The Staggers

The New Statesman’s rolling politics blog

Need a new identity? Just steal someone else's

Wheretheladies.at highlights social networking security and privacy fears.

By Jason Stamper Published 13 October 2010 13:53

An opportunistic new website by the name of Wheretheladies.at should serve as a wake-up call to Foursquare and other social network users about the potential risks to their privacy and security -- especially those who are crazy enough to publish such personal details as their home address.

Wheretheladies.at uses publicly available information posted on social networking site Foursquare to find locations where a number of women are gathering -- from nightclubs to coffee shops. When it finds there's a correlation among a number of female Foursquare users it shows where they are and displays their Foursquare profile pictures so would-be stalkers -- sorry admirers -- can decide if it's worth turning up to 'meet' them.

It also sends the news out over a Twitter feed, for instance: "Bunch of ladies in yoga pants at The New Nail on Chestnut. They are talking about needing to find a man. Jackpot." Indeed.

I've written before about some of the potential risks with Foursquare, the social networking phenomenon adding 100,000 new subscribers every week, which encourages users to "check in" their location in order to win virtual badges. Users have the option of their precise location being shown on a Google map with an accuracy of a few feet, based on Foursquare's knowledge of their phone's co-ordinates via its GPS signal.

But while Wheretheladies.at may raise some eyebrows among women who didn't realise they were making quite so much information about themselves available to just anyone, what it actually highlights are the less obvious privacy and security risks of social networking sites in general.

Many Foursquare users opt to link their account with other sites such as Facebook or Twitter. This is particularly risky, because it makes it likely that even if you are careful about how much you give away on one site, anyone scanning two or three of them might find some worrying details about you and your movements unless you are very careful. Adjusting the privacy settings so that they work in concert across more than one social networking site requires a degree in astrophysics as well as a great deal of patience.

By way of illustration, I searched Foursquare for people who had "checked in" their home address -- telling the world exactly where they live and also displaying it on a handy map. I soon found an attractive 20-something year-old advertising agency executive, who had posted the address of her London flat. She had also "checked in" at her workplace, so I also knew where she worked and for whom.

She hadn't posted her full name on Foursquare, but I quickly found that on her Facebook page, along with her date of birth, which University she went to and what she studied. I also found that she likes house and trance music, her favourite film is Sex and the City 2 and she watches Louis Theroux and Come Dine With Me on telly.

I know from her Twitter feed about the trip she made to Paris for a couple of days last week, and where she goes to gym. I know, in fact, what she eats for breakfast, which bus she takes to work and when she is running late. I know that today she's at home in bed, with a heavy cold. Should I have some flowers delivered, or perhaps some cough medicine?

ID theft: not your dad's smash and grab

It's no laughing matter: identity theft is on the rise. It costs the British economy an estimated £1.7bn a year, with the number of Brits falling victim to identity theft jumping 23 per cent in the first quarter of this year alone, according to fraud prevention service CIFAS.

One factor behind the rise in ID theft is known to be the amount of personal information shared on social networking sites. As James Jones, consumer education manager at information services firm Experian puts it, "There is a huge disconnect between the privacy we crave and the information we give away on social networks. It's hardly surprising that identity fraudsters have been cashing in."

Fraudsters are still using more traditional techniques of scamming your identity such as going through your rubbish looking for bank statements and the like, which is another reason not to publish your address on any social networking sites like Foursquare.

So what does Foursquare have to say about all this? Here's what their spokeswoman told me:

We know that information related to location is more sensitive than a lot of other information shared through social networks, which is why we feel it's extremely important for our users to understand exactly where their information is being shared, and the implications of that sharing.

We never share a user's real-time check-in information with anyone that they haven't accepted as a Foursquare friend, and all of our sharing features can be opted into or opted out of. A user's location is never automatically shared -- they need to choose to check in when they're at a particular venue, and when they check in they can decide whether or not they want to tell their friends where they are, and whether or not they'd like to publish this information to Facebook or Twitter if they've chosen to link those accounts to their Foursquare account.

This summer, we launched some changes to our sharing settings to give users even more control over how they share their check-ins, and we posted some resources to further educate users on sharing through foursquare. We encourage all users to check their settings regularly to ensure that they're comfortable with where they're posting check-ins, and who can view that information.

You can access our privacy-related resources at http://foursquare.com/privacy. You'll find an overview of how we approach privacy/sharing on that page, along with a link to a detailed grid on our privacy settings and our privacy policy. Users with specific concerns can also contact privacy@foursquare.com.

Which is all well and good. But it seems that many users simply haven't understood the implications of their use of Foursquare and other social networking sites. The knowledge I easily found in a few minutes about one particular advertising agency exec could enable me to track her movements day and night to within a few feet, and could put her at a high risk of an identity theft attack or worse.

At the very least, it shows that knowing Wheretheladies.at is just the start.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

More from Jason Stamper

View the discussion thread.

13 comments

Fri, 2010-10-15 03:20 — Bozo (not verified)

@erage77 you do realize that I'm a clown don't you, and that if those hands at the top of the page were those of a respectable white clown, they wouldn't have two shades of nail polish and no gloves would they now? I trust you also realize that if those hands at the top of the page were indeed those of a 'woman' successfully engaged in identity theft, she'd probably already be outsourced to the states, have my job in identity theft at twice her pay and half mine, I would be unemployed, and she'd be stealing the identities that I should be getting paid for, and that would be more revolting and disgraceful than it already is, and as for ignorance and stupidity, I've damn-well earned it thank you.

Thu, 2010-10-14 11:48 — Sarah Lafferty (not verified)

Thanks Jason for alerting women to the dangers they may be unintentionally placing themselves in through these social media applications. A very compelling and informative read.

Thu, 2010-10-14 12:41 — Bob Dowal (not verified)

hear hear, another nice piece from Mr S, though I would also like to see some exploration of the current risk of phishing scams using URL shorteners which is a growing trend too.

Wed, 2010-10-13 15:07 — Millibod (not verified)

Anyone stupid enough to use these "social networking" sites deserves everything they get. "Social stalking" sites more like.

Thu, 2010-10-14 12:47 — Bozo (not verified)

Well if the hands on the keyboard at the top of the page were white, maybe these invasions of privacy wouldn't be happeneing, no?

Thu, 2010-10-14 13:15 — Bob Dowal (not verified)

@bozo this is not an issue of race. Criminals are criminals no matter their creed or colour.

Wed, 2010-10-13 17:09 — swatantra

Thats why we need biometric ID Cards to stop all this nonsense. You can't use someone elses fingers or retina.
Its a step that must reluctantly be taken to ensure the safety and security and well being of every individual.

Thu, 2010-10-14 13:55 — Captain N (not verified)

Where are the days where we didnt see the need to share everything we do all day or whatever with everyone in the world. Just keep that stuff to yourself and friends and avoid these "social networking" sites.

Wed, 2010-10-13 17:36 — Millibod (not verified)

The last thing we need are ID cards. Expensive, intrusive and unncecessary. Wrong wrong wrong.

Fri, 2010-10-15 16:12 — Friendly Fire (not verified)

Wow, scary article. Nice one NS!

Tue, 2010-12-07 00:09 — duhduh (not verified)

if i had good credit and a good back ground i would watch myself. im someone with bad credit and losing everything, so word of advicep PROTECT YOUR IDENTITY!!!!!!!!!!

Thu, 2010-10-14 18:47 — erage77 (not verified)

@Bozo you do realize those hands at the top of the page belong to a woman but thanks for showing the ignorance and stupidity this article highlights.

Wed, 2010-10-13 21:58 — DudeMamood (not verified)

This piece is not about ID cards, it's about people acting sensibly on social netwrk sites. Stamper is right -- more needs to be done to educate people like the muppet he mentioned who posted all that info; Jason can do blogs like this but the companies involved don;'t go far enough because they want as many people as possible to use them and drive up traffic and not worry about privacy.