Nora Young reports:
It wasn’t a hack. It wasn’t a leak. It wasn’t even a mistake, really. But it showed how risky even anonymous data can be.
Strava, which makes a fitness tracking app and website, publicly shared a map of the world, covered in squiggly lines. Each of those lines represented running routes, uploaded by the app’s users.
And by now, most readers know the shock waves around the world when those running route maps showed running routes of military personnel and thereby also disclosed where bases and installations were.
CBC interviewed Arvind Narayanan as part of their coverage, and noted:
The Strava issue reflects a broader, misguided approach to data privacy by tech companies. “It’s not so much that each individual user’s behaviour affects only them, but in fact everybody’s behaviour collectively has an impact on everyone else’s privacy,” Narayanan explained. “Arguing that ‘your data is anonymized so you’re not going to come to any harm’ kind of breaks down here, once we start thinking of privacy as a collective issue.”
It may be that the Strava story is a watershed moment in the way we think about data, but that depends on the lessons we take from it. “The right lesson to draw would be that we need to have a more nuanced appreciation of what privacy means,” Narayanan said. “It simply cannot be boiled down to anonymity, or putting a bunch of check boxes…for users to figure out…[P]rivacy needs to be really integrated as a core part of the design process.”
Amen.
You can read the full article on CBC.ca.