Google just rolled out a new “Timeline” feature that allows you to look back on all the places you’ve been—and no, I’m not talking about a Facebook Timeline linked to your status updates and reported travel activities. (Though it should be noted that the Facebook app will track you unless you disable location history, so you might want to check on that.) Instead, it relies on information collected through your location data to return a detailed history of where you were and when.
To be 100 percent clear: Tracking user data is not something new for Google. (Have you ever wondered why traffic information on Google Maps is so detailed?) However, this repackaging of the data in a user-friendly form—depending on how you view it—is new. Now you can see what Google’s been seeing all along. For some users, it’s no doubt a super cool feature, but everybody should be thinking about how location data is used, and when they last checked the location settings on their phones.
Because whether you’re comfortable with having your data collected or not, you should know who is collecting it, why, and how it’s going to be used. Especially in the case of people who are vulnerable to threats and attacks, because while Google states that Timeline is only available to individual users (e.g., I can’t look at your Timeline), there are always ways to exploit the system. For some, having people know their travel history isn’t a good thing, and providing people with the ability to extrapolate information like the location of work or home is a very, very bad thing.
According to Google: “Your Timeline allows you to visualize your real-world routines, easily see the trips you’ve taken and get a glimpse of the places where you spend your time. And if you use Google Photos, we’ll show the photos you took when viewing a specific day, to help resurface your memories.”
Timeline might look like a harmless, cool tool. But it carries risks.
The feature picks up on locations you visited, tracks how you got to and fro, and returns a steady stream of data. There are lots of potentially great uses for this as an individual user. You can keep an eye on your daily routine. Develop more efficient running and walking routes. See where you spend most of your time. You can even look back over places you’ve been recently. And if you’re someone who travels a lot and sometimes it feels like you have no idea what state or time zone you’re in, it can provide a sort of anchoring feature—“oh, I was in Akron that night.”
Users can also link photos to it, and quickly pull up photo references for places they’ve been, share them with friends, and so forth. When I pull up my own timeline, it’s conspicuously blank. Google helpfully asks if I would like to enable my location history.
I would not, thank you very much.
I have all location services on my phone turned off, because I see no particular reason for people to have access to that data. Whether you choose to adjust fine-grained settings (letting some applications access your location and blocking others) or turn them off altogether, there are solid reasons for understanding how your location settings can be used.
The classic example is I Know Where Your Cat Lives, a fantastic project designed to raise awareness about privacy.
I Know Where Your Cat Lives is a data experiment that visualizes a sample of 1 million public pics of cats on a world map, locating them by the latitude and longitude coordinates embedded in their metadata. The cats were accessed via publicly available APIs provided by popular photo sharing websites. The project’s founders set out on this adventure with a mission in mind: to point out the ease of access to data and photos on the web.
It’s also a collection of cute cat photos.
If I Know Where Your Cat Lives, then, by extension, I Also Know Where You Live. That’s not such a great thing for many of us, and one reason I pointedly exclude metadata and location data from public images of my cats, my home, and my neighborhood. I don’t want to make it easier than it already is for people to find my house, given that I’ve already been doxed three times and, yes, had people show up at my house.
Timeline might look like a harmless, cool tool. But it carries risks. Google promises that it keeps user data secure, but the company’s long since departed from its original “don’t be evil” promise. There’s also no guarantee that your own Google account is safe, though you should definitely be following some basic security practices like using unique passwords along with two-factor authentication.
What happens if someone gets into your Google account and checks out your Timeline? Knowing where you were in the past isn’t necessarily such a problem, right? You posted openly that you were in New York (Chicago, San Francisco, Houston, London, etc.) and seeing you move around major landmarks or the subway system isn’t really a big threat to your security, nor is noting the hotel you stayed at.
But what if you stayed with a friend? Your tracks repeatedly return to her house, and that means you’ve just told some nebulous stranger where your friend lives. When you’re at home, you’re also telling people where you live, or at least providing approximate information about the location of your home. This poses a huge personal safety risk for some of us.
People can see your work commute and identify the facility where you work—which for people who don’t want to be outed at work is a huge problem. Some people operate under social media restrictions imposed by their employers, for example, and could lose their jobs for activism performed under aliases completely disconnected from the companies they work for.
Other people might not want to be outed as gay or trans in the workplace. Some might be endangered by having the nature of their work outed, as in the case of someone who works at a women’s health clinic or bioresearch facility.
https://www.youtube.com/watch?v=OgSUx0g9cfQ
All of this may sound like paranoia, but some of us have learned the hard way that it’s the only way to stay alive. As we’ve seen over the course of the last year, people on the Internet are at legitimate risk of losing their lives, homes, and careers because of things they do online—which means that when companies kindly facilitate the collection of personally-identifying information, it’s a problem, even if it’s supposed to be private.
Google promises that it keeps user data secure, but the company’s long since departed from its original “don’t be evil” promise.
Maybe you find Timeline useful. Fantastic. If you do, make sure you have location services turned on so Google knows where to find you. While you’re at it, though, review the apps that can access your location and ask yourself if they really need that information and how they’ll use it. Maybe an online game doesn’t really need to know where you are? Perhaps your location is irrelevant to your note taking program or your period-tracking app?
If you don’t fancy Timeline, or you’ve never thought about location services and online privacy before, progress immediately to your security settings, do not pass go, do not collect $200, and make sure you know who has access to this information. Google’s location history is linked to a huge variety of the company’s products and services, so make sure to review Google apps carefully.
If you’re not comfortable with the collation of your location data by any application, turn it off entirely—because as long as your settings are on, companies are collecting, analyzing, and using that data for profit, regardless of your personal security concerns.
S.E. Smith is a writer, editor, and agitator with regular appearances in the Guardian, AlterNet, and Salon, along with several anthologies. Smith also serves as the Social Justice Editor for xoJane and will be co-chairing Wiscon 40—the preeminent feminist science-fiction conference—in 2016.
Illustration by Max Fleishman