We’re Watching You: GPS Trackers in the Digital Age

“How was Cambridge Cleaners?” Google asked me last week — a seemingly innocuous question. The thing was, I hadn’t used Google maps to guide me to my new dry cleaners, just good old navigational intuition. I had a sinking feeling, one that I have found myself reflecting on with growing frequency lately: that my ‘ignorance is bliss’ mantra may soon fall short in this digital age.

Google Maps: More Than a Modern Atlas

Unlike services or applications that track users without their knowledge, tracking is the name of the game for Google Maps. However, many people (including my pre-DPI-662 self) reassure themselves that this information is so disjointed, de-aggregated, and de-identified in the cloud that it hardly poses a threat. We tout our technological cluelessness and evade the responsibility of being a savvy digital presence by seeking solace in the false-comfort of “anonymity” and ubiquity — if everyone’s doing it, how bad can it really be?

Source: The American Genius

Of course, in reality Google tracks (and can deduce) much more than just the A to B we input into their application in pursuit of efficient rush-hour routes or as we navigate a new city. As I learned from my recent dry cleaners trip, the ‘dormant’ façade while you are not actively using the app is a misnomer. Unless we opt out, Google is keeping tabs on our whereabouts whether using the maps app or not as long as we are signed in on our phone (always). The fact that this is unbeknownst to many users falls both on Google and on us.

By tracking my routes, Google Maps deduces intricate details about my daily life — my home, school, closest friends and family, and favorite hangouts. It knows my culinary tastes, go-to pet store, my dream vacations and plans for the holidays. Google can guess my spending habits (and weaknesses) and estimate my income and savings.

Google Maps would beat me in a game of trivia about me.

While it rakes in hordes of data about me and my habits, their website states that they do not sell this information to third parties — that is, they do not sell my personalized profile per se. Instead, they have strategically centralized their power by maintaining possession of their (our) data and selling advertisement space at a premium based on ad success — an algorithm they finetune as they create an exhaustive profile of me and you. The social network built around Google can also leverage one person’s profile to glean information about preferences of others in their network.

Beyond Google Maps, the scale of Google compounded with the expansive network of integrated external services and applications elevates the UX. It expands the application’s capabilities and accuracy by adding depth to each user’s profile. This pairing helps to merge your two (or three or four…) distinct profiles. Despite theses UX gains, this type of integration becomes highly problematic from a privacy standpoint, especially when dealing with a behemoth like Google. As they layer on data, the company begins deriving your identity in excruciating detail. This becomes a reinforcing cycle that reinforces their monopoloist power over competitors and partners. From a policy standpoint, this is an area that is ripe for regulation.

To mitigate these fear-inducing realities, Google utilizes brilliant marketing and public relations strategies. Their privacy page frames their team as your partner in a fight against the bad guys and they pitch their approach to privacy as a transparent and customizable endeavor whose sole purpose is to “collect data to make these services work for you.”

Ultimately, Google so effectively leverages data to maximize the user experience that most users — including myself — consider the service to be a no-brainer. While alternatives exist, the same Google Maps features and cross-system integration that threaten my privacy also yields immense value to me as user. They know what I want, and it shows. For that reason, I will continue to use these services (though perhaps a bit more selectively) even after developing a more nuanced assessment of the risks of personal information sharing. Realistically, it will take a massive violation of the social contract for me to feel so compelled to action that I remove myself as a Google Maps user.

Strava: Setting the Pace or Falling Behind?

Strava is another location-tracker that I use regularly but whose scope and size are less far-reaching than the Google behemoth. The fitness tool is often my only accompaniment on runs or bike rides, keeping me informed of my progress and pace.

Strava demands little personal information if you use their traditional email sign-up (practically hidden on the homepage — see below), but the ease of the one-click Google or Facebook options lures users in. This opens a trove of information about you to the application. I would guess that most users are not fully aware of what they are exposing when they make this decision.

After sign-up, Strava becomes both a GPS tracker and a social platform. It tracks you while you work up a sweat and creates virtual connections with other active people in your community. As a slowpoke, I am always a bit horrified by the social element of Strava and don’t engage on it in that way, and set my page to private upon registering.

That’s why I found it odd when, last year, I noticed a stranger “liked” one of my runs, despite my private page. It turns out that private settings don’t exempt you from qualifying for their leaderboard, which spotlights runners’ successes on common routes. Strangers could now track my whereabouts all the way to my home. The fact that I made it to the leaderboard was equally perplexing to me as the fact that Strava would by default include users in the leaderboard who had selected for their page to be private.

This experience reinforces the importance of infusing ‘privacy by design’ principles throughout the creation and decision-making process. Though users should bear some of the privacy burden, savvy users should not have to exhaustively search a new program for privacy loopholes.

Strava has also been in the spotlight for unintentionally paving the way for bike thieves. By featuring routes and favorite pit stops as well as an optional profile of your bike(s) and other gear, the application has made malicious activity all too easy.

The threat of stalkers and thieves are sobering worst-case-scenarios, and to the best of knowledge, Strava isn’t proactively selling this information to the highest bidder. However, when it comes to privacy, there are more commonplace concerns about data collection and ownership that are less sinister in the short-term but that cumulatively become quite powerful.

For instance, corporate partnerships with activewear companies have begun to permeate the Strava experience. Users proudly inventory their new running sneakers, opening the door for highly customizable advertising on behalf of these corporate players. Outside Magazine predicts that ‘personalized virtual gear malls’ may emerge within the app in the not-so-distant-future, truly commercializing this experience. While pundits may criticize the app for selling your personalized data and information, others will welcome the invasion of privacy in exchange for the latest deals.

Data ownership becomes increasingly complex in the context of litigation after a bike or running accident. Unsurprisingly, cases have already begun to emerge where that data is being utilized to assess culpability in these scenarios. The longevity of the data — and whether or not users have a right to be forgotten — could have serious implications in this legal debate.

Finally, there have been murmurings of how Strava could provide value to health insurance companies by keeping them informed of their members’ physical activity levels. Payers could hypothetically charge higher premiums for inactive members, similar to what we have seen with smokers. Because this data currently falls outside of HIPPA protections, it is legally fair game, but raises serious questions about where to draw the line.

Ultimately, despite these concerns, my choice to continue using Strava stems from the application’s authentic commitment to leverage its data for the greater good. The company has been a close partner with my former hometown, Denver, and many other active cities (to the tune of 50 worldwide) to harness data to inform city planning infrastructure projects, enhance safety, and advance environmental protections. Strava has gone the extra mile to make this commitment a central focus of their work rather than a superficial PR move. In a world where it is increasingly difficult to utilize the most cutting edge tools without sacrificing personal information, I have chosen to prioritize value-driven companies like Strava.

Sources:

https://www.internetsociety.org/policybriefs/privacy/

https://www.outsideonline.com/1930951/will-our-fitness-data-be-used-against-us

http://www.scarletfire.co.uk/bike-thieves-strava-security/

https://www.salon.com/2014/02/05/4_ways_google_is_destroying_privacy_and_collecting_your_data_partner/

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.