Latest NSA Guidelines for Limiting Location Data Exposure
The National Security Agency has recently issued an advisory about the threats imposed upon by the exposure of the location data of the users. The report vividly explains how the location data can be accessed via different mediums and what we, as users, can do to ensure minimum data breach.
Mobile phones nowadays inherently keep track of the user’s location. This data has various applications from being used by shopping applications to helping us in finding our desired locations. Subconsciously, we, as the users, enable the providers and adversaries to access too much information about our whereabouts.
How data is collected
The data collected about our location is extremely valuable, and if exposed, could leave us vulnerable to various security issues. However, this data is not safe. In fact, providers have been claimed to sell this sensitive data to third parties. Even if there is no involvement by the provider, the data can be compromised by the adversaries in some or other ways.
The data can be inexpensively accessed by some proxy connection, which becomes hard to distinguish from the legitimate network. Mobile phones also tend to store our past location data, which can be used to predict our future location coordinates. Other risky ways include browser fingerprinting used by websites to access real-time location data. The most shocking revelations were the exposure of location data through wi-fi access points and BlueTooth sensors. The threat is not just limited to our mobile phones but all the devices that have access to some or other form of wireless connection.
These devices determine location through Global Positioning Systems (GPS), which is not the same as the location services on the phone. It means that even if the location services on a device are off, GPS is still working, and location can be traced using wi-fi and BlueTooth services. This indicates that the risk of getting tracked down is not reduced significantly, even if we manually modify the settings on our device.
The different apps that we have on our devices, especially on mobile phones, also use the location services and have the power to leave us vulnerable with all the data exposed.
Mitigations- what can be done
The NSA advises disabling location services, BlueTooth services, and wi-fi services when not in use. It, in fact, advises users to use Airplane Mode when the device is not in use and that too, after ensuring that BT and Wi-fi are turned off. Restricting apps and giving them limited permission is another way of protecting our data. Avoiding the use of apps that use location information or keeping the permissions off mostly is highly recommended.
Accessing the browser from the phone as minimum as possible is advised. Minimizing the data stored on the cloud and turning off Find my phone feature will also ensure minimum breach of the location data.
The agency says that while it is not always possible to ensure complete protection of the data, with careful steps, prevention of the breach of the data can be ensured.
