Lifelogging: Private Location Tracking

So, I have started toying with location tracking as one function of a suite of lifelogging tools I’m crafting. I’m not comfortable trusting my location with companies whose business models are tied to collecting and using that information somehow, so rolling my own solution seems like a reasonable idea. Fortunately, the new HTML5 geolocation functionality makes web-based geolocation very, very easy.

My current setup is about 1 day old, so it certainly isn’t perfect (or 100% transparent, another main goal), but it logs my location to a webserver that I control, not one that someone else packages and sells.

It is a two-part solution: part 1 is a Chrome extension that triggers whenever a new page is loaded. Here are the main components of the extension:

Manifest.json
{
// Required
"name": "Lifelogging for Logan",
"version": "0.1",
"manifest_version": 2,
// End Required

// Recommended
“description”: “Periodically logs info to my database.”,
“icons”: {
“16”: “icon16.png”,
“48”: “icon48.png”,
“128”: “icon128.png” },
// Pick one (or none)
“browser_action”: {
“default_icon”: “icon48.png”,
“default_title”: “Lifelogging for Logan”,
“default_popup”: “options.html”},
// Add any of these that you need
“background”: {},
“chrome_url_overrides”: {},
“content_scripts”: [
{
“matches”: [“http://*/*”],
“js”: [“jquery-1.7.2.js”, “lifelogging.js”]
}],
“content_security_policy”: “script-src ‘self’; object-src ‘self'”,
“file_browser_handlers”: [],
“homepage_url”: “http://YOUR.DOMAIN.COM/”,
“incognito”: “split”,
“intents”: {},
“minimum_chrome_version”: “21.0.1180.79”,
“nacl_modules”: [],
“offline_enabled”: false,
“options_page”: “options.html”,
“permissions”: [
“geolocation”, // to query without user permission each time
“background”, // to let the extension run even if a Chrome window isn’t open
“unlimitedStorage”,
“clipboardRead”,
“clipboardWrite”,
“experimental”,
“idle”,
“tabs”,
“webNavigation”
],
“plugins”: [],
“requirements”: {},
“web_accessible_resources”: [
“icon16.png”,
“icon48.png”,
“icon128.png”,
“lifelogging.js”],
“sandbox”: []
}

and lifelogging.js (note the whitespaces to break the commands down from working live.)
$('body').ap pend('>ifr ame s rc="http://YOUR.DOMAIN.COM/chrome-extension-iframe.html" frameborder="0" id="Lifelogging_iFrame"></iframe>');

The plugin inserts and loads chrome-extension-iframe.html, which in turn receives the geolocation data and writes it to your private web database with PHP and MYSQL.

chrome-extension-iframe.html

<html>
<head> 
<script src="jquery-1.7.2.js">
</script> 
<script type="text/javascript"> 
if (navigator.geolocation) { 
//alert("Geolocation permission secured, initiating request."); 
navigator.geolocation.getCurrentPosition( function (position) { 
// success callback 
$.post( "http://YOUR.DOMAIN.COM/geolocate.php" , { 
// post attribute:value pairs list 
my_latitude: position.coords.latitude, 
my_longitude: position.coords.longitude, 
my_accuracy: position.coords.accuracy, 
my_altitude: position.coords.altitude, 
my_altitude_accuracy: position.coords.altitudeAccuracy, 
my_heading: position.coords.heading, 
my_speed: position.coords.speed, 
userid: "SOME.STRING.YOU.USE.TO.SORT.YOUR.RECORDS.AWAY.FROM.OTHER.USERS.OF.YOUR.SYSTEM" 
}, 
function( data ) { 
// Callback to process response from URL 
//alert("Response from geolocation server: "+data); 
} ); 
// Did we get the position correctly? 
//alert ("Geolocation allowed, did it work? lat: " + position.coords.latitude); 
// To see everything available in the position.coords array: 
//for (key in position.coords) {alert(key)} }, 
// next function is the error callback function (error) {
 myLatitude = 8; switch(error.code) { 
case error.TIMEOUT: alert ('Geolocation Timeout'); 
break; 
case error.POSITION_UNAVAILABLE: alert ('Geolocation Position unavailable'); 
break; 
case error.PERMISSION_DENIED: alert ('Geolocation Permission denied'); 
break; 
case error.UNKNOWN_ERROR: alert ('Geolocation: Unknown error'); 
break; 
} 
} ,{timeout:10000});
} else { 
// Permission not granted to record geodata alert("Refused geolocation permission.");
} </script> 
</head> 
<body> 
</body> 
</html>

As you can see, this HTML file gathers the browser’s reported geolocation data and squirts it over to geolocate.php for writing to the database. I’m posting a stripped down version of geolocate.php as it is a security risk to show the whole thing. Needless to say, scrub the input for malicious data:

 


//insert new record into log
$sql = “INSERT INTO lifelog_table_name (id, userid, event_type, value_1_name, value_1, value_2_name, value_2, value_3_name, value_3, value_4_name, value_4, value_5_name, value_5, value_6_name, value_6, value_7_name, value_7)
VALUES(‘$id’, ‘$userid’, ‘geo’, ‘latitude’, ‘$latitude’, ‘longitude’, ‘$longitude’, ‘accuracy’, ‘$accuracy’, ‘altitude’, ‘$altitude’, ‘altitude accuracy’, ‘$altitude_accuracy’, ‘heading’, ‘$heading’, ‘speed’, ‘$speed’)”;

$query = mysql_query($sql)
or die($_SERVER[‘PHP_SELF’]
. “: Was not able to geolog this event.”
. ” email SONANDSO about it.”
. mysql_error());

There you go! Location tracked every time you load a webpage. It is a good idea to encrypt the geodata before sending it to your server, which I’m not showing here. Think about using tools like blowfish, SHA512, MD5, etc. to protect yourself.

One thought on “Lifelogging: Private Location Tracking”

Leave a Reply