Channels ▼
RSS

Web Development

Googling Security: Mapping, Directions, and Imagery


Editor's Note: This article is based on Googling Security: How Much Does Google Know About You?, by Greg Conti. Greg is an Assistant Professor of Computer Science at the U.S. Military Academy in West Point, New York. Courtesy of Addison-Wesley Professional, All Rights Reserved.


Before the dawn of online mapping and imagery services, we were forced to use printed books, such as the National Geographic Atlas of the World, to view the world, and the Rand McNally Road Atlas, to navigate unfamiliar locations.We shared directions to our homes via verbal instructions over the phone or written notes. Businesses distributed directions and small maps in paper brochures via the postal system and in brochure racks. High-resolution satellite imagery was available to a select few governments and largely unavailable to the masses. As a result, your interest in parts of the world, places you wanted to visit, and how you got there was largely a personal matter. Have times changed.

Free online mapping services include offerings by Google, AOL, Yahoo!, and many more. Each of these services allows you to view maps overlaid upon satellite1 imagery and is tightly integrated with tools that give precise directions to desired locations. Wildly popular, AOL's MapQuest currently enjoys the largest share, with 53.9 million users per month, followed by Yahoo! Maps with 29.6 million and Google Maps with 28.9 million. Over time, hundreds of millions of users utilize these services to find directions to points of interest, including homes of friends, businesses, and travel destinations. These mapping tools have enriched lives by helping people navigate from place to place and explore the planet. Unanticipated uses have shown that these services have the power to do great good, including raising awareness of the crisis in the Darfur region of the Sudan, assisting rescue efforts and damage assessment following Hurricane Katrina, and monitoring the impact of Appalachian coal mining on nearby ecosystems. Google admirably encourages the use of its Google Earth tool to help build support for such worthy causes. The future holds great potential in utilizing these tools to help build communities and facilitate citizen journalism.

So what is the harm in using these services? Well, it turns out, a lot. You face significant risks from both your use of these services and the content they contain. This article analyzes the information you disclose when using mapping and imagery services, including how your use of these tools discloses locations of your home, employer, family and friends, travel plans, and strategic intentions, and discusses how data mining can easily link seemingly disparate groups of people based on their interest in common locations. It also covers the risks inherent in the content itself, including camera-equipped cars capturing continuous streams of high-quality street-level photographs, collaborative analysis of satellite imagery, and your inability to trust the veracity of the images themselves.

Information Disclosure

Location, location, location. This is most important information you disclose when you use online mapping and imagery services. Ask yourself the following questions the next time you consider using Google Maps or Google Earth:

  • Have you ever viewed your current location?
  • Have you ever looked at the homes of family and friends?
  • Have you shopped for a new home using mapping and imagery tools?
  • Have you viewed locations that are strategically important to your employer?
  • Has law enforcement used these tools to work on active cases?

Beyond simple locations, you are revealing a great deal of additional information through your interactions, including the following:

  • The frequency of your interest
  • How closely you zoomed in on the images
  • How much time you spent at each zoom level
  • Whether you used search to help find specific locations, businesses, and so on
  • Whether you printed, saved, or shared specific images

It is possible to use your IP address to identify the probable location of your computer. So when using mapping and imagery tools, not only are you disclosing areas of personal interest, but this information also can be paired with your actual location based on IP geolocation.

Basic Interaction Revelations

The primary way of interacting with the mapping interface involves dragging the image with the mouse and using the zoom slider. Even these simple interactions reveal a lot. Imagine all the points you've zoomed in on using Google Maps. The sum total would be enlightening indeed. The set probably includes your hometown, previous homes, family members' homes, travel destinations, and your employer. If you revisit the same locations frequently, you are helping to identify their value to you.

Consider a real estate shopping example. Figure 1 depicts housing subdivisions in Las Vegas, Nevada. For this example, let's assume that you viewed the homes in the squares (at maximum zoom) every few days. At the same time, you conducted a large number of searches on "Las Vegas Real Estate."After two weeks of such activity, you zoom in on the home in the topmost square and click the Google Maps Link to This Page command. After e-mailing this link to your friends and family, they all click the link and view the home you intend to purchase.

[Click image to view at full size]
Figure 1: Shopping for a new home in a Las Vegas subdivision. By viewing the homes differing numbers of times and e-mailing a link to your friends and family, you are disclosing your priorities and your social network.

In actuality, your use of online mapping and imagery services is far more complex than this simple real estate example. You create a constantly lengthening trail of interaction data, including zoom level, size of the map, time and date, mapping location, and your IP address each time your browser requests updated information from the server. The following are examples of interaction data I collected while panning and zooming during a short Google Maps session. During the course of several minutes,my computer made more than 600 similar requests. Each URL resolves to a small graphical tile of the map.


http://mt1.google.com/mt?n=404&v=w2t.75&hl=en&x=9467&s=&y=12151&zoom=2&s=
http://mt0.google.com/mt?n=404&v=w2.75&hl=en&x=1180&y=1518&zoom=5&s=Ga
http://mt2.google.com/mt?n=404&v=w2.75&hl=en&x=1180&y=1517&zoom=5&s=G

Note that online mapping and imagery services are complex applications that will evolve over time and process data differently. In this case,my browser made a significant number of mapping data requests as I interacted with the system, but the size, resolutions, and frequency of interaction disclosures will vary from system to system. In other words, some systems will make frequent small requests for additional map data as the user zooms and moves about the map, while others will make less frequent but larger requests. In some cases, mapping and imagery systems will prefetch information in anticipation of a user's upcoming actions, without any direct interaction on the user's part.

In addition, by clicking options such as Print, E-mail, Link To This Page, or Save, you are helping to identify your intentions and importance of the given map. For example, when you create a link to a given location and share it with others, you create a connection between each individual the moment they open the e-mail and click the link. Similarly, when you click the Print command (see Figure2), you create a strong indicator that you value the current map state enough to print a copy. From these combined streams of data, data-mining applications could detect and classify many types of activity you would prefer to keep private.

[Click image to view at full size]
Figure 2:By clicking the Print link, you disclose that you significantly value the current map.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 
Dr. Dobb's TV