News that Zabihullah Mujahid, the Taliban’s spokesman in Afghanistan, may last Friday have accidentally given away his real location (across the border in the Sindh region of Pakistan) should serve as a warning about how easily we can be tracked through our internet activity – and in particular our social network posts.
Mujahid started by sending a text claiming responsibility for an attack, which appeared to give away his location. He then tweeted to insist that he was actually located in Afghanistan, and that the apparent location leak was an ‘enemy plot’,
‘My Twitter account has been manipulated – as part of weak efforts of enemy plot, it showed that I am based in Sindh of Pakistan, I call this attempt as fake and shame [sic].”
‘Now, the enemy’s fake act has been exposed, and with full confidence, I can say that I am in my own country.’
The border region between Afghanistan and Pakistan is regarded as highly porous, and Afghan Taliban leaders are believed to seek shelter in Pakistan.
Twitter’s geolocation data is based on the HTML5 Geolocation API. This is supported by most modern browsers, although how they determine location varies greatly depending on the device used (a desktop browser will do this very differently than a phone). A desktop version of Firefox, for example, uses a Google web service to find location based on the user’s IP address, while Mobile Safari instead uses Core Location.
With reference to the Mujahid incident, Twitter observed that geoloaction data is based on latitude and longitude data or other information provided by users at the time of their message, and notes that,
‘Remember, once you post something online, it’s out there for others to see.’