephone company) to follow the behavior of persons of interest. Currently there is no automatic profiling going on here; you have to be "interesting" before you'd be watched, because someone actually has to be paid to look at this data. Perhaps your picture appears on two different passports, or perhaps you received a large deposit of money loosely connected with another investigation. But location data serves as a crude but inexpensive sort of surveillance useful to determine where to focus more costly resources.

  • Certain less-scrupulous organizations use location data (and anything else they can grab) for purposes of corporate espionage. We know that groups tied to the Chinese government or military use techniques both high-tech and low-tech, involving people as well as machines, to "acquire" corporate knowledge, including business practices, material science, manufacturing techniques, financial transactions and projections, and very nearly anything of value. It would not be even moderately surprising to see an attack on the Ingress servers in order to exfiltrate location data as part of another more complex attack. The scope of these operations is truly impressive by any standard.

  • More traditional organizations use personal data to lower costs. "We know that half of our advertising costs are wasted, but we don't know which half." Correlating identity with behavior is valuable in avoiding wasted advertising: advertising tampons to men is typically a wasted effort. The more specific the details you can acquire about a person, the better you can avoid deluging him with inappropriate messages. Ironically, this use of personal information is by far the least damaging (and arguably in fact beneficial), and yet it is also the most vilified.

We like to protect ourselves against personalized advertising, not because it does any damage, but because it's the only thing we typically see. We implicitly know that personal information can be used against us and therefore there is some safety in privacy. And we believe that this information is being used against us. But we don't worry about law enforcement and we don't see the espionage. We do see advertising, though. And for lack of a clearer villain, we fortify against that.

tylerl
  • 82,665
  • 26
  • 149
  • 230
  • With a massive database of accurate location data it is possible to find out who your partners are, even if you think it is nobody else's business. Accelerometer data can also play some role here... – Deer Hunter Apr 16 '13 at 21:20
  • @DeerHunter more than just that; nearly everything about your behavior or lifestyle influences where you go and when. There really is no theoretical limit. Plenty of practical ones, though. – tylerl Apr 16 '13 at 21:59
11

(Well, one of biggest the dangers of Ingress is driving or stepping into harm's way while playing the game, and I know of at least one nasty car accident. And then there is the risk of losing your job or relationship or use of your thumb due to its addictive properties....)

The privacy of geolocation data and association data between people is always a sticky problem that many apps and sites related to mapping, social networking and the like wrestle with. See e.g.:

In that respect Ingress is more up-front than most:

You understand and agree that by using the Products, you will be transmitting your device location to Google, and that location will be shared publicly with other users through the game along with your submitted screen name (your code name). For example, your code name and location will be shared with all other users when you visit certain locations, similar to a check in.

Google's Privacy Policy – Policies & Principles describes "How we use information we collect".

Another concern is how others can obtain and use information about the times location of play by other players. Google attempts to reduce the impact via their Ingress Terms of Service that forbid users from privacy-violating actions like these: "extract, scrape, or index the Products or Content (including information about users or game play)". Note however that the use of javascript for the web "intel" site means that alternate clients are easily made which can be used for scraping. Google told the author of the Ingress Intel Total Conversion Plugin Review ( DeCode Ingress) to stop distributing it, but predictably derivatives have sprung up and are popular.

See also the advice and guidelines at:

nealmcb
  • 20,693
  • 6
  • 71
  • 117