PleaseRobMe wants to turn its Foursquare jab into a real security operation
This week, Dutch group Forthehack launched PleaseRobMe, a site meant to expose the danger of location-based social networks such as Foursquare, BrightKite, Gowalla, and Google Buzz. Basically, PleaseRobMe says that every time someone posts his location in a location-based social network, that person is publicly announcing that he is not home, which could be taken to mean, no one is home.
To illustrate the point, PleaseRobMe rephrases public Foursquare posts to say, "@Username left home and checked in X minutes ago..." and then presents that person's current map location in a Twitter alert.
"Don't get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications. However, the way in which people are stimulated to participate in sharing this information, is less awesome," the site's description says. "The danger is publicly telling people where you are. This is because it leaves one place you're definitely not...home. So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the Internet we're not home. It gets even worse if you have 'friends' who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address...on the Internet..."
Naturally, the site gathered instant attention for its approach. Some called it totally irresponsible, while others agreed that it does show how careless some users can be with oversharing information.
Foursquare responded to the commotion caused by PleaseRobMe by saying, "The truth is, you could make something like this without using foursquare at all. Just try searching Twitter for the words 'headed to'...and you'll start to scratch the surface on all the location data a lot of us push into the internets, perhaps even without thinking about it.
"Anyway, we definitely 'get' the larger issue here -- location is sensitive data and people should be careful about with whom and when they share it," the company's blog said. "And at foursquare, we do everything we can to make sure that our users know with what people and social sites they are sharing their location with."
So little has changed for Foursquare, but PleaseRobMe is trying to turn its sarcastic jab at location-aware social networks into an actual security operation.
The site now leads with a blurb that reads: "We want to offer this Web site to a professional foundation, agency, or company that focuses on raising awareness, helping people understand and provide answers to online privacy related issues. If you're such a foundation, agency, or company, contact us."
You could call it fearmongering, but such a service may be necessary as more so-called "n00bs" adopt location-revealing technology.
Now that everybody and her grandmother is on Facebook, we can see just how clueless and vulnerable many tech-disinclined people are.
Last week, hundreds of Facebook users who type "Facebook" into their Google search bar rather than use the URL in the address bar were routed to a ReadWriteWeb article instead of Facebook when Google temporarily shuffled the search rankings. What followed is one of the most tragically hilarious comment threads of all time.
After reading it, you start to wonder if Foursquare couldn't eventually have posts from helpless users saying things like: "I'm walking unaccompanied down a dark alley with a pocket full of cash."
The problem with status updates and social location sharing is that privacy is incumbent upon the user, and many aren't capable of handling that responsibility. Foursquare's comments yesterday said "Foursquare only knows where you are when you decide to tell us (by checking-in)."
In this way, each post a user makes is a waiver of his privacy, fully left up to his discretion. This means that everything a user does not post is meant to be private. But the problem occurs when users post very frequently. When a user waives his privacy by default, he can become a target not for what he says, but for what he leaves out and deems "private."
Through simple deduction, an observer can watch for gaps in the user's content stream and learn when he's doing something he doesn't want to share with the public.