Thursday, May 16, 2019

Twitter Releases Data on a Bug Impacting Collection and Sharing of Location Data on iOS Devices


Security issues are becoming more and more a part of my reporting here.  Between reporting on HIPAA breaches, encouraging methods to protect your data, and reporting on security issues that can affect you both personally and professionally I’ve been pretty busy as of late.  As the Technology Evangelist, I’ve got a lot of subjects to cover and report to you on and currently it’s more focused on security.

This latest issue is from the team at Twitter.  The company recently announced that they were exposing location data of iOS users to a Third Party that they have some type of business relationship with.  Obviously if your location is being broadcast to someone without your permission, that’s a major invasion of your privacy.  The good news is that this problem affected a fairly small subset of users.  I feel the takeaway here is that sharing your location is something to really think about before doing it.  While there are certainly benefits to sharing your location, there are also serious detriments.  Weigh your decisions carefully!

Here is what Twitter had to say in their announcement:

You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.
Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature. 
Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.   
We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.
We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us.
We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day.
If you have any questions, you may contact Twitter's Office of Data Protection through this form.

No comments:

Post a Comment