As surprising as it always is to me, I’m occasionally reminded that I don’t know everything. But when I’m shown not to know how my own website works, it’s more humbling.
A commenter on one of my blog posts recently pointed out the number of tracking applications which were in operation. I had no idea. (I’ve disabled (most of) them now).
And someone has just pointed out (and some others have confirmed) that, when visiting my blog on their iphone, it asks them whether they want to tell me their current location. I have no idea why. (I’m looking into it).
These two incidents illustrate a few things to me.
Firstly, for all my pontificating about data protection, and – sometimes – information security, I’m not particularly technically literate: this is a wordpress.com blog, which is the off-the-peg version, with lots of things embedded/enabled by default. Ideally, I would run and host my own site, but I do this entirely in my own time, with no funding at all.
Secondly, and following on from the first, I am one among billions of people who run web applications without knowing a great deal about the code that they’re based on. In a world of (possibly deliberately coded) back-door and zero day vulnerabilities this isn’t that surprising. If even experts can be duped, what hope for the rest of us?
Thirdly, and more prosaically, I had naively assumed that, in inviting people to read and interact with my blog, I was doing so in a capacity of data controller: determining the purposes for which and the manner in which their personal data was to be processed. (I had even considered notifying the processing with the Information Commissioner, although I know that they would (wrongly) consider I was exempt under section 36 of the Data Protection Act 1998)). But if I don’t even know what my site is doing, in what way can I be said to determine the data processing purposes and manner? But if I can’t, then should I stop doing it? I don’t like to be nominally responsible for activities I can’t control.
Fourthly, and finally, can anyone tell me why my out-of-control blog is asking users to give me their location, and how I can turn the damned thing off?
UPDATE: 30.06.14
The consensus from lots and lots of helpful and much-appreciated comments seems to be a) that this location thingy is embedded in the wordpress software (maybe the theme software), and b) I should migrate to self-hosting.
The latter option sounds good, but I have to remind people that I DON’T KNOW WHAT I’M DOING.
UPDATE:05.07.14
The rather excellent Rich Greenhill seems to have identified the problem (I trust his judgement, but haven’t confirmed this). He says “WordPress inserts mobile-only getCurrentPosition from aka-cdn-nsDOTadtechusDOTcom/…DAC.js via adsDOTmopubDOTcom in WP ad script”…”Basically, WordPress inserts ads; but, for mobile devices only, the imported ad code also attempts to detect geo coordinates”.
So it dooes look like I, and other wordpress.com bloggers, who can’t afford the “no ads” option, are stuck with this unless or until we can migrate away.
UPDATE: 11.07.14
We are informed that the code which asks (some) mobile users for their location when browsing this blog has now been corrected. Please let me know if it isn’t.
informationrightsandwrongs 
It might be the google analytics you have on the blog. If you log into your google analytics dashboard, you can see a map of your mobile visitors (see https://support.google.com/analytics/answer/1011360?hl=en ).
The location data which you can get from the analytics dashboard is really detailed, so I would strongly suspect this is the source of the prompt. If you’re logged into your google analytics dashboard, click on audience on the left, then mobile, then devices, then click the Map Overlay tab (to the right of the explorer tab, above the graph on the page). Keep clicking on the map until you get down to city level data.
I’m not positive that it prompts the user for the location, but it is getting that location data somehow. Easy test would be to remove the google analytics code from your blog & see if the location prompt goes away.
Thanks Wendy – really appreciate your thoughts. This again illustrates a point – I don’t have a Google Analytics account, but it the tracker seems to be built into the Pilcrow WP theme I’m using, as does Kissmetrics. I see no way of disabling them.
It does seem that if I want to control tracking etc on the blog, I need to migrate away from WP.com, but I need to build my skills, because I don’t have the money to get someone else to do it 🙂
Pingback: D&IL 27: Data Breaches causes & Personal Data Markets