Metadata contained in old posts contains precise location coordinates
According to a research carried out by cybersecurity specialists, the location metadata contained in the social network Twitter posts may be useful to infer some private details of users, such as address, workplace and most frequently visited places, as reported by experts from the International Institute of Cyber Security.
Kostas Drakonakis, Panagiotis Ilia and Jason Polakis, a group of Greek researchers on cybersecurity issues, recently published a document entitled ‘Privacy risks in public location metadata’. In this, researchers claim to have shown that location metadata allows inferring sensitive information, which could be used for malicious purposes. “Some authoritarian regimes could pursue campaigns of persecution against activists or opponents”, claimed the investigators.
In 2015, the risks to the privacy of users associated with Twitter location metadata began to be investigated; since then, the social network has given its users greater control over their location data, such as the restriction of access to the precise coordinates. Currently, Twitter is no longer able to access the exact location of the user by default.
“Twitter never attaches the user’s location without their consent. If someone decides to share their location through a tweet, the location is also available through our APIs, but the user’s express consent must be granted”.
However, experts in cybersecurity believe that the implementation of these changes has not sufficiently reduced the privacy risks, as Twitter still has a history of location data through its developer API. For example, mobile Twitter versions released before April 2015 contain the precise GPS coordinates attached to the tweets by default.
“In the sample we analyzed we discovered that tweets with very general location tags (like city name, for example) also contain GPS coordinates as metadata,” Polakis mentioned. “As of April 2015, tweets with this kind of location tag stopped displaying coordinates as metadata, suggesting that this is the date on which the social network began with the implementation of these changes,” the expert added.
Researchers suggest that the Twitter policy that allowed attaching these location metadata represents a serious privacy problem that should be addressed as soon as possible.
“This is an imperceptible privacy violation for users of the social network, as their coordinates are contained as metadata returned by the API invisible on the website or Twitter mobile app. The worst thing is that these metadata are still visible through the API,” the experts mentioned. The treatment of this kind of information is one of the greatest challenges that companies face in the midst of technological age; they are so useful in the orientation of marketing campaigns that companies have not tried to stop this kind of practices, although this could cause inconvenience in the future. For example, in recent days, the Los Angeles prosecutor filed a lawsuit against the IBM meteorological company for allegedly treating the data collected through the Weather Channel application inappropriately.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.