Granular Privacy Controls


Have you seen It’s a location-sharing site designed to let users share their GPS data with others for a set period of time. The idea is that I can enable the service on my phone for 30 minutes and then send you a link to view my exact location. That way if you’re waiting for me to show up, or wondering why I’m late, you can immediately see where I’m at.

The potential uses cases are intriguing. Meeting some friends at a restaurant? Going to the mall with your family? Need someone to come pick you up? Just send them a Glympse link and they can track you for a period of time that you setup.  Maybe you want your co-workers to know where you are during the day, but not after 5pm.

But this isn’t the first location/tracking application. What I find most interesting about the service is that it promises users a fine level of control and flexibility over who can see the data, and for how long. Rather than making the data available to everyone who can see your profile, or making it be always on, users set the restrictions as part of enabling the app.

Whether or not granular privacy controls are effective is a worthwhile discussion. Some argue that the average users don’t care and won’t change the defaults, while others contend that users would grasp privacy if it was more easily obtained and configured. For years Facebook has made a habit of changing their privacy settings with little notice, often in ways that increase the confusion of users. Whether this is intentional or not is the meat of many conspiracy theories. After all, the goal of social media is to make people more social, not restricting information.

In a recent book, “Against the hypothesis of the end of privacy”, some researchers suggest that online users actually go through cycles of privacy in which they loosen up and then tighten their controls. We accept privacy intrusions to a point that they become uncomfortable and then react aggressively pushing back further than we intend. That provides an interesting challenge to the oft-repeated adage that privacy is dead.

Personally, I find the idea of granular privacy controls very appealing, especially the idea of configuring the settings for each piece of data I provide. Facebook has come a long ways in this regard, providing general settings while allowing users to over-ride settings for each post. But I think companies like Glympse are pushing the boundaries in terms of research and creativity. The challenge will be to find innovative ways to give users control while keeping the process quick and easy.

Will the general public grasp hold of the idea of controlling their data if the options to do so are convenient?  I think so. What do you think?

Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at or visit the Secure Ideas – Professionally Evil site for services provided.