Blog / Big Brother is Watching! Recent Investigation Uncovers Disturbing News About Geo-Location Tracking
I am a self-confessed Privacy nut. I have a built-in mistrust of organizations that gather information undercover or for a fictitious pretext; typically, under the “to help make your experience better” guise. So, I was a little prickly when I read that the Tim Hortons phone APP appeared to take this to extreme levels. For the record, I don’t use this APP.
First researched and reported by James McLeod of the Financial Post, the article exposes the firm’s coffee-ordering APP as tracking massive amounts of personal Geo-Location data from the phone’s GPS system. It seems Tim’s parent company, Restaurant Brands International (RBI), switched providers of the location-tracking service, to Radar Labs. This sneaky bit of technology can track your location as often as every 3 to 5 minutes, whether you have the Tim Horton’s APP open or not.
James was able to discover this by making a request to RBI, under the federal Personal Information Protection and Electronic Documents Act (PIPEDA.) In the data provided, there were over 2700 location points recorded in less than 5 months, including home, work, when he visited a competitor (i.e.: Starbucks or McDonald’s), and even a trip to the Blue Jays baseball game. Of course, RBI are trying to moon-walk back from the obvious position that Big Brother is Watching, by saying the data tracking is simply to provide a better experience, when you are looking for a quick caffeine hit or Timbit – and that they’re not sharing the data with their other brands like Burger King and Popeye’s. They also placed the onus squarely on the APP user, as being responsible to properly configure the GPS permissions on their phone. Seriously, does anyone ever check this?
If you think RBI is the only vendor engaged in this type of surreptitious behaviour, think again. Some evident candidates are Uber and Skip the Dishes; their systems rely on user location data. Some not-so-obvious GPS data-tracking APPS are Kijiji, Facebook, and Google. How about the new government COVID-19 tracing APPS? I don’t own any iPhones, but I suspect the tracking capabilities are the same as my Android phone; it could even be more invasive.
Who owns this data and what do they have the right to do with it? You’d have to sift through legalese of each license agreement and permission statement for every APP, but you will find that the individual user has little – if any – rights to the information. With few exceptions, vendors have free rein to do what they want with it, including the sharing with – and selling to – an ever-changing list of affiliates and partners. It will certainly be a hot topic for policy-wonks, bureaucrats, and lawyers for years to come. In fact, there are anti-trust investigations in the US, targeting high-profile tech giants. Data Privacy is a real concern.
There’s also a seedy Cyber Security underbelly to all of this – and it’s made worse by the recent Work From Home (WFH) phenomenon. A simple – albeit hypothetical – example:
One or more APP’s on your phone – and those of your colleagues – are tracking locations – possibly as often as every 5 minutes. The data is hacked through the APP vendor but goes unnoticed or is not reported. Through the employer’s corporate website, the hackers know your office location, and can add a list of users who frequent that location on a work-like timetable. Now they know who works there from the phone’s SIM card ID. They also notice a pattern of people who regularly do NOT attend the office, but they know their location during regular work hours, and it doesn’t change much – in other words, their home-office location. Using some simple tools to hack the insecure home router and Wi-Fi, they know the IP address ranges of the devices connected at home, including the phone, tablets, and other home-user devices and computers. They can also detect encrypted traffic for some of the Wi-Fi-connected devices; a worker’s laptop for instance. But it’s not always encrypted – sometimes it’s available traffic (like a Zoom meeting, checking a Facebook account, or ordering a coffee.) Now, they are just one password away from hacking the credentials to the corporate network. But rather than have one random chance through a single user, they have a whole list of WFH users, their schedules, and home-office information.
This sounds Orwellian, but it’s just one example of technology undermining personal and corporate lives. We’ve grown complacent and are being seduced by the convenience of small APPS, while ignoring the growing mass of data being gathered; it’s just trendy to have the latest APP to show off to your friends.
Next week I’ll share a few simple tips for reducing – maybe eliminating – the whereabouts of your tracking. Meanwhile, you might want to order your coffee the old-fashioned way – at the drive-through window. Please contact me or your Account Manager for more information on Geo-Location Technology.