Channels ▼


Googling Security: Mapping, Directions, and Imagery

All the Risks of Search, Now With Locations, Too

Using Google Maps involves more than simply interacting with the display to locate areas of interest, or even printing, saving, or sharing maps. You can also search the map and jump immediately to addresses, zip codes, businesses, and cities of interest. Figure 3 shows a Google Maps search for "pizza in Poughkeepsie," the sample entry suggested on the Google Maps web page.

[Click image to view at full size]
Figure 3: Using Google Maps to find pizza restaurants in Poughkeepsie.

So what are the risks of combining search and mapping? Well, by doing so, you are combining the disclosure risks of search with specific geographic locations and the interaction revelations described in the previous section. For example, by clicking one of the results in the search pane on the left side of the display, you can bring up specific details about one of the locations marked on the map. However, you are also disclosing -- and, hence, strengthening -- the link between the search you performed and what you deemed as important in the results. Say you were searching on a specific person and returned a number of results. By clicking on the link corresponding to the specific individual you were interested in, you've yielded a clue to the most relevant result.

Privacy-Degrading Personalization

Enticed by such slogans as "Make Google Maps your maps," many users have personalized their maps. Google Maps supports the creation and sharing of personalized, annotated maps. Annotation includes marking favorite places and drawing lines and shapes to highlight paths and areas, as well as adding text, photos, and videos. Unfortunately, the more you personalize your maps, the more information you disclose. The potential disclosure risks are quite significant. Users have almost an unlimited ability to share sensitive information and tie it to specific locations on the map. Some users will likely add personal or sensitive locations, such as their friends' home addresses or facilities at their place of employment. Such disclosure could provide the information required to link disparate profiles contained in an online company's databases. Recall that Google possesses extensive address databases for individuals and business, which enables them to create many additional linkages. In short, personalization functions, almost by definition, help compromise your anonymity.Many personalization functions in Google Maps require you to log in using a Google account, uniquely identifying your activity.

Linking User Classes via Geographic Relationships

When using mapping and imagery services, you provide another vehicle to tie together individuals and organizations. As I mentioned at the start of this article, using mapping and imagery applications discloses locations you are interested in, but now consider that you can be linked with other people who are also interested in the same or similar locations. A great example is that of your parent's home. Chances are, you have looked at it using Google Maps. I'll bet your siblings have done the same. Now ask yourself how many other people have zoomed in to that exact same location.My guess is, not many. Bingo, a unique characteristic shared by you and your family.

Now consider your company. Let's say that it has 1,200 employees located at 10 locations, some not publicly known. Imagine mapping activity from the IP address ranges used by your corporate headquarters, as well as the other locations, all seeking directions from Ministro Pistarini International Airport in Buenos Aires to the street address of a meeting site at the outskirts of the city. Because this activity is out of the norm, you've just created a unique set of characteristics that ties together your various company offices with a potentially sensitive meeting. You've also disclosed, with a high probability, the travel plans of the meeting participants, as well as given a clue to the strategic importance of Argentina to your company's planning.

All Roads Lead to Rome

Using online services that provide directions reveals sensitive information. Typically, you enter a starting point and a destination, often using precise street addresses. As discussed in the preceding section, these addresses provide a very powerful means to tie together disparate individuals. The more specific and rarely used the addresses, the higher the possibility of creating a useful link between the two. Using direction-giving services (see Figure 4), you are also giving away your probable route of travel. By clicking the Print option, you indicate that you will probably be traveling the route in the near future. Similarly, if you used the e-mail or Link To This Page options, you've then linked yourself with a group of individuals who will likely be traveling over the same route after they click the link.

[Click image to view at full size]
Figure 4: By using the Get Directions tab, you disclose two locations of interest and a probable path of travel between them..

Now imagine all the directions that your employees have generated using your company headquarters as a starting location and leading to destinations throughout the surrounding area (see Figure 5).You may be giving away the commuting routes of your employees, the locations of their homes, their lunch meeting venues, and perhaps even your company's strategic intentions. Similar searches could identify the home IP addresses of these employees, as well as many visitors to your company. Finally, if cookies were enabled on these machines, all of their online activities with a company such as Google could be tied together despite movement around the world. This is a security risk indeed.

[Click image to view at full size]
Figure 5: Mock-up of a Google Map showing six notional directions requests to Google headquarters.

If you consider all such requests to your corporate headquarters, such tools represent a significant disclosure threat, particularly over long periods of time.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.