Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Windows 7's New Geolocation Service Introduces Privacy Problems

Illustration for article titled Windows 7s New Geolocation Service Introduces Privacy Problems

Cnet's Ina Fried is covering WinHEC, Microsoft's Hardware Engineering Conference, and has discovered that Windows 7 has a new system-wide service that will offer very easily accessible geographical location services for all devices and programs. Unfortunately, their implementation seems half-baked in the security front, opening the door to privacy problems that even Microsoft program manager Alec Berntson didn't have a convincing answer for. What is worse: They don't plan to fix them for the final release. In previous versions of Windows, users didn't have a way to turn geolocation services on or off, since the hardware was accessed on an application by application basis. However, the user was able to launch the application—which usually came with his GPS device—knowing that it was a "good" program. Having no easy-to-use API also made it more difficult for programmers (good ones and evil ones) to create software for GPS hardware and grab the geolocation data. In Windows 7, the new system-wide GPS service can be turned on and off by the user, who has the option to make it available only to applications as opposed to background processes. However, once you turn the service on, there's no way to limit access to specific programs: Anything that you launch will be able to access the GPS information without even warning you. Berntson admitted that this is problematic, because it opens the door for spoofing programs that could use this information mischievously.

We only promise the control that we can realistically give to them, rather than trying to promise more than we can deliver, Application-based control would be great to have and it is certainly on our Christmas list for future stuff.


On top of that, following a question by an attendee, Berntson pointed out that there will be no way to give a warning to the user when an application tries to access the GPS. He said that, even while this is technically possible, it's not in their roadmap for Windows 7. As a close comparison, when an application requests access to geographic information in the iPhone 3G, the operating system asks you for permission first. This happens on an application by application basis, every time it runs. Hopefully, someone at Microsoft will realize how absolutely stupid this is and, at least, implement the warning service before the updated OS reaches the market. [Cnet via Lifehacker]

Share This Story

Get our newsletter


Maybe I'm just not using my imagination, but why is it a massive security risk for a program on your computer to know where your computer is?

And even if that is a massive security risk somehow, then why is the system-wide service opening up a hole that wasn't already present by having a GPS device installed with regular drivers? Couldn't your malware just access that hardware without telling you anyway?