| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by ray__ 77 days ago
	I love this app, but it's also a significant doxxing risk especially for the large number of non-technical users that it has. A quick look at the map reveals the home addresses and names of many iNaturalist users in my neighborhood, lots of them older folks that probably don't realize that adding all of the neat wildlife that they see in their backyard (or uploading things they see on remote hikes without any 3G coverage once their phone connects to their home wifi network) is also putting their home address on display by adding a cluster of photos right next to their house that are all attached to their account.

11 comments

getpost 77 days ago

I can hide my home-based observation locations, but others usually do not. People who post observations in my front yard cause other iNat users to visit. This hasn't been a problem in that there have been only a few additional visitors, and they are friendly. Still, I don't like my yard being publicized.

People who walk by the yard might tell their friends, but ordinary word-of-mouth can't be queried online. Not yet.

EDIT: We did have what turned out to be a significant invasive species observation. It was published in my SO's account with the location obscured. I looked up the species online and realized it might be a concern, so I killed it and put it in the freezer. In the meantime, the California Agricultural Inspectors got wind of it and contacted iNat to obtain the email address associated with the account. After making contact, they sent someone to pick up my specimen, and the later, 4 inspectors (yes, really, 3 inspectors and a supervisor) were sent to look for additional specimens. None were found.

Unrelated to this incident, I posted endangered species (not on our property) in my account, and iNat automatically obscures the location. Later on, I got an ~~email~~ message via iNat from the California Department of Fish and Wildlife asking for access to the precise locations, which I gladly provided.

ray__ 76 days ago

Wow, I didn’t know that iNaturalist was so proactive about that sort of thing. It also sounds like you have a really cool yard! :)

getpost 76 days ago

I didn't mean to suggest that iNat is proactive, they may well be.

IIRC, the exact chain of events was: Invasive Species Observation posted -> a curator at the LA Natural History saw the post and notified the CDFA (Agriculture Inspectors) -> CDFA contacts iNat to get email address -> CDFA contacts my SO. I don't recall whether iNat had a built-in messaging service at the time (they do now).

Regarding endangered species, the California Department of Fish and Wildlife evidently joined iNaturalist, in part to enhance their data collection. They seem to be monitoring iNaturalist and contacting users who have relevant observations. They seem very sensitive to privacy concerns, and cooperation is voluntary. I'm thrilled a state agency is engaging the public in protecting our natural resources.

These state employees have indeed been proactive.

jakeydus 76 days ago

What was the invasive species??

getpost 76 days ago

That would be doxxing, not that it matters here.

jakeydus 76 days ago

I mean, I can see where you’re coming from but I think it’s a stretch.

wglass 76 days ago

Hah. I grew up when everyone had their names in the phone book with phone number and home address. It matters more to some people than others.

nkrisc 76 days ago

In many places home purchases are also public records and sometimes even published in local newspapers (online these days).

jpmattia 76 days ago

In fact, you had to pay extra to have your number/address omitted from the phone book.

FLGMwt 76 days ago

iNat eng here, non-authoritative rep

handling this concern is on our radar but I can't speak to delivery timeline. It my involve timed "obscured" windows (obscure things for this hiking weekend) and/or user-configurable geofences (obscure observations around my home but not anywhere else).

we _also_ want to respect the geoprivacy of wildlife: sometimes observations generate _problematic_ attention. For sensitive species, we want people to report them, but we don't want to be complicit in or responsible for interested people flocking to the observation and potentially spooking the observed species.

FLGMwt 75 days ago

oops, sorry, I double posted this from an edited draft, please see my other comment for more helpful links to actual iNat behavior on this.

whateveracct 77 days ago

Does this matter if my account is some random username about birds?

Like all people learn is "someone does in fact live at that address and they use this app"

ray__ 77 days ago

Maybe not, but I'd want to know beforehand either way. And looking through accounts near me suggests that a fair number of users add enough detail to make me think that they don't realize that their info is so public (selfies/profile pictures being the most problematic example imo).

ehnto 76 days ago

Depends on what linking credentials you may have registered with. If they have a data leak, those details will be linked to your address in that way.

Seems pretty unlikely even with a data leak, that someone would go through the effort, but it's worth acknowledging as a vector.

jszymborski 76 days ago

Yah, this is what I do, however I think this is what GP is talking about when they say savvy (or maybe I'm flattering myself). Plenty of folks with their full details on their profile.

whateveracct 76 days ago

Home ownership is in the public record tho, right?

jszymborski 76 days ago

Right, this is true, so it is possible to associate a person to their photos.

My main concern was revealing my home address, however, and I don't believe my actions on iNaturalist allow folks to go from my name to my address.

kiddico 76 days ago

I have my house covered in observations and it would not take a rocket scientist to figure out where I live. I'm also a big believer in accurately tagging observations with locations of things in case someone else wants to try to find it. If someone wants to come to my house and take pictures of spring tails they're welcome to lol

FLGMwt 75 days ago

hey, iNat eng here, just want to chime in that this is all great feedback!

here's [1] some extra info on iNat's current geoprivacy treatment and [2] guidance on how to configure this for our different platforms for individual `Observations` (our core domain entity to which geo is attached).

I'll at least share that this is on our radar to look at, but I wouldn't expect changes in the next few months. For now, we still want your observations, but if this is a concern you have, please take a look at the geoprivacy settings!

[1]: iNat's geoprivacy explainer https://help.inaturalist.org/en/support/solutions/articles/1... [2]: platform-specific guidance on configuring geoprivacy for an Observation https://help.inaturalist.org/en/support/solutions/articles/1...

ray__ 74 days ago

Thanks for chiming in, and for your great work on iNaturalist!

whyenot 76 days ago

I feel like this ship has already sailed. The home addresses of most people, especially if they have lived in the same place for awhile, is already online. In my case, even my salary info is online because I am a public employee.

nunez 76 days ago

100%; absolutely. Search your name and an old (or current) email address on any search engine. Prepare to be horrified when you see address, DOB, social media presence, etc. for you AND YOUR ENTIRE FAMILY neatly linked together.

One people search engine had ALL of my emails and screen-names, even the ones I created with my first Internet account as a kid in 1996. Wild stuff.

lithocarpus 77 days ago

Yeah.. there should be a prompt that gauges how savvy the user is, and if the user doesn't understand the implications of this, the default should be low precision location data with a random offset per item + random offset per user.

jayknight 77 days ago

It has options to hide or obscure the location, which I use whenever I'm anywhere near my house, but it should be a little better about prompting users to use that.

rwoll 77 days ago

Strava (a running tracking app) provides two helpful controls you can set as your default:

1. “Hide the start and end points of activities that start at SPECIFIC addresses.” 2. “Hide start and end no matter where they happen.”

Then it can be useful to add your home/work/routine locations.

If iNaturalist doesn’t have a setting like that, it’s a nice approach — especially if it’s included as part of initial onboarding flow — so it helps people without needing to remember to make visibility choices each time.

RobotToaster 77 days ago

There's an option to obscure the exact location of plants, but it's not obvious.

AStrangeMorrow 75 days ago

I mean I do agree, and on iNat I can clearly see my house and the house of a few other people in the neighborhood. However you can easily find the current owner information for a given house in the state I live in, and since we bought the house, our name.

I guess it is different once you look at people renting, and also you could track a specific person posts to see when they are posting away from home for example. But as far as revealing your home address, sadly there are many other ways in a lot of cases

deckar01 76 days ago

Wait until you see what happens when you type your address into google earth.

https://youtu.be/xicsyakpIL4