Almost all of leaked Ashley Madison users could be located due to geolocation
Last summer, personal data of millions of people were leaked and published online who tried to cheat on their spouse through the adultery website, Ashley Madison. On checking the data, it was found that almost none of the site’s users had turned off geolocation on their devices. Hence, you can easily and accurately map Ashley Madison users. This should make everyone think twice about the location apps on their phone.
For instance, a 60 year-old-man from man from Ontario had last updated his Ashley Madison profile in early 2013. However, he did not wish his wife to know that he was looking for sex outside their marriage and that too he was looking for sex with other men.
So, in order to cover his identity to a certain extent, he used an elusive username and described his location as โGTAโ.
However, the problem was when he was discovering odd corners of the Internet, his phone was reporting his location to within five decimal places. In southern Canada, that works out to a rectangle about one metre north-south and 70 centimetres east-west โ more or less the size of a bathtub.
In reality, thatโs a solid brick house in suburban Toronto with a garage out front and a young tree in the front yard.
In massive databases uploaded to the โdark web,โ hackers published information of over 40 million users of the service last summer. News organizations downloaded the files, including Global News.
However, it was later discovered that users usually not always or cleverly tried to hide their tracks. They used burner credit cards or web-based e-mail services like Gmail and Hotmail. While almost none of them thought to turn off geolocation on their devices, most of them can be mapped with ruthless accuracy.
In Canada, it shows an entirely convincing map of population density even though it is not verified. While high-density neighbourhoods have tight masses of dots, low-density neighbourhoods have scattered dots of them. On the other hand, there are no dots for non-residential areas.
Of Canadian men looking for men on Ashley Madison, a group with possibly two deep secrets to protect, only 14 per cent turned off geolocation. Of the complete total of male Canadian subscribers, only five per cent did, which means we have detailed location data for nearly all of them.
The problem lies here: Even though if a fake name, address, anonymous e-mail account, ambiguous location, and a credit card that is not linked to the user is used, the cell towers that triangulate on the house and permanently record its grid reference to five decimal places, the user is not being careful about his or her privacy.
According to the geodata, over 1,200 Ashley Madison users were men looking for men and were logging in from conservative Muslim countries where same-sex sexual activity is punishable by prison, whipping or death. While most of those users claimed to be in other countries, the geodata said something else.
In some ways, Ashley Madison is a ridiculous and extreme case, and its users, in retrospect; donโt look like the most cultured users of digital media. While many of them signed to the site using their work e-mail addresses, in some cases, they were clearly connected by name to the government agencies they worked for.
The Ashely Madision hack raises questions on what our phones know about our comings and goings, and what quiet conversations they have with databases far away.
โI think what these kinds of hacker incidents reveal is how much can be known about you by people you donโt want to know anything about you,โ says Lisa Austin, a privacy expert who teaches at the University of Toronto law school. โAnd what is your protection then? I donโt know.โ
โWe donโt have much privacy.โ
โI think most people donโt know when their app even has location-enabled setting on. I think most people donโt even figure that out.โ
Austin warns that camera geolocation is mainly dangerous:
โYou should turn it off for your camera โ you have a tagging device in every photo you take, and the metadata travels on to Facebook and Twitter and all those sorts of things.โ
However, at the end of the day we have very little knowledge what our phones and the databases they connect to are getting to know about us, and where that material may end up.
Impervious user agreements will not help.
โWe worry about the security breaches, but we seem to trust that companies are handling our information properly, which maybe we shouldnโt, because we donโt know what weโve agreed to in these agreements. Thereโs all sorts of collecting and sharing that can happen. Nobody reads these privacy agreements, and even lawyers find them hard to read. My law students never read them, actually,โ said Austin.
โThese companies โ God knows what half of them do with your information, because weโre not reading these policies. We donโt know what weโre authorizing them to do, let alone what theyโre actually following what they say theyโre doing,โ she added.
Source: Global News