There was another article this week about Location Privacy and “Services” on your smartphone. I have services in quotes because I don’t think the entity being served is the person using the phone.

According to this article, Smartphone applications can and do gather and collect location information on individual smartphones.  Then they sell that data.  Marketing firms can find out who is in the ER and sell that list to Legal Firms, or who is at Victoria’s Secret and sell it to Macy’s. Privacy, especially location privacy is on its way out.

Most smartphone users don’t really lock down their security settings, sticking with the default settings that came with the phone. When they add a new app to their phone, they may not think to check what data they are sharing with the app developer.  When the app asks if they can access the user’s location, they may think it makes sense to share their location, without know what the app will do with that raw data.

What do Marketing Firms really need to know?

As I read through the article, I found the whole thing very disturbing. Should anyone really know that one woman, a middle school teacher, went hiking, goes to the gym, visited a dermatologist, and stayed overnight in another home? While location data is supposed to be anonymous, the specificity of the data means that companies are able to track the location of a smartphone down to the minute.  From the article:

“Elina Greenstein, an executive at the location company GroundTruth, mapped out the path of a hypothetical consumer from home to work to show potential clients how tracking could reveal a person’s preferences. For example, someone may search online for healthy recipes, but GroundTruth can see that the person often eats at fast-food restaurants.”

By tracking the smartphone, you can track the person. If you can connect the smartphone location to home and work, you can figure out the person, and track all of their other activities.

Why would you want to share your location information?

There are lots of reasons to share your location.  Getting good traffic information is one.  Getting the weather is another.  But once you’ve checked the forecast, do you really want The Weather Channel (owned by IBM) to continue tracking your location?

What should I do?

I take location privacy very seriously, so here’s what I do.  About once a month I go through my list of apps and see which I’m sharing my location with. I turn off location sharing for any apps that don’t need my location to provide a service; social media accounts for example.  Then I make sure that I am only sharing my location with apps /WHILE THAT APP IS IN USE/.  (I do need to remember to close down the app when I’m done.)

How do I ensure my location privacy?

For the iPhone, click on the “Settings” icon, then scroll down to “Privacy”. Click on “Location Services”, and then scroll through each of your apps.

I borrowed a friend’s Android phone to see how she would do this.  Again, click on “settings”, then “apps”.  At that point, you need to open each app to adjust the location sharing setting. Once you’ve opened the app, click on “Permissions” and adjust the location privacy settings.

Please forward this to your colleagues to help keep their online privacy safe too. Did I forget some critical advice, or do you have questions?  Let me know in the comments below.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

With the latest breach at Marriott, it’s time to take a look at your personal information.  What are you sharing?  Who are you sharing it with?  When a business asks you for info, do you just hand it over, or do you give a little push-back? What online privacy habits do you follow?

First of all:

If you have stayed at any Marriott Hotel in the past FIVE YEARS, you should immediately ask your bank(s) to cancel and reissue your credit and debit cards.  Marriott has reported that this breach began in 2014 or earlier.  Remember that the Marriott brand includes many different hotel chains like St. Regis, Le Meridien, Sheraton, Westin, and more.  (Click here for all of the Marriott branded hotels.)

Next:

Check the Marriott website to see how they will support you if your information was stolen.

Then:

Change your login information on all Marriott sites where you have an account.  While Marriott has said that only Starwood has been compromised, it might be safe to assume that the breach was broader than they currently are aware of.

What if I haven’t stayed at a Marriott hotel in the past 5 years? Do I still need to worry about protecting my Online Privacy?

These kinds of data breaches will continue to happen as the “bad operators” become more skilled in their craft.  Get into committed habits with your online information right now.  Here are some good steps to take:

1. Create a new “throwaway” email address using Gmail to use whenever someone asks for your email address but you’re not sure about their levels of security.
2. Make a list of all of your bank accounts. Are you using a different password for each one?  Today is the best day to change all of those passwords AND to use a different password for each.
3. Enable Two-Factor Authentication for all of your accounts with sensitive personal information.
4. Make a list of all of your online billing accounts. Same deal here – change to a unique password for each.  Keep this list current and change your password every month.  Don’t reuse passwords!
5. Do you have subscriptions where you have created an online account? Things like magazines, wine, prescriptions, clothing, etc.  Review all of them to see if you need to make changes.  If they have credit card info, follow the steps above.
6. Of course, check all the Travel sites that may have your info, and follow the steps above.

What should I do going forward?

I think we all know that this will not be the last time there will be a major data breach and our online privacy is compromised.  There might even be a time when we say “Remember that time when they only stole data from 500,000 accounts at Marriott?”  Changing your password doesn’t help if the hacker already has your credit card info.  Whenever anyone asks for your email or credit card info or birthday or any other private information, think before you just hand it over.  Here are a few steps to take:

1. Use your “throwaway” email when signing up for anything on the internet in the future.
2. Consider getting a separate debit card for all online payments. Fund it every week with just enough cash to cover your weekly expenses.  If that data is compromised, your exposure will be limited.
3. When you purchase something and they ask if you would like them to save your billing information, think PRIVACY, and then click on the “No Thank You” box.
4. Keep a complete list of everyone who has your credit card info – this includes your banks. Change your password on those accounts AT LEAST EVERY MONTH!

Please forward this to your colleagues to help keep their online privacy safe too. Did I forget some critical advice, or do you have questions?  Let me know in the comments below.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.