We can guess a certain amount about a 60-something Ontario man who last updated his Ashley Madison profile in early 2013.
We know that he didn’t want his wife to know that he was looking for sex outside their marriage. And it’s possible – though we’ll never know – that she didn’t know he was looking for sex with other men.
So he covered his tracks to a certain extent – he adopted a vague username and described his location as ‘GTA’.
The problem was: while he was exploring odd corners of the Internet, his phone was reporting his location to within five decimal places. In southern Canada, that works out to a rectangle about one metre north-south and 70 centimetres east-west – more or less the size of a bathtub.
In the real world, that’s a solid brick house in suburban Toronto with a garage out front and a young tree in the front yard. (We won’t be more specific than that.)
Last summer, hackers published details of over 40 million users of the service, in enormous databases uploaded to the ‘dark web.’ News organizations, including Global News, downloaded the files.
We soon discovered that users usually – not always, or cleverly – at least tried to cover their tracks. They used Web-based e-mail services like Hotmail and Gmail. Or burner credit cards.
But almost none of them thought to turn off geolocation on their devices, and most can be mapped with pitiless accuracy.
In Canada, it shows an unverifiable but completely convincing map of population density. Low-density neighbourhoods have scattered dots and high-density neighbourhoods have tight masses of them. Non-residential areas have no dots at all.
The man in my spreadsheet had a lot of company. Of Canadian men seeking men on Ashley Madison, a group with potentially two deep secrets to protect, only 14 per cent turned off geolocation. Of the overall total of male Canadian subscribers, only five per cent did, which means we have detailed location data for nearly all of them.
Here’s the problem: you can use a fake name, and a fake address, and a credit card that can’t be connected to you, the vaguest location and an anonymous e-mail account, but if you’re letting cell towers triangulate on your house and permanently record its grid reference to five decimal places, you’re not being careful about privacy.
For obvious ethical reasons, we have no intention of publishing the resulting map, but we can say that it wasn’t particularly challenging to create.
(We did use the geodata to show that over 1,200 Ashley Madison users saying they were men seeking men were logging in from conservative Muslim countries where same-sex sexual activity is punishable by prison, flogging or death. Many of those users claimed to be in other countries, but the geodata said otherwise.)
Internally, we had some trouble figuring out how to illustrate the story: the most powerful, zoomed-in map images were unusable for ethical reasons, and a screenshot of a map zoomed out enough to offer some level of anonymity was just a mass of dots. In the end, graphic artist Babak Najafi made a fictional map patched together from scraps of different real neighbourhoods, flipped and rotated so it wasn’t connected to the original satellite image. But the real map looks much like this.
Ashley Madison is in some ways a grotesque and extreme case, and its users, in retrospect, don’t seem like the most sophisticated users of digital media. (Many signed up to the site using their work e-mail addresses, which in some cases connected them clearly by name to the government agencies they worked for.)
Most of us, hopefully, don’t have personal secrets as radioactive as ashleymadison.com’s hapless customers. But the hack raises questions about what our phones know about our comings and goings, and what quiet conversations they have with databases far away.
“I think what these kinds of hacker incidents reveal is how much can be known about you by people you don’t want to know anything about you,” says Lisa Austin, a privacy expert who teaches at the University of Toronto law school. “And what is your protection then? I don’t know.”
“We don’t have much privacy.”
“I think most people don’t know when their app even has location-enabled setting on. I think most people don’t even figure that out.”
(How does a privacy expert manage her own apps? Austin has geolocation turned off except for Google Maps, which she only turns on when it’s actually being used.)
Camera geolocation is particularly dangerous, she warns:
“You should turn it off for your camera – you have a tagging device in every photo you take, and the metadata travels on to Facebook and Twitter and all those sorts of things.”
But at the end of the day we have very little idea what our phones, and the databases they connect to, are learning about us, and where that information may end up.
Opaque user agreements don’t help.
“We worry about the security breaches, but we seem to trust that companies are handling our information properly, which maybe we shouldn’t, because we don’t know what we’ve agreed to in these agreements. There’s all sorts of collecting and sharing that can happen. Nobody reads these privacy agreements, and even lawyers find them hard to read. My law students never read them, actually.”
“These companies – God knows what half of them do with your information, because we’re not reading these policies. We don’t know what we’re authorizing them to do, let alone what they’re actually following what they say they’re doing.”