Need a new identity? Just steal someone else's

Wheretheladies.at highlights social networking security and privacy fears.

An opportunistic new website by the name of Wheretheladies.at should serve as a wake-up call to Foursquare and other social network users about the potential risks to their privacy and security -- especially those who are crazy enough to publish such personal details as their home address.

Wheretheladies.at uses publicly available information posted on social networking site Foursquare to find locations where a number of women are gathering -- from nightclubs to coffee shops. When it finds there's a correlation among a number of female Foursquare users it shows where they are and displays their Foursquare profile pictures so would-be stalkers -- sorry admirers -- can decide if it's worth turning up to 'meet' them.

It also sends the news out over a Twitter feed, for instance: "Bunch of ladies in yoga pants at The New Nail on Chestnut. They are talking about needing to find a man. Jackpot." Indeed.

I've written before about some of the potential risks with Foursquare, the social networking phenomenon adding 100,000 new subscribers every week, which encourages users to "check in" their location in order to win virtual badges. Users have the option of their precise location being shown on a Google map with an accuracy of a few feet, based on Foursquare's knowledge of their phone's co-ordinates via its GPS signal.

But while Wheretheladies.at may raise some eyebrows among women who didn't realise they were making quite so much information about themselves available to just anyone, what it actually highlights are the less obvious privacy and security risks of social networking sites in general.

Many Foursquare users opt to link their account with other sites such as Facebook or Twitter. This is particularly risky, because it makes it likely that even if you are careful about how much you give away on one site, anyone scanning two or three of them might find some worrying details about you and your movements unless you are very careful. Adjusting the privacy settings so that they work in concert across more than one social networking site requires a degree in astrophysics as well as a great deal of patience.

By way of illustration, I searched Foursquare for people who had "checked in" their home address -- telling the world exactly where they live and also displaying it on a handy map. I soon found an attractive 20-something year-old advertising agency executive, who had posted the address of her London flat. She had also "checked in" at her workplace, so I also knew where she worked and for whom.

She hadn't posted her full name on Foursquare, but I quickly found that on her Facebook page, along with her date of birth, which University she went to and what she studied. I also found that she likes house and trance music, her favourite film is Sex and the City 2 and she watches Louis Theroux and Come Dine With Me on telly.

I know from her Twitter feed about the trip she made to Paris for a couple of days last week, and where she goes to gym. I know, in fact, what she eats for breakfast, which bus she takes to work and when she is running late. I know that today she's at home in bed, with a heavy cold. Should I have some flowers delivered, or perhaps some cough medicine?

ID theft: not your dad's smash and grab

It's no laughing matter: identity theft is on the rise. It costs the British economy an estimated £1.7bn a year, with the number of Brits falling victim to identity theft jumping 23 per cent in the first quarter of this year alone, according to fraud prevention service CIFAS.

One factor behind the rise in ID theft is known to be the amount of personal information shared on social networking sites. As James Jones, consumer education manager at information services firm Experian puts it, "There is a huge disconnect between the privacy we crave and the information we give away on social networks. It's hardly surprising that identity fraudsters have been cashing in."

Fraudsters are still using more traditional techniques of scamming your identity such as going through your rubbish looking for bank statements and the like, which is another reason not to publish your address on any social networking sites like Foursquare.

So what does Foursquare have to say about all this? Here's what their spokeswoman told me:

We know that information related to location is more sensitive than a lot of other information shared through social networks, which is why we feel it's extremely important for our users to understand exactly where their information is being shared, and the implications of that sharing.

We never share a user's real-time check-in information with anyone that they haven't accepted as a Foursquare friend, and all of our sharing features can be opted into or opted out of. A user's location is never automatically shared -- they need to choose to check in when they're at a particular venue, and when they check in they can decide whether or not they want to tell their friends where they are, and whether or not they'd like to publish this information to Facebook or Twitter if they've chosen to link those accounts to their Foursquare account.

This summer, we launched some changes to our sharing settings to give users even more control over how they share their check-ins, and we posted some resources to further educate users on sharing through foursquare. We encourage all users to check their settings regularly to ensure that they're comfortable with where they're posting check-ins, and who can view that information.

You can access our privacy-related resources at http://foursquare.com/privacy. You'll find an overview of how we approach privacy/sharing on that page, along with a link to a detailed grid on our privacy settings and our privacy policy. Users with specific concerns can also contact privacy@foursquare.com.

Which is all well and good. But it seems that many users simply haven't understood the implications of their use of Foursquare and other social networking sites. The knowledge I easily found in a few minutes about one particular advertising agency exec could enable me to track her movements day and night to within a few feet, and could put her at a high risk of an identity theft attack or worse.

At the very least, it shows that knowing Wheretheladies.at is just the start.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

@Simon_Cullen via Twitter
Show Hide image

All 27 things wrong with today’s Daily Mail front cover

Where do I even start?

Hello. Have you seen today’s Daily Mail cover? It is wrong. Very wrong. So wrong that if you have seen today’s Daily Mail cover, you no doubt immediately turned to the person nearest to you to ask: “Have you seen today’s Daily Mail cover? It is wrong.”

But just how wrong is the wrong Mail cover? Let me count the ways.

  1. Why does it say “web” and not “the web”?
  2. Perhaps they were looking on a spider’s web and to be honest that makes more sense because
  3. How does it take TWO MINUTES to use a search engine to find out that cars can kill people?
  4. Are the Mail team like your Year 8 Geography teacher, stuck in an infinite loop of typing G o o g l e . c o m into the Google search bar, the search bar that they could’ve just used to search for the thing they want?
  5. And then when they finally typed G o o g l e . c o m, did they laboriously fill in their search term and drag the cursor to click “Search” instead of just pressing Enter?
  6. The Daily Mail just won Newspaper of the Year at the Press Awards
  7. Are the Daily Mail – Newspaper of the Year – saying that Google should be banned?
  8. If so, do they think we should ban libraries, primary education, and the written word?
  9. Sadly, we know the answer to this
  10. Google – the greatest source of information in the history of human civilisation – is not a friend to terrorists; it is a friend to teachers, doctors, students, journalists, and teenage girls who aren’t quite sure how to put a tampon in for the first time
  11. Upon first look, this cover seemed so obviously, very clearly fake
  12. Yet it’s not fake
  13. It’s real
  14. More than Google, the Mail are aiding terrorists by pointing out how to find “manuals” online
  15. While subsets of Google (most notably AdSense) can be legitimately criticised for profiting from terrorism, the Mail is specifically going at Google dot com
  16. Again, do they want to ban Google dot com?
  17. Do they want to ban cars?
  18. Do they want to ban search results about cars?
  19. Because if so, where will that one guy from primary school get his latest profile picture from?
  20. Are they suggesting we use Bing?
  21. Why are they, once again, focusing on the perpetrator instead of the victims?
  22. The Mail is 65p
  23. It is hard to believe that there is a single person alive, Mail reader or not, that can agree with this headline
  24. Three people wrote this article
  25. Three people took two minutes to find out cars can drive into people
  26. Trees had to die for this to be printed
  27. It is the front cover of the Mail

Amelia Tait is a technology and digital culture writer at the New Statesman.