photograph of cups CUPS - CyLab Usable Privacy and Security Laboratory - Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213

Location-Sharing Technologies: Privacy Risks and Controls

Janice Y. Tsai, Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh

Abstract

Due to the ability of cell phone providers to use cell phone towers to pinpoint users' locations, federal E911 requirements, the increasing popularity of GPS-capabilities in cellular phones, and the rise of cellular phones for Internet use, a plethora of new applications have been developed that share users' real-time location information online [27]. This paper evaluates users' risk and benefit perceptions related to the use of these technologies and the privacy controls of existing location-sharing applications. We conducted an online survey of American Internet users (n = 587) to evaluate users' perceptions of the likelihood of several location-sharing use scenarios along with the magnitude of the benefit or harm of each scenario (e.g. being stalked or finding people in an emergency). We find that although the majority of our respondents had heard of location-sharing technologies (72.4%), they do not yet understand the potential value of these applications, and they have concerns about sharing their location information online. Most importantly, participants are extremely concerned about controlling who has access to their location. Generally, respondents feel the risks of using location-sharing technologies outweigh the benefits. Respondents felt that the most likely harms would stem from revealing the location of their home to others or being stalked. People felt the strongest benefit were being able to find people in an emergency and being able to track their children. We then analyzed existing commercial location-sharing applications' privacy controls (n = 89). We find that while location-sharing applications do not offer their users a diverse set of rules to control the disclosure of their location, they offer a modicum of privacy.

February 2010 Update

The main paper below was revisited in February 2010 to evaluate any changes in LBS privacy policies over the last six months. The appendix tables have been updated accordingly in the PDF below.

Lorrie Cranor discussed this paper in her testimony at a Congressional hearing on February 24, 2010.

Written Testimony of Lorrie Faith Cranor prepared for United States House of Representatives, Energy and Commerce Committee Subcommittee on Communications, Technology and the Internet, and Subcommittee on Commerce, Trade, and Consumer Protection Hearing on The Collection and Use of Location Information for Commercial Purposes, February 24, 2010

Downloads

News

As Location-Sharing Services Grow, Privacy Concerns Do Too by Jennifer Valentino-DeVries, WSJ Blogs, March 10, 2010.

Location Privacy Goes to Washington by Deane Rimerman, ReadWriteWeb, March 8, 2010.

Congress hears testimony on location-based services and online privacy by Alexander B. Howard, Compliance Management News, February 25, 2010.

CMU prof to testify in D.C. about location-sharing by Mike Cronin, Pittsburgh Tribune-Review, February 24, 2010.

Acknowledgments

This work is supported in part by the National Science Foundation through Cyber Trust grant CNS-0627513 and by the Army Research Office contract no. DAAD19-02-1-0389 to Carnegie Mellon University's CyLab. Additional support has been provided by Microsoft through the Carnegie Mellon Center for Computational Thinking, and FCT through the CMU/Portugal Information and Communication Technologies Institute.

Contact Us

For more information about this or our other privacy work, please contact CUPS Director, Lorrie Cranor.