Metadata contained in old posts contains precise location coordinates
According to a research carried out by cybersecurity
specialists, the location metadata contained in the social network Twitter
posts may be useful to infer some private details of users, such as address,
workplace and most frequently visited places, as reported by experts from the
International Institute of Cyber Security.
Kostas Drakonakis, Panagiotis Ilia and Jason
Polakis, a group of Greek researchers on cybersecurity issues, recently published a document entitled ‘Privacy risks in public
location metadata’. In this, researchers claim to have shown that location
metadata allows inferring sensitive information, which could be used for
malicious purposes. “Some authoritarian regimes could pursue campaigns of
persecution against activists or opponents”, claimed the investigators.
In 2015, the risks to the privacy of users
associated with Twitter location metadata began to be investigated; since then,
the social network has given its users greater control over their location
data, such as the restriction of access to the precise coordinates. Currently,
Twitter is no longer able to access the exact location of the user by
default.
“Twitter never attaches the user’s location without
their consent. If someone decides to share their location through a tweet, the
location is also available through our APIs, but the user’s express consent
must be granted”.
However, experts in cybersecurity believe that
the implementation of these changes has not sufficiently reduced the privacy
risks, as Twitter still has a history of location data through its developer
API. For example, mobile Twitter versions released before April 2015 contain
the precise GPS coordinates attached to the tweets by default.
“In the sample we analyzed we discovered that
tweets with very general location tags (like city name, for example) also contain
GPS coordinates as metadata,” Polakis mentioned. “As of April 2015, tweets with
this kind of location tag stopped displaying coordinates as metadata,
suggesting that this is the date on which the social network began with the implementation
of these changes,” the expert added.
Researchers suggest that the Twitter policy
that allowed attaching these location metadata represents a serious privacy
problem that should be addressed as soon as possible.
“This is an imperceptible privacy violation for
users of the social network, as their coordinates are contained as metadata
returned by the API invisible on the website or Twitter mobile app. The worst
thing is that these metadata are still visible through the API,” the experts
mentioned.
The treatment of this kind of information is one
of the greatest challenges that companies face in the midst of technological
age; they are so useful in the orientation of marketing campaigns that
companies have not tried to stop this kind of practices, although this could
cause inconvenience in the future. For example, in recent days, the Los Angeles
prosecutor filed a lawsuit against the IBM meteorological company for allegedly
treating the data collected through the Weather Channel application
inappropriately.