Path-Check/safeplaces-dct-app

Privacy concern: location export

Closed this issue · 1 comments

johntmyers commented

Last night I downloaded PrivateKit for iOS and enabled location tracking. It does not seem like the application is consistent in recording locations (no locations were logged when I went to the grocery store this morning, for example).

With that said, I have a concern with how "Export location history" functions. It appears this function exports the full current history. If there is a "Privacy First" approach, then I think exporting data should take some automatic steps to reduce precision.

As it stands right now, if someone was asked to share their location history. They would most likely also share their exact home, work, and other sensitive locations which may not be a desired action.

Additionally, precise coordinates and timestamps are highly joinable and you never know what other data the receiver of the exported data has that can be correlated.

These are my concerns and recommendations:

  1. Records are logged with high precision and appear to be exported with this level of precision as well. By default, on export, the application should reduce the GPS precision to perhaps 2 or 3 degrees. For most dense areas, 3 degrees may be sufficient as a default.

  2. All entries are released. It's likely that under social distancing conditions, a majority of the GPS points will be someone's home or work. Clustering these locations and removing them from the export can be an automatic step.

  3. Timestamps could also be rounded down/up to the nearest 15 min, 20 min block to add another level of precision reduction.

I don't think this would impact intersection analysis, as that only happens on the device. This data transformation could be run on export and not have to modify the way data is stored.

For some reason, if more granular information is requested by the receiver and with the user's consent, a selective subset of location data could always be released next.

Version

0.5.19

Affected Devices

Apple iOS

summetj commented

Thank you for your comments. The PrivateKit application is older, and the project has been renamed (version 1.0.0 is in the Google Play Store now, and will soon appear in the Apple Store) you should check out the current releases here to evaluate an up to date release:
https://github.com/tripleblindmarket/covid-safe-paths/releases

Note that the SafePlaces webapp used by the health authority is where the location data will be "sanitized" to remove potentially identifying locations such as work/home, but the contact tracer needs access to all of the high resolution data to jog the memory of the person being interviewed. (The user is the one who ultimately decides if they wish to share their data with the health authority or not.)