The Dark Side of 'Location Sharing' on Web

It seems so innocent: sharing your location on Foursquare or Google Buzz so the Web world knows where you are -- but it also broadcasts when you’re not home.

It’s called “location sharing,” but a new website called pleaserobme.com is warning users that burglars could be watching. The site aggregates publicly shared check-ins to illustrate the dark side of location sharing.

“It's easy to lose track of what you're actually telling people through your posts,” Boy van Amstel told Media Gaggle in an interview. Van Amstel is one of three founders of pleaserobme.com

Van Amstel talked, via e-mail, with Media Gaggle’s Rachel Boehm about the importance of “locational privacy” in social-media.

Q: Based on the posts/tweets/check-ins you have witnessed through your website, what are the biggest risks people face when using location-based services?

A: Over sharing. It's easy to loose track of what you're actually telling people through your posts. Let's say you just want to tell people you're sleepy and going to bed. If you share this message via a service that automatically adds your location, you might be also telling people where you live.

Q: The first example of a breech in “locational privacy” that comes to my mind is: I leave my Manhattan apartment. I check-in at Coney Island to Gowalla or Foursquare or a similar location-based service. This check-in gets posted on Twitter and Facebook. I return home later that day to find I’ve been robbed. But there are other possible scenarios that extend beyond my personal postings or check-ins. What are some examples of postings or check-ins that you have witnessed?

A: What inspired us to create the website was people not only posting the locations where they work, or their favorite restaurants, but also personal locations like their home or those of their friends and relatives. The getting robbed part is a way of getting attention; the general message is about making sure information you think is private, stays that way.

Q: You say on your website that you “love the whole location-aware thing.” Why? What are the pros, in your opinion, to location-based services like Foursquare, Brightkite, Loopt and the others?

A: An example of a useful purpose, in my opinion, for check-in based location services is freelancers without their own office space, who use Foursquare at the start of the day to let their clients know where they'll be located. The whole "location- aware thing" goes beyond check-ins though. Services like Foursquare are about broadcasting your location, while I think it's more interesting to see applications that use your location. For instance, by changing what information is displayed while you travel around.

Q: There is a lot of talk and reporting on the relevancy of, or desire for, privacy today. Speculation that Orwell’s “Big Brother” has become irrelevant as a threat or warning. That the average person is no longer concerned with Internet privacy. Do you agree?

A: It's interesting to see that a few years ago we were still wondering if we should be sharing our full names online. Sharing your real-time location seems a lot worse, but there's hardly any attention for it especially compared to the debate that was going on then. I find it hard to say why this is. Maybe it's because social networks have proven their use, people like them. The average person has learned to trust them, while a few years ago people were more cautious and skeptic. This might cause new features, like location-based messages, to be more easily adopted.

Q: How can we as a society of SNS users make “Big Brother” (i.e. Internet privacy and “locational privacy”) relevant again?

A: With pleaserobme.com we tried to confront people with the issue in a very personal way, with the information they share themselves. If you look at the attention we got, I'd say that worked. I think it's become a lot harder to protect your privacy online. A lot of people are probably sharing more information than they like, without being aware of it. Confronting them is a very easy, effective way of getting it to their attention.

Q: Between say, Americans and the Dutch, have you noticed a difference in the degree to which people are concerned with locational privacy?

A: Dutch people tend to be more relaxed about it. A popular defense is: "I have nothing to hide, so I don't care". On the other hand, location-based applications aren't as popular yet in Holland compared to the United States. This could change, but for now Dutch people seem to be more skeptical about it.

Q: Darren Black of confused.com stated that home insurance rates might rise due to clients’ use of SNS and location-based services. And/or that insurance companies might deny claims based on “customer negligence” (e.g. A homeowner is robbed and the robbery can be connected to their Tweeting/checking-in about their holiday vacation plans). What do you think about that?

A: It's interesting to see that the influence of social networks on the real world is growing. We'll probably see more things like this in the future.

Q: What tweets, posts, etc. have you witnessed through pleaserobme.com that have caused you the most concern? Shock?

A: This might have been exactly what we were trying to point out, but the amount of tweets by people who had no idea who could read their messages was quite shocking.

Q: When and why did you pull the Twitter feed on your site?

A: After about three weeks. At first a lot of tech-savvy blogs covered the story, they understood directly what we were getting at. We noticed that when the story spread, the message we were trying to get out there started to become more vague. Up to the point where people thought we had some magical device that could see people when they aren't home. What we decided to do then, was to remove the messages and instead focus on the blog posts and news coverage that explained how the site worked and what it's really about.

Q: At the time the feed was operating, did the site only repost Twitter feeds or did it also pull from foursquare? How exactly was the feed operating?

A: A feature a lot of social networks have these days is the option to link different social networks together. You can hook up your Foursquare account to Twitter. If you check-in on Foursquare, a message also appears in your Twitter timeline. While you might have a select group of friends on Foursquare, the purpose of Twitter is to be very open. Everybody in the world can read your message, if you don't have a private profile. You can very easily use Twitter’s search page to find all kinds of information, including Foursquare check-ins. So all we had to do was use Twitter’s API (http://developer.Twitter.com/), which is way for developers to retrieve information from Twitter, to retrieve all messages that contain a Foursquare check-in. The same concept is being used by all kinds of applications to show Tweets on their websites or in their applications.

Q: What precautions can users of social networking sites (SNS) take while waiting for SNS developers to adopt strict privacy settings and enforce them, either by choice or legislation? (e.g. Always sign out of Facebook. Not link your SNS accounts. Or as privacyrights.org puts it, use “Common sense, Caution and Skepticism”)

A: While it helps if SNS developers adopt stricter privacy settings, most social networks already have the option of enabling stricter settings. People just have to enable them. So a first step would be to check your privacy settings. Linking accounts makes privacy settings a lot more complicated, they have to match across networks. Which they often don't, like in the Foursquare/Twitter example I gave earlier. The most important thing, however, is probably common sense.

Q: Do you have any suggestions of online, or offline, organizations people can turn to get more information or further education on this subject?

A: Facebook has been getting a lot of negative attention lately, because of their privacy settings. Any information related to that is interesting. There are several agencies that specialize in online privacy, we've been in contact with the Open Security Foundation.

Q: A blog on Mashable by Jennifer Van Grove describes you and your fellow founders, Frank Groeneveld and Barry Borsboom, as, “three enterprising individuals.” How would you describe yourselves?

A: I think that's quite a good description. We all share an interest in new technology, Internet, social media and the effect it has on people. We like to invent quick, easy to deploy concepts like pleaserobme.com.

Q: Your homepage states that you are reviewing your e-mails “regarding the future of the website...” Any thoughts yet on that future? This is obviously an issue you are all concerned about. Beyond pleaserobme.com, what plans, if any, do each of you have regarding the issue of locational privacy?

A: Questions people ask us seem to shift from purely pleaserobme.com related to more generally online privacy related. That's a path we'd like to follow. 
 
 


Founders’ Bio's:

Boy van Amstel: “ I'm a concept developer and programmer. Particularly fond of thinking of and creating Internet applications, social media concepts and exploring the effect they might have on people. My area of expertise lies in using existing (cloud) services and sources to rapidly create innovative applications for all kinds of platforms. “

Barry Borsboom: “I'm a MSc Media Technology Student in Leiden. Beside my study I'm a freelance designer and love to craft cool interfaces, illustrate and create innovative Internet concepts. I'm also highly interested in cognitive psychology.”

Frank Groeneveld: “I'm a graduate student in computer science, receiving my MSc title in a few weeks. I'm interested in all kinds of web technology and open source software.”