GeodataThe modern Internet runs on what is known as geodata, or location data. From you sharing your location with friends in a Facebook status to using a ride-hailing service to get picked up from your current location, the ways that we use geodata are endless and sometimes go unnoticed. While geodata is helpful, its privacy implications may outweigh its handiness. To help you understand geodata and how it could impact your privacy, we’re detailing what you need to know.

What exactly is geodata?

We’ve talked before about geolocation, or the act of tagging web content with geographical information, but geodata can be used in a number of other different ways. Some of the most common ways you might generate or share geodata include:

  • Apps that embed content with geoinformation. For example, when you leave a review on Foursquare or Yelp, post a Facebook status about a store you’re at or stream on Periscope, you’re usually disclosing your location information publicly. In the case of Periscope, even if you turn off location-based features, it still might be hypothetically possible for a person or machine to deduce where you’re broadcasting from based off images of your location.
  • The use of apps that request and/or share location data like ride-hailing apps, maps, etc. Most apps have gotten better at disclosing when they need location data, but sometimes these permissions can be obfuscated. For example, Google music accesses your location whenever you use it, but it doesn’t request location permissions when you download the app to your phone.
  • Information and metadata that indirectly disclose your location. We’ve talked several times before about both IP addresses and EXIF (Exchangeable Image File) data. The former isn’t itself geodata, but IP addresses can be associated with real-world locations. As we discussed, IP addresses aren’t always precise but when they’re combined with other types of identifiers, they can help narrow down your location, even without the kind of warrant that would be needed to get your Internet provider to reveal the account connected to your specific IP address. Other types of information that function similarly could include your phone number (your area code narrows down the region your phone number is from) as well as your contact list. Your associates’ phone numbers and details can further narrow down where you live, assuming you don’t move around often, or they might have privacy settings and social media habits that compromise your privacy – as was the case with the Cambridge Analytica scandal.

Why is geodata created?

As illustrated above, geodata is important to the functioning of a lot of modern convinces. If you’ve ever gotten directions or seen real-time public transit departure times, you’ve benefited from the use of geodata. Like most types of metadata, geodata is often generated because it’s critical to the functions of the services we use. In other cases, geodata is produced because of the way our devices interact with the world. Advertisements, for example, might report device information or location data when interacted with. Additionally, stores, coffee shops and other businesses might use public Wi-Fi or Bluetooth to learn more about you.

What can I do to protect my privacy?

The sheer ubiquity of geodata makes it really difficult to manage, but there are a few things you could consider doing to limit the degree to which you produce or leak this type of metadata:

  • Turn Wi-Fi and Bluetooth off when not using them. In a previous article, we talked about how Bluetooth signals can be used to identify your device and even follow you. Whenever you have your Wi-Fi or Bluetooth on, your device is essentially seeking networks and devices to freely connect to, something that can be taken advantage of by malicious characters who attempt to connect to your device with the hope of getting valuable information. Turning off Wi-Fi and Bluetooth can seriously limit your attack surface and safeguard your data. Even better, put your device in airplane mode or turn it off when you’re not using it.
  • Be careful of IoT/wearable/smart devices. As convenient as many wearable and smart devices are, they tend to produce a lot of metadata, plus, given the track record of many IoT devices, they tend to be less secure. Incidents like the Strava heat map scandal, which leaked the location of a U.S. military base, illustrate how poor privacy design and big data can combine in a way that jeopardizes our offline safety and security.
  • Check your mobile phone’s location settings. Modern Apple and Android devices have settings for managing the geodata that the apps on your phone are allowed to use. Click here to learn more about the feature on Android devices and here for iOS devices.
  • Scrape EXIF data from photos. EXIF data is one of the first types of metadata we covered. It’s a form of geotagging done to photos taken with modern cameras that embeds the coordinates of where a picture was taken, along with the camera information and more. While most social media sites scrub EXIF data, if you send a photo over email or share it with a friend another way, there’s a possibility the picture might still contain EXIF data. To prevent your phone from creating the data in the first place, go to your device’s location settings, which we discussed above, and disable your camera’s use of location data.
  • Check your online accounts. Whether it’s social media, your favorite newspaper’s website or any other online service, you should go into these accounts and verify that any location data that’s generated on your device or with your online activity is kept private. While many services have settings that can be hard to navigate, Googling “location data” before the name of the service should help you understand what types of geodata the service uses and why.

While it’s nearly impossible to use modern devices without sharing some sort of geodata, there are some things you can do to protect your location privacy, as we explained above. For more information on keeping your digital life private and secure, continue reading our privacy blog.