W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Web Photo - a stalker's source of information

From: Simon Moritz <simon.moritz@ericsson.com>
Date: Mon, 16 Aug 2010 11:11:31 +0200
To: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <0B65D7562F9DA04FAC3F15C508BF67130109ED8F@ESESSCMS0355.eemea.ericsson.se>
Hi,

I just found out about this article about web photo geo tagging from New York Times.
http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html?_r=4

They discuss the privacy aspect when posting photos of your self, or your personal belongings to the web. The privacy concern is not the photo in it self, but all the metadata that it is attached to (GPS, image recognition etc). Adam Savage's car, from Myth busters, revealed eventually where Adam was living, as an example.

I also happen to post photos of myself to the web by installing some app to my android phone (probably latitude). Apparently that connected a photo to my Google account so the next time I logged in to my gmail on the computer I found a photo of me. No big deal, but kind of scary, since I lost control over my data and I had no or little idea which of the apps that had uploaded my photo.

The challenge I see on e.g. an android phone (I am sure it is the same with an IPhone) is that it sometimes is hard to know exactly what the application are up to.
For instance are many apps requesting access to my SD card (add and remove rights), but they don't exactly state what they will do.
Are they allowed to collect my photos?
Are they allowed to remove my music?
Are they allowed to read my saved notes?
etc...

So when discussing ideas that are effective, implementable and deployable, one good suggestion could be to add to the suggested ruleset, more explanation what e.g. apps will do. Another idea could be to separate access to the SD card: One access right to the whole SD card and another to the content that been stored by one app (privileges).
If that would been deployed, I know that apps cannot access my photos or remove anything from my SD card when I only grant access to the content that the app itself have written.

So Ian and David, maybe you are already working on deploying this, and if not... it may be a good idea to do so... =)

Mobile apps is of course not the only example. The same issue would be true for any web access point, your browser on the computer, sensors in to home etc, that all share a common data repository with other applications.

/Simon

Simon Moritz M.Sc.
Research Engineer

Ericsson AB
Services and Software
Färögatan 6
SE-16480 Stockholm, Sweden
Phone +46 10 717 37 62
SMS/MMS +46 76 126 37 62
simon.moritz@ericsson.com<mailto:simon.moritz@ericsson.com>
www.ericsson.com<http://www.ericsson.com/>


[cid:484102308@16082010-0697]





Email_line.gif
(image/gif attachment: Email_line.gif)

image001.gif
(image/gif attachment: image001.gif)

Received on Monday, 16 August 2010 09:15:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC