It’s National Cybersecurity Awareness Month (NCSAM) and this week’s theme is simple steps to online safety. Here’s a simple step for you: see if you have Google’s Your Timeline turned on and, if you do, switch it off.
Google’s Your Timeline
Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life. If you’ve got it switched on, it stores every step you take and everywhere you go.
And the thing is, lots of people seem to have it switched on without even realising, including me, and my favourite hats come in tinfoil.
I was surprised it had slipped past me so I started asking other people if they had it switched on too. More often than not, without making a conscious decision to let Google follow them around, they had.
In the end I decided to ask 20 people at random and write down the answers. The result of my short, non-scientific survey? 95% of the people I asked – a mixture of people in technical and non-technical roles – had location history, or its slightly less obnoxious iPhone equivalent Frequent Locations (Significant Locations in iOS 11), turned on, tracking their every step, without realising.
Check for yourself. On Android it’s under Settings > Location > Google Location History.
It’s your Timeline (and Google’s)
So what exactly is Google Timeline? Google says: “Your timeline in Google Maps helps you find the places you’ve been and the routes you’ve travelled. Your timeline is private, so only you can see it.”
Only you. And Google.
Google’s reasoning for the timeline feature is that, if you want to remember the name of that bar or café you visited yesterday, last week, last month, last year… you can simply visit Your Timeline. The technology behind this is impressive, but the privacy and security implications are, for some, quite terrifying.
Where you go says everything about you: where you live, where you work, where you hang out, the places you visit, how often and at what time. If you’re a frequent visitor to your local hospital’s cancer clinic, Google knows. If you’re having an affair, it’s in there. If you’re a courier moving large amounts of cash, that data is being shared over the internet and stored in a data centre somewhere. If you’re in the military or the police it knows where you’re stationed and, if you’re moving, your direction of travel.
Even if the data were stored anonymously (and it isn’t clear if it is or not) that would be cold comfort. Anonymous data has a way of being less anonymous than you think, and the more anonymous data you have, the easier it is to unmask the individuals involved.
So what does Google know?
To discover what Google Timeline knows about me, and you, I removed my tinfoil hat and opted to let it store my location history again.
Here’s a journey from Oxford to London by car (indicated by the dark blue line) that’s been accurately tracked to the point of tagging me at a service station I visited en-route.
Once in densely populated South London, using the telephone masts, local Wi-Fi and my phone’s GPS, Your Timeline accurately plotted my movements. The colour of the tracking goes from dark blue to light blue as I change speed from driving to walking.
After accurately tracking my taxi journey into Clapham, Google Timeline then has a go at tagging me in a restaurant, Café Sol. Google will use this data to add to publicly available information such as “Popular Times”, shown for Café Sol below:
Google provides the following statement in its support documentation on the anonymity of this data:
To determine popular times and visit duration, Google uses aggregated and anonymised data from users who have opted in to Google Location History.
My memories of the evening are mildly hazy, but Google Timeline can tell me exactly what I did and where I went.
I’m not too bothered about Google using my boozy night for helpful data research, but it isn’t about one night. It’s about every day and every night and the pattern of my daily life. It’s about all this data being stored and accessible by… I don’t know who, now and in the future.
Google will store this data for years, as you can see in my screenshot below.
So how did I, and almost all the people I asked at random, end up with Location History turned on?
The option appears when you set up Google Now. For me that happened after a factory reset. When you’re busy clicking ‘next’, ‘next’, ‘finish’ and don’t have two hours to spend reading everything on screen, it’s easy to miss:
My tinfoil hat is back on now.
On Android 7 it was as simple as going to Settings > Location (under personal) > Google Location History and selecting ‘off’. For comprehensive details on switching off and deleting your location history, go to Google’s Manage or delete your Location History page.
Apple iPhones have a similar feature hidden deep within their settings. Go to Privacy > Location Services >System Services > Frequent Locations.Follow @NakedSecurity