From the putting-the-cat-back-into-the-bag dept, here’s a piece from Wired’s Issie Lapowsky on how old tweets contained precise location data that was accessible through Twitter’s API:
The tool, called LPAuditor (short for Location Privacy Auditor), exploits what the researchers call an “invasive policy” Twitter deployed after it introduced the ability to tag tweets with a location in 2009. For years, users who chose to geotag tweets with any location, even something as geographically broad as “New York City,” also automatically gave their precise GPS coordinates. Users wouldn’t see the coordinates displayed on Twitter. Nor would their followers. But the GPS information would still be included in the tweet’s metadata and accessible through Twitter’s API.
Twitter didn’t change this policy across its apps until April of 2015. Now, users must opt-in to share their precise location—and, according to a Twitter spokesperson, a very small percentage of people do. But the GPS data people shared before the update remains available through the API to this day.
It’s another example – as if we needed one – of the naivety within top social networks when it came to the collection and sharing of personal data.
What’s worse in this case is that Twitter’s software was not clear that it was gathering and sharing this kind of location data.
Twitter should have known better. Its response – that users had the chance to opt out and delete the data – is no response at all. Contrition remains in very short supply.