In association with heise online

01 July 2010, 14:45

Geolocators become a privacy problem

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Geolocation Although the Foursquare check-in service was only supposed to divulge users' locations to their friends, by using scripts that permanently monitored locations it was possible to trace users' movements. Wired magazine reports that developer Jesper Andersen used such a script in the San Francisco area and managed to associate almost 900,000 of these user check-ins with locations.

When users check in, they publish their (GPS) location via Foursquare. This allows other Foursquare users to see, for instance, whether they're sitting in a pub that's just across the road. Users can opt to publish their check-ins to their friends only. However, even if this restriction is in place, all locations show an image gallery of the latest 50 users who have checked in ("who's been here") along with their names. Andersen used a screen scraper to log the changes.

By repeatedly loading all Foursquare locations in the San Francisco area and comparing the images, the developer reportedly managed to log about 70% of all check-ins over a period of three weeks. Foursquare has taken various measures to solve the problem and, for instance, added an option for users to block publication of their names in the gallery. However, Andersen doubts that users will understand the purpose of this option.

The ability to fully monitor users could also play into the hands of people with malicious intent. Foursquare themselves addressed this problem a while ago, floating the question: "Can others misuse Foursquare to burgle my home?". It is possible for criminals to use Foursquare to find out whether someone is at home and then time their burglaries accordingly – the very thing the privacy settings are meant to prevent. Targeted attacks on business people are also conceivable. For instance, someone's location could be established in order to monitor their email traffic in an (open) wireless network.

On the other hand, users often have no inhibitions about broadcasting their current location and even announcing that they will be going on holiday for a fortnight on Twitter, Facebook and other similar platforms.

A recent comparison test between Foursquare and its competitors Gowalla and Brightkite conducted by uTest uncovered a total of 870 flaws, including various privacy issues, in the services' web and mobile apps.

Eighty per cent of test participants said that they are concerned about the potential misuse of check-in data, and almost half said that their privacy concerns prevent them from using such services more often.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit