As surprising as it always is to me, I’m occasionally reminded that I don’t know everything. But when I’m shown not to know how my own website works, it’s more humbling.
A commenter on one of my blog posts recently pointed out the number of tracking applications which were in operation. I had no idea. (I’ve disabled (most of) them now).
And someone has just pointed out (and some others have confirmed) that, when visiting my blog on their iphone, it asks them whether they want to tell me their current location. I have no idea why. (I’m looking into it).
These two incidents illustrate a few things to me.
Firstly, for all my pontificating about data protection, and – sometimes – information security, I’m not particularly technically literate: this is a wordpress.com blog, which is the off-the-peg version, with lots of things embedded/enabled by default. Ideally, I would run and host my own site, but I do this entirely in my own time, with no funding at all.
Secondly, and following on from the first, I am one among billions of people who run web applications without knowing a great deal about the code that they’re based on. In a world of (possibly deliberately coded) back-door and zero day vulnerabilities this isn’t that surprising. If even experts can be duped, what hope for the rest of us?
Thirdly, and more prosaically, I had naively assumed that, in inviting people to read and interact with my blog, I was doing so in a capacity of data controller: determining the purposes for which and the manner in which their personal data was to be processed. (I had even considered notifying the processing with the Information Commissioner, although I know that they would (wrongly) consider I was exempt under section 36 of the Data Protection Act 1998)). But if I don’t even know what my site is doing, in what way can I be said to determine the data processing purposes and manner? But if I can’t, then should I stop doing it? I don’t like to be nominally responsible for activities I can’t control.
Fourthly, and finally, can anyone tell me why my out-of-control blog is asking users to give me their location, and how I can turn the damned thing off?
The consensus from lots and lots of helpful and much-appreciated comments seems to be a) that this location thingy is embedded in the wordpress software (maybe the theme software), and b) I should migrate to self-hosting.
The latter option sounds good, but I have to remind people that I DON’T KNOW WHAT I’M DOING.
The rather excellent Rich Greenhill seems to have identified the problem (I trust his judgement, but haven’t confirmed this). He says “WordPress inserts mobile-only getCurrentPosition from aka-cdn-nsDOTadtechusDOTcom/…DAC.js via adsDOTmopubDOTcom in WP ad script”…”Basically, WordPress inserts ads; but, for mobile devices only, the imported ad code also attempts to detect geo coordinates”.
So it dooes look like I, and other wordpress.com bloggers, who can’t afford the “no ads” option, are stuck with this unless or until we can migrate away.
We are informed that the code which asks (some) mobile users for their location when browsing this blog has now been corrected. Please let me know if it isn’t.