Automate geoprivacy with user-defined geofences

I check the locations when I’m at home all the time, anyway. I have a decent mix of stuff taken with my big camera of birds, from when I’m inside the house where I have to manually mark the location, as well as stuff taken with my phone, either from inside the house or out, where the location is off enough to put it outside the proposed small geofence.

No, I’d be checking the obscuration for EVERY observation even still. Maybe the small area would catch most of them, but I’d still have to check all of them. My property is an odd shape, too, so unless irregular shapes could be drawn/uploaded manually, chances are accurate locations within my yard would still fall outside the proposed small area geofence.

And then of course still every observation when I’m out on my neighborhood walks would have to be manually obscured. And if I allowed myself to get lazy and NOT check the observations at my house, then I’d get into a bad habit and wind up with a lot of observations that SHOULD be obscured but aren’t. And it would happen, no doubt. I know how my mind works. I still say if I can’t make the geofence the size and dimensions I want, then it’s a “feature” that’s not worthwhile for me to even use.

I’m just going to chime in and say that it seems like most of the nay-sayers are people who would not use the feature as described. Development is incremental. Let’s get a basic feature out there and if people have more suggestions for improvement (give me an option to make the fence bigger, let it automatically change geoprivacy settings when you move the fence, change what happens when posts are obscured, etc. etc.) then we can address them later.

The kernel of this idea is a basic feature of many other apps that use geo data. You can geofence on Strava. It’s not perfect, because if people were really stalk-y, they could still find my neighborhood and the ‘donut-hole’ around my house, but if I were that worried about stalkers I wouldn’t use the internet. Can we agree to bump tiwane’s proposal to development and revisit this later?

3 Likes

yeah this stuff is just to make sure it isn’t easy. I have friends who dealt with stalkers and unfortunately with the real bad ones, nothing will be enough. In most states it isn’t hard to get an address for any landowner if you are persistent enough, for instance. All social media with photos might have something someone might recognize, etc etc. And then there are the hackers. So if you have a real serious problem you probably shouldn’t add anything to any internet or social media site from your home. Which is a bummer.

1 Like

Yes. The geofence is just to add a layer of difficulty, so that anyone who looks at my posts can’t just say, “Oh, look, his address is…”

1 Like

the way i look at it, if you’re going to advertise something as a security/privacy feature, it should actually provide security/privacy in practice. speed of development does not take precedence.

1 Like

I mean, that’s gotta be a balance. It’s not promising to be perfect, or it shouldn’t anyhow. It’s privacy not information security. If it’s so important that you are so worried you may just not want to use it anyway as there are always potential hackers, bugs, etc it’s a naturalist site not a bank website (and those get hacked too anyway)

2 Likes

having a black hat poking at the system is one thing. putting out a feature that you know is potentially flawed or potentially won’t deliver privacy in common use cases is another thing. in my opinion, privacy/secuirty should be near the top of the list of priorities when developing a system. just look at some of the headlines in the news. i hope iNaturalist doesn’t adopt a “move fast and break things” mentality in this case.

3 Likes

Currently, if someone does not use geoprivacy settings, the prevalence of observations in their backyard advertises their residence. iNat has a useful geoprivacy tool that sacrifices observation location specificity for the benefit of user privacy, but it requires the user to actively designate the geoprivacy for each post. This is not a security or privacy flaw, it is a convenience flaw. It just takes the effort of a few more button clicks and detail-setting. When I take pictures of bugs in my backyard, I’m usually playing with my kids, and want the observation workflow to be as streamlined as possible to minimize the interference. I don’t want to be dickering around with privacy settings.

The solution proposed is called a geofence. The way that @tiwane proposed it to function (initially) is to allow the user to locate a reasonably-sized fence inside of which all posts are automatically set to “obscured” geoprivacy, eliminating the need to do it manually. Users can at any time manually reset the geoprivacy setting of the posts.

@pisum if you have specific concerns about how this would make the situation worse, we all welcome the thoughts. I don’t think we are going to move fast and break things in this case.

5 Likes

@taitsougstad I agree, this isn’t going to break anything, and it has been talked about for a long time (since before the discourse groups). The votes clearly show there is support for the idea. I think it is likely to be implemented, so we don’t really need to argue FOR the proposal, but exploring possible detrimental impacts might throw up issues that haven’t been considered

1 Like

certainly if you stick to existing workflows, the addition of this geofence functionality seems harmless enough. but the new functionality would create the possibility for an alternative workflow(s) based on new assumptions that may or may not turn out to be valid. all i’m asking for here is for people to make sure the assumptions are valid (or at least valid to some level of confidence) before you build something based on those assumptions. (i’ve already provided one example of an assumption that GPS skills and devices provide accurate points. is that actually true? there are other assumptions that should be explored, too.) yes, it’s extra work, but, again, i have to stress that privacy/security should be near the top of priorities when developing this kind of system. and if it’s deemed to be too burdensome to do that extra work upfront, then i would say it’s probably not worth pursuing the change at all.

1 Like

Considering none of the recent participants in this conversation are the site developers I’d recommend taking a lil break until they rejoin the conversation unless folks have new thoughts to add.

5 Likes

I agree with Tait here. As far as I can tell, this is just to make things more convenient for those who a) make a decent amount of observations around their abodes (or some other place they don’t want others to see exact locations) with the mobile app and b) are dedicated enough iNat users to be savvy about geoprivacy and horizontal accuracy and be able to use the website. But maybe I’m wrong here, as I didn’t expect this request to get so many votes (not that it’s a bad idea at all, @bouteloua). I also live in a condo so make very few observations around my house except when a sweet spider gets inside.

@pisum I hear what you’re saying as far as making sure this doesn’t give anyone a false sense of security. Implementing will still take some time as it has to be written-up as a proposal, commented on by the team, then created and tested out among the team and perhaps users as well.

I’m going to close this for now and will make an announcement when there’s news about it. Again, almost any larger change will likely not happen until after the City Nature Challenge.

6 Likes

I want them all to the same spot as well. It prevents a loud which shows where you are anyway (because it has a center) as opposed to just one point which may be any distance away (as far as anyone knows) from where you are. With too many obervations maybe having all go to one spot will be suspicious, and invite people to look further into the surrounding areas… if it’s far enough away this isn’t a problem though - so the obscuration region should be more than a football field or more than a few city blocks wide.

while i like that idea (denote all obscured observations in the ‘grid’ in the same way) it is worth noting that they are not obscured within a perimeter, they are obscured within an existing grid. So if you make a bunch of obscured observations, it does make a rectangle but you probably won’t be within the center.

They used to obscure within a circle and indeed it could be used to infer where ones house or similar was if there were lots of observations.

1 Like

You’re in the rectangle, though. With one mark you might not think to notice that it is off, or might think that I am arbitrarily close, not knowing the range away I’ve set it to. With distributed obs, they give you the possible range of places, is what I’m saying. It’s a limited sort of effect, in that it also strains belief that multiple obs did come from the exact same spot, so people will notice something some of the time.

1 Like

I reckon all obscured observations that are of critically endangered species should have their location obscured by placing the pin at the location of the nearest police station.

2 Likes

One allowed geofence is better than none, but some of us have more than one residence or spend time on friends’ or family’s residences.

6 Likes

I would like the option to set “obscured” as the geoprivacy default, but this geofence feature could also address my main interest/concern.

There has also been at least one related post via the general forum here.