Saturday, January 03, 2009

The dangers of GPS-enabled social networking apps

I recently purchased an iPhone 3G and have been enjoying using it immensely - it is definitely my kind of device. I love the e-mail and twitter integration, the zoom-able web browsing and the ability to read PDFs on a small form factor device. The playback video quality is excellent and the speaker means I don't have to risk strangulation with the earphone cord if I go to sleep with them in my ears. The integrated GPS and Google maps with street view is fantastic.

The GPS-aware dating apps sounded like a fun idea, so I downloaded "Who's Here". It seems like quite a fun, if slightly dangerous, way to meet strangers who might be nearby and interested in meeting up. "Who's Here" only gives an approximate distance to people in the neighbourhood, rather than an absolute position and so one might think that one is relatively unlocatable and hence safe. However, this assumes too much as will be explained later.

However, today, I came across BrightKite. BrightKite is an application that allows one to post one's current location to Twitter as well as to BrightKite's own tracking database. I signed up and installed the app to see what it was about and was astonished at how much information it keeps. Not only does it display your current absolute location (if you volunteer it via a check-in process), it records a history of all previous check-ins.

Using this information, I was able to discover who else had been near to my location in the previous few months. One of these people was a woman and by displaying her profile I could see where she had been over the previous few months.

The mind boggles at the safety risk this presents. A determined rapist would no doubt find such information very useful for finding vulnerable targets to attack, yielding as it does a detailed sketch of people's patterns of movement over an extended period of time.

Perhaps BrightKite can safely be used by travelers who never retrace their own steps, but it seems like anyone else is unnecessarily exposing themselves to stalking risk, particularly if they are in someway attractive to would be stalkers.

A note about the "safety" of "Who's Here".

On first glance, "Who's Here" appears to be safer than BrightKite because it only reveals a fuzzy distance between the current location of the observer and the observed. However, this isn't really fantastic protection because using triangulation techniques and observations taken from 3 different locations, an observer can pretty quickly locate with great accuracy a stationary observed person. The observed distances are themselves meant to be fuzzified to prevent triangulation working, however, it would be extremely surprising if the law of averages didn't ultimately work in the observer's favour.

The best way to eliminate the stalking risk such apps present would be to avoid using apps that reveal location data to unauthorised users. If you choose to use such apps, it would be best to minimize the time windows in which you make that information available to strangers (that is: make use of Who's Here's "sign-off" function) and avoid using it in places where you are commonly found.

Anyone who has questions about the issues documented here may direct them to me via e-mail to jon.seymour at


Post a Comment

<< Home