It’s the coolest social networking tool in the world. But is the geo-location app Foursquare a stalker’s dream? Just how easy it is to uncover the intimate details of a complete stranger’s life?
Guardian, 23 July 2010
Louise has straight, auburn hair and, judging by the only photograph I have of her, she’s in her 30s. She works in recruitment. I also know which train station she uses regularly, what supermarket she shopped at last night and where she met her friends for a meal in her home town last week. At this moment, she is somewhere inside the pub in front of me meeting with colleagues after work.
Louise is a complete stranger. Until 10 minutes ago when I discovered she was located within a mile of me, I didn’t even know of her existence. But equipped only with a smartphone and an increasingly popular social networking application called Foursquare, I have located her to within just a few square metres, accessed her
Twitter account and conducted multiple cross-referenced Google searches using the personal details I have already managed to accrue about her from her online presence. In the short time it has taken me to walk to this pub in central London, I probably know more about her than if I’d spent an hour talking to her face-to-face. She doesn’t know it yet, but Louise is about to meet her new digital stalker.
Foursquare is the latest social networking tool to generate online buzz. The story has become very familiar in recent years: a bright young thing develops an internet app that connects people and allows them instantly to communicate with each other; within months, a million or more people around the planet are using it; investors queue up expressing an interest and speculation begins about how much Google, Yahoo!, Apple or Microsoft is willing to throw down to snap it up. (To date, the speculative figure in the media has reached $100m.) Twitter, Facebook, MySpace and Bebo have all come before it, but Foursquare promises something new. After a decade of false dawns for the industry, it leads the way in a wave of new “geolocative” social networking tools.
Unofficially, at least, 2010 has been labelled by many within the technology world as the “year of location”. In addition to offering the communal connectivity of Twitter and Facebook, Foursquare also uses your smartphone’s global positioning system (GPS) to broadcast your precise location to your “friends” and, should you so wish, to the wider world. Users are encouraged to “check in” on their phone whenever they arrive at a point of interest – a shop, a cafe, a museum, a nightclub, an office – so that fellow users know where they are. A great way supposedly to see if any of your friends are around and about. Glance down at your phone and – as I did with Louise – see the names of all the other users around you within a mile or so and, crucially, exactly where they are and which fellow users they are with. (I was drawn to Louise because she was in a cluster of Foursquare users – albeit still rare, even somewhere such as London – and she was the user allowing a stranger such as myself access to the most personal information – photograph, full name, Twitter feed etc.) Visit somewhere a lot and you can even vie with other users to become its virtual “mayor”. If you feel so inclined, you can also leave a tip or review in the digital ether – “hey, order the bacon burger, it’s great!” – so others following can benefit from your experience.
Foursquare is now being widely touted as the app which will, after years of anticipation and prediction, mark the beginning of “life as a game” computing. Whatever you do, wherever you go, you will be scoring points, earning “medals”, and be in, at the very least, social competition with other users around you. What the ultimate prize is, no one is yet quite sure, but some companies have been quick to realise the potential of this technology with Starbucks, Debenhams and others offering loyal customerswho frequently check in to their stores rewards such as a free cup of coffee. Imagine a supermarket loyalty reward card synced with Twitter,Amazon reviews and GPS technology and you have some idea of Foursquare’s potency.
But with such power comes responsibility and there are growing concerns that Foursquare is proving to be a “stalker’s dream”. Sure, you might earn yourself a “free” decaf latte when you check in five times at a coffee shop, but at what price to your privacy? Last month, a coding expert called Jesper Andersen managed to capture the details of 875,000 check-ins in San Francisco – currently, the global hotspot of Foursquare use – over a three-week period after noticing a privacy glitch in the “who was here” function which allowed him to monitor who had been checking-in to any location, regardless of the users’ privacy settings.
“I’m trying to be white-hat [computing slang for a ‘good guy’],” Andersen told Wired.com. “It definitely felt icky at times.” He had asked users he knew to confirm his findings. “Some were grossed out by it, and a couple of people stopped using Foursquare. One had a stalker and got creeped out by it.”
Privacy advocates fear that Foursquare, along with other geolocation apps such as Gowalla and Google Latitude, are vulnerable to “data scraping”, namely, the sophisticated trawling and monitoring of user activity in an effort to build a rich database of personal information. The big worry, say critics, is who might get to make use of this information. Pick your paranoia. Someone with criminal intent, such as a burglar, identity thief or stalker? Governments, the security services or police? Terrorists? Or a corporation looking to target its products at you with incredible precision? Compounding the threat is that “friends” are much more readily accumulated in the online world of social networking compared to who we might choose to accept as friends in our “real life”. Accept a friend request in Foursquare without due care and you are potentially opening up your personal diary to a complete stranger.
Jason Stamper, editor of Computer Business Review, has criticised Foursquare for what he says is its lax attitude to privacy protection, describing the potential risks as “terrifying”. Stamper’s principal criticism is that
Foursquare’s default position on privacy is that users must “opt-out” if they don’t want any of their location-based details broadcast to friends and the wider world. Of course, Foursquare would be rendered virtually useless as a tool if a user did this so there is typically always some form of data exposure occurring when someone uses Foursquare. As has been repeatedly shown before with Facebook, the risks will often boil down to whether you really know who your “friends” are. “Many of these companies, such as Foursquare, are only paying lip service to privacy concerns,” says Stamper. “Their motivation is growth. They need a critical mass of users to make their service more useful so they have to leave their doors open as much as possible.
“Privacy seems to be very low down their priorities. In theory, if every user knows the risks, this is fine. But they just don’t. It’s being targeted at 18 to 25-year-olds. Facebook was forced in the end to change its default privacy settings due to public concerns. Foursquare should do the same. Some people are even checking in when they’re at home. Think of the implications. It’s crazy.”
The potential for someone to “layer” data about you is also a key concern, says Stamper. “Someone using Foursquare can accumulate a very detailed map of your habits when added to what they already know about you via Facebook, Twitter etc.
Simon Davies, the director of Privacy International, a London-based “watchdog on surveillance and privacy invasions by governments and corporations”, shares similar fears about the direction this technology is taking society. “It’s very difficult to extract yourself from it all once you’re in. And crossing the line into live feeds of locative information is a deeply worrying step forward. Technologically, it’s not a huge step, but, socially, it is huge. The big moral questions are being left to the app developers to answer at the moment. This is irresponsible. Users are being socially engineered into allowing this level of privacy invasion through the over-hyping of the benefits.”
Holding the smartphone in my palm with a full-screen picture of Louise on display, I enter. Inside, a football match is showing on various screens, pints of ale and chilled lager are being pulled, and huddles of friends are bent over tables laughing and in conversation. But after several sweeps of the pub I can see no sign of Louise, or anyone even vaguely matching her picture. So I check her Twitter feed again and see she’s just tweeted that she’s at a recruitment networking event. I ask at the bar if there’s a function room. “Yes, downstairs.”
Besides the gents, a glass-panelled door reveals a private room heaving with people in tight groups clutching glasses of wine. On a wall behind them, a large projector screen is displaying a “Twitterwall”, a way of showing to an audience a feed of any particular Twitter hashtag, in this case, the name of the networking event. So I goback up to the bar, set up a Twitter account under a pseudonym on my phone, and – not wishing to freak Louise out – send a public message using the event’s hashtag to the Twitterwall that I wish to talk to any of the
Foursquare users I can see on my phone who are currently in the pub. A five-minute wait and a further tweet later, Louise – sensibly accompanied by a male colleague – walks up to the bar area where I’m waiting and asks if I’m the person trying to make contact. It’s probably with a sense of relief that she discovers that I’m “only” a journalist investigating Foursquare.
So why does she use it? “My job in recruitment means that I try to stay at the forefront of technologies such as Twitter and Facebook,” she says. “I’m just messing about with it really. To be honest, I couldn’t see at first the obvious uses of Foursquare.” I then tell her the sort of information I have already managed to deduce about her life simply by using my phone. I show her that I have her own photo on my phone. She admits it’s a “little unnerving, to say the least”.
“I thought I was being very careful with what I was posting,” she says. “I never thought I was revealing personal information. I only use my maiden name when using social networking apps. And I never check in when at my kids’ school or at home. But, as you’ve shown, I can’t see who’s following me on Twitter. If I was going out for an evening with my girlfriends again, I don’t think I would now share it with the world via Foursquare.” (Louise’s setting on Foursquare automatically tweets her location whenever she checks into a location, which was how I could tell via her Twitter feed, without being her Foursquare “friend”, where she had been in recent days in such detail.)
Will she continue to use Foursquare, or at least tighten up her privacy settings? “It’s just early adopters at the moment, but I can see it having excellent uses for business, particularly in my line of work. Recruitment is a form of stalking, I suppose. But I can now see the negative implications of Foursquare in the real world.
“Checking in at home is really stupid. But people can still give away clues via Twitter, as I’ve obviously been doing. I suppose the benefit of checking in is to create a relationship, or say to people that you’ve gone somewhere interesting. It’s all part of social competitiveness, I suppose. It has become a habit for so many of us.”
Since Andersen exposed Foursquare’s privacy lapses so effectively last month, the company has made some minor alterations to how user check-in information is revealed to the public. (In March, Foursquare set up its “celebrity mode” with MTV and VH1 so that users could follow celebrity users, albeit with limited, controlled information about their location.) But a user’s location can still be automatically broadcast via their Twitter feed. Critics point out that a warning of the risks should be prominently displayed to users when they set up their accounts, and they are asked if they wish to link with their Twitter and Facebook accounts.
“We’re continually looking for ways to improve the sharing options that we provide,” responds a Foursquare spokeswoman. “For example, we recently updated our user-settings page to create more opt-out options related to sharing user data. We are working on a number of additional changes to give users more sharing options and further clarify the implications of sharing information via Foursquare. We encourage all of our users to check their privacy settings regularly to ensure that they’re comfortable with the amount of information that they’re sharing.”
The spokeswoman adds: “The majority of our sharing settings are opt-in – users need to actively accept friend requests to be directly connected with others, and users also need to opt into broadcasting their check-ins to their Facebook and Twitter accounts at each check-in, assuming they’ve decided to link their Facebook and Twitter accounts to their Foursquare account.”
Ten days ago Foursquare reached the two-million-users landmark, just three months after it had reached the one-million mark. A week earlier, the company received $20m in venture capital from a who’s who of Silicon Valley luminaries. It appears the trajectory for Foursquare is only upwards. But as the critical mass of Foursquare users swells and intensifies over the coming months and years, the concerns over privacy are likely to magnify. In June, Webroot, a Denver-based internet security firm, surveyed 1,645 users of “geo-location-ready mobile devices”, including 624 in the UK: 29% said they shared their location with people other than their friends; 31% said they accepted a friend request from a stranger; and, yet, 55% still said they were worried about their loss of privacy.
“The issue with location-based information is that it exposes another layer of personal information that, frankly, we haven’t had to think much about: our exact physical location at anytime, anywhere,” explained the creators of PleaseRobMe.com, a website set up to expose how vulnerable Twitter users can be when displaying location-based messages, earlier this year. “If you’re comfortable being a human homing beacon, that’s fine, we just want you to be fully aware of what that means and the potential risks it might involve.”