Windows 7's New Geolocation Service Introduces Privacy Problems

Cnet's Ina Fried is covering WinHEC, Microsoft's Hardware Engineering Conference, and has discovered that Windows 7 has a new system-wide service that will offer very easily accessible geographical location services for all devices and programs. Unfortunately, their implementation seems half-baked in the security front, opening the door to privacy problems that even Microsoft program manager Alec Berntson didn't have a convincing answer for. What is worse: They don't plan to fix them for the final release.

In previous versions of Windows, users didn't have a way to turn geolocation services on or off, since the hardware was accessed on an application by application basis. However, the user was able to launch the application—which usually came with his GPS device—knowing that it was a "good" program. Having no easy-to-use API also made it more difficult for programmers (good ones and evil ones) to create software for GPS hardware and grab the geolocation data.

In Windows 7, the new system-wide GPS service can be turned on and off by the user, who has the option to make it available only to applications as opposed to background processes. However, once you turn the service on, there's no way to limit access to specific programs: Anything that you launch will be able to access the GPS information without even warning you. Berntson admitted that this is problematic, because it opens the door for spoofing programs that could use this information mischievously.

We only promise the control that we can realistically give to them, rather than trying to promise more than we can deliver, Application-based control would be great to have and it is certainly on our Christmas list for future stuff.

On top of that, following a question by an attendee, Berntson pointed out that there will be no way to give a warning to the user when an application tries to access the GPS. He said that, even while this is technically possible, it's not in their roadmap for Windows 7.

As a close comparison, when an application requests access to geographic information in the iPhone 3G, the operating system asks you for permission first. This happens on an application by application basis, every time it runs. Hopefully, someone at Microsoft will realise how absolutely stupid this is and, at least, implement the warning service before the updated OS reaches the market. [Cnet via Lifehacker]