Are they where they say they are?Lots of mobile apps and computer software share location data, often for good reasons that help you have the best experience online. But what if someone can access your location data? What are the risks and what can you do about it?
9 min read
How accurate is location data on your phone?
Geolocation data accuracy on mobile devices can vary. Here are some key considerations:
- GPS tech: Many mobile devices, especially smartphones, use Global Positioning System (GPS) technology to determine their location. GPS can provide high-precision location data, often within a few metres or even less. However, GPS accuracy can be affected by factors such as signal strength, line-of-sight obstructions (buildings, trees), and atmospheric conditions (weather, dense urban environments)
- Assisted GPS (A-GPS): A-GPS is a technology that combines GPS data with additional info from cellular networks or Wi-Fi access points to improve location accuracy, especially in challenging GPS environments. By using nearby cell towers or known Wi-Fi networks, A-GPS can help determine location more quickly and with greater precision
- Wi-Fi and cell tower triangulation: Mobile devices can use Wi-Fi signals and cell tower data to estimate their location. Wi-Fi positioning relies on a database of known Wi-Fi access points and their geographic locations, allowing devices to approximate their position based on the Wi-Fi signals detected. Similarly, cell tower triangulation involves analysing signal strength from nearby cell towers to estimate the device's location. These methods generally provide less precise location data compared to GPS but can still offer reasonable accuracy
- IP Geolocation: When GPS or Wi-Fi/cellular signals are not available or cannot provide accurate location data, mobile devices may rely on IP geolocation. IP geolocation uses the device's IP address and mapping it to a geographic location based on databases maintained by internet service providers and other organisations. IP geolocation can be less accurate, especially when devices are connected through proxy servers or virtual private networks (VPNs) that mask their true IP address.
The accuracy of geolocation data can vary depending on the specific device, the quality of the sensors, the software algorithms used, and external factors such as environmental conditions or signal interference. Different apps or services have varying levels of access to and reliance on different sources of location data, which can affect the accuracy of their geolocation capabilities.
What are geolocation scams?
Geolocation scams involve scammers deceiving people about their physical location or manipulating their geolocation data for fraudulent purposes. These scams take advantage of the technology and data used to determine a device's or user's location, such as GPS, IP address, Wi-Fi network, and mobile phone signal. Here are some common types of geolocation scams:
- Fake location spoofing: Scammers can use software or apps to alter their device's geolocation information, making it appear as if they are in a different place than they actually are. They use this technique to bypass regional restrictions, commit fraud, or access location-specific services
- Geolocation data theft: Scammers attempt to steal or manipulate geolocation data collected by legitimate services or devices. This data can include a user's real-time location, historical location information, or other location-based data. This stolen information can be exploited for identity theft, stalking, or targeted advertising
- Location-based phishing: Scammers use geolocation data to craft targeted phishing attacks. By knowing the recipient's location, they can send messages that appear to be from local businesses, institutions, or authorities to trick people into revealing personal information, such as passwords or credit card details
- Location-based social engineering: Scammers use geolocation data to gain the trust of individuals or manipulate them into taking certain actions. For example, they might pretend to be from a local utility company and claim that urgent action is required, such as paying a fake bill or sharing sensitive information
- Location-based advertising scams: Geolocation data is commonly used in targeted advertising. However, scammers can exploit this by delivering deceptive or fraudulent advertisements based on a user's location. These ads may lead to phishing websites, malware downloads, or scams that trick individuals into providing personal information or making fraudulent purchases
- Personal privacy invasion: Location data reveals a person's movements and habits, potentially providing a detailed picture of their daily routines, places visited, and even sensitive information like home and work addresses. If this information falls into the wrong hands, it can lead to invasion of privacy, stalking, or targeted attacks
- Identity theft: Geolocation data, when combined with other personal information, can be used to create a comprehensive profile of an individual. This profile can be exploited for identity theft, enabling scammers to impersonate the victim, open fraudulent accounts, or conduct other malicious activities
- Physical security threats: By knowing a person's real-time location or predictable routines, criminals can exploit this information for physical security threats. For example, burglars could target homes when they know the residents are away, or stalkers could use location data to harass or harm their victims
- Financial fraud: Location data can be leveraged for financial fraud. For instance, if a scammer knows an individual is travelling and their credit card information is compromised, they can use that data to make fraudulent purchases Whilst the victim is away, making it harder for them to notice unauthorised transactions.
Not all entities requesting location data have malicious intentions. Many genuine apps and services use location data to provide useful features or enhance user experiences. However, it’s essential to be cautious about sharing location data and ensure that you’re providing it only to trusted and reputable sources.
What's the best way to hide your physical location on the internet?
Hiding your physical location on the internet involves taking multiple precautions to minimise the exposure of your real whereabouts. Whilst it’s challenging to completely hide your physical location, implementing the following practices can significantly enhance your privacy and make it more difficult for others to track your location:
- Use a Virtual Private Network (VPN): A VPN encrypts your internet traffic and routes it through a secure server in a different location. This masks your IP address and makes it appear as if you’re browsing from a different region, helping to conceal your real location. Choose a reputable VPN service and connect to a server in a location different from your own for better anonymity
- Disable geolocation services: Many applications and websites request permission to access your location data. Review and manage the location settings on your devices and selectively disable geolocation services for apps that don't require them. This prevents unnecessary exposure of your location information
- Use the Tor browser: Tor is a privacy-focused web browser that uses a network of volunteer-operated servers to route your internet traffic through multiple layers of encryption. This obscures your IP address and helps protect your location. But, Tor browsing can be slower and some websites may not function optimally due to security restrictions
- Consider using a proxy server: Proxy servers act as intermediaries between your device and the websites you visit, masking your IP address and making it harder to trace your location. Whilst not as secure as VPNs, proxies can provide an additional layer of anonymity.
- Disable Wi-Fi and Bluetooth: When not in use, disable Wi-Fi and Bluetooth on your devices, as they can potentially leak location information through network connections or device discovery
- Be cautious of location-identifying information: Avoid sharing unnecessary location details on social media platforms, public forums, or websites. Check your privacy settings and limit the visibility of your personal information to trusted individuals or contacts
- Use encrypted messaging apps: When communicating online, use end-to-end encrypted messaging apps that prioritise privacy and security. These apps protect your conversations from interception and minimise the risk of location exposure through message metadata
- Regularly update software and devices: Keep your operating system, apps, and devices up to date with the latest security patches. Security updates often address vulnerabilities that could be exploited to track or identify your location.
Whilst these measures can enhance your privacy and make it more challenging to track your location, determined scammers with significant resources may still be able to identify your general location through advanced techniques.
What else can you do?
By understanding the motivations behind scammers' interest in location data, you can take appropriate measures to protect your personal data and guard against potential scams. To protect yourself from geolocation scams, think about the following:
- Be cautious when sharing your location data with apps and services, and only provide it to trusted sources
- Be sceptical of unsolicited messages, emails, or calls that ask for personal or financial information, especially if they claim to be from local organisations, utilities or authorities
- Educate yourself about common scams and stay informed about evolving techniques used by scammers
- Be aware of phishing attempts and suspicious communications that may exploit your location information
- Monitor your financial statements and credit reports regularly to detect any unauthorised activities
If you experience a geolocation scam or suspect fraudulent activity, report it to your local authorities and the appropriate online platforms or service providers involved.
Does VPN protect against scammers seeing your location?
Using a VPN (Virtual Private Network) can help protect your location privacy and make it more difficult for scammers to see your actual location. A VPN encrypts your internet traffic and routes it through a secure server located in a different geographic location. This process masks your IP address, which is a crucial piece of information used to determine your approximate location.
By connecting to a VPN server in a different region or country, you can appear as if you’re browsing the internet from that location. This can help protect your real location from being easily identified by scammers or other malicious actors who might be trying to track or target you based on your geographic information.
However, it's important to note that a VPN is not a foolproof solution and has its limitations. Whilst a VPN can hide your IP address and encrypt your traffic, it can’t completely eliminate all possibilities of location tracking. Advanced techniques and technologies employed by determined scammers may still be able to identify your general location or track your activities.
To maximise the effectiveness of a VPN in protecting your location:
- Choose a reputable and reliable VPN service: Opt for a well-established VPN provider with a strong track record in privacy and security
- Enable the VPN on all your devices: Install and activate the VPN software or app on all your devices, phone, tablet, computer etc, to ensure comprehensive protection
- Select a VPN server in a different location: Connect to a VPN server in a different country or region to mask your real location effectively
- Avoid leaking location information: Be cautious of any apps, websites, or services that might unintentionally reveal your location, such as GPS-enabled apps or social media platforms. Disable location services for applications that don't require them
- Regularly update your VPN software: Keep your VPN software up to date to benefit from the latest security patches and improvements.
Whilst a VPN can enhance your privacy and protect against many location-based tracking methods, you should put other security measures in place, such as being cautious when sharing personal information, staying aware of phishing attempts, and using strong, unique passwords to stay safe online.
Misuse of location data in the UK
In 2018, it was reported that the UK-based political consulting firm Cambridge Analytica had obtained and misused personal data, including geolocation data, from millions of Facebook users without their explicit consent. The company used this data to create psychological profiles and target individuals with personalised political ads during the Brexit referendum campaign and the U.S. presidential election in 2016.
Cambridge Analytica's actions raised concerns about privacy violations, data exploitation, and the potential manipulation of individuals' political beliefs based on their geolocation and other personal data. This case highlighted the potential risks associated with the misuse of geolocation data and the broader issues surrounding data privacy and ethical data practices.
Since then, there have been increased discussions, regulatory actions, and public awareness about the responsible collection, storage, and use of personal data, including geolocation information, to safeguard individuals' privacy and prevent unauthorised exploitation.
Keep all your data close
Before a scammer can exploit your location data they will probably have gathered some information about you. They might have done it by scraping social media profiles or possibly buying stolen personal data on the dark web.
The best way to avoid having your data stolen in a data breach and making you vulnerable to scams is to make sure it’s not stored amongst any data that gets stolen. You can get your data deleted from any company that no longer needs it by using our Rightly Protect service. It’s quick, simple and free and will tell you just who has your data and give you the chance to instruct them to completely erase it, if that’s what you want to do.
7 min read
How protected is your data
In 2018, the Data Protection Act was effectively the UK’s implementation of the EU’s General Data Protection Regulation, designed at its heart to protect consumers’ personal data, as well as govern how data is handled by organisations. The Act has been a valuable tool to give consumers control of their data. Should government proposals for new legislation easing the grip of GDPR be of concern?
9 min read
Spot scams and spring clean your data
In the middle of The Great British Spring Clean 2023, we thought it would be good to think about why it’s good to clean up your data, to help protect from scammers who will use it against you if they can.