Can I Stalk You? An Intro to Location-Based Service Security

Have you been invited to use Foursquare or Gowalla? Or has one of your friends checked you into a restaurant or a club using Facebook Places? Congratulations, you’re now on the new frontier of social media: location.

Location-based services are sites available through mobile devices that use your exact geographical location to connect you to friends and businesses.

So now you have to decide: Do I need everyone to know where I am?

Okay. Maybe you aren’t letting “everyone” know where you are. Many services limit your information to your friends. But when you share your information with a network, you’re trusting everyone on that network to protect your privacy. So there’s always the potential when using location-based social media that someone you don’t want to see could find your exact location.

Background on Location Services

Google Latitude, which allows you to broadcast your location twenty-four hours a day using GPS  (global positioning system) technology, has been around for more than a year. And once it got over some initial privacy concerns, it basically became another one of Google’s innovative yet obscure services that not too many people use.

To date, only 4% of Americans have tried one a location-based service, and only 1% use one on a weekly basis, according to Gartner. People are not showing much interest in leaving digital breadcrumbs wherever they go.

So why do you have to decide now if you’re ready to start sharing your location?

First of all, more and more people are getting GPS -enabled smartphones. This makes cool apps like our free Anti-Theft for Mobile possible, and it makes it easy to broadcast your location. And more importantly, Facebook is getting into the location game.

How Will Facebook Places Change Your Life?

Facebook Places is now live in the United States, Canada, United Kingdom, Japan, France, Italy and Australia and has already sparked so much interest in location-based social networking that its competitor Foursquare just passed the 4,000,000 registration mark, which means it’s only 546,000,000 users behind Facebook.

With a user base of more than half a billion active users around the globe, Facebook intends to push location networking into the mainstream. It also has added another level to these types of services by allowing users to check their friends into locations. And of course, this could allow for some mischief.

The Potential for Mischief

Using Places, your Facebook friends could check you into places you shouldn’t be like a bar during your lunch hour. That could be a problem with your boss.

But this potential for mischief is inherent in Facebook. Your friends can already lie about you in status updates. Even worse, any of your friends could also easily tag your name in an embarrassing photo you may or may not be in.

(To prevent anyone on Facebook seeing you tagged in friends’ photos and videos you may not approve of, go to “Privacy Settings”>  “Customize Settings”> “Photos and videos I’m tagged in”> “Customize”> “Only Me”)

The best way to minimize risk whenever you’re on Facebook for any reason is to keep your friends list limited to the people you really trust. (If you need a fan club I’d suggest a Facebook fan page. That way you can broadcast Twitter-style without having to worry about sharing personal information and media with strangers.)

Get Your Settings Right

Facebook Places is perfect for two types of Facebook users: Those who have no fear about sharing the most intimate details of their lives and those who have mastered the privacy settings.

No matter who you are, Places should force you to take a good look at who is on your Facebook friends list. Facebook Places is at its safest when you share your location with the people you really trust. And if you don’t know and trust everyone you’re connected with, you need to control exactly who has access to your information every time you post.

Here’s some good advice from a Facebook representative about how to use Places:

“I would recommend creating friend lists to separate people you really trust from others. Then, use the publisher privacy control to send status updates to appropriate groups (and only them). I actually think it may make sense to tell people you really trust that you are gone through Facebook just as you would in person. Then, they can watch your place for you, feed your cat, etc… As for everyone else, if you wouldn’t tell them in person you were leaving town, you probably shouldn’t use Facebook to tell them. As always, we also recommend people only accept friend requests from others they actually know.”

You may want to start by limiting your Places to friends only. Go to “Privacy Settings”.  You can either set all of your “Sharing on Facebook” settings to “Friends Only” . Or click on “Customize Settings” and set “Places I check into” as “Friends Only”.

On this page (“Account”> “Privacy Setting”> “Customize Settings”), you can also decide if you want your friends to see you in a location’s “People Here Now” after you check in that location.

If you click the box to enable “Include me in “People Here Now” after I check in” you’re making it easy for your friends (and strangers, depending on your settings) to find you. Being found is kind of the whole point of places.  And it can be fun if you are open to being contacted by everyone on your friends list. The average person on Facebook has 130 friends and growing. That’s a long list to consider every time you check into a place.

That’s why Facebook and I recommend organizing your friends into lists and only sharing with the people you trust most. You can create lists of people you share with when you’re in town, and those very trusted people you share with when you’re on vacation. But you have to remember to limit your publishing settings every time you check into a place.

To publish your location only to specific people or a specific list, click on the button with a lock next to the “Share” button.

Select “Customize”.

Then select the list friends you want to share your location with. Again, you’ll have to repeat this every time, until Facebook comes up with a “Make this my default setting for Places” check box.

Are You Broadcasting Your Location Now Without Even Knowing It?

The website ICanStalkU.com is trying to make people aware that many smartphones are automatically tagging photos with location data.

You can turn off location tagging on your phone, using ICanStalkU’s handy guide.

The Potential for Physical Danger

Most of us were brought up to be deathly afraid of strangers being able to find us. So you are probably wondering: could using location-based services be dangerous?

It’s possible to imagine a scenario where a stranger could stalk you using the data you’re sharing on Foursquare or Facebook Places. But if you’re using Facebook at all, especially without practicing safer Facebooking, you’re making a stalker’s life easier.

USA Today’s Kim Komando describes a scary real-life scenario. Using Foursquare, a stranger found and contacted a woman as she was eating dinner in a restaurant . That’s the kind of scenario most of us would like to avoid.

If you have any concerns about being profiled or stalked, be very careful about any sort of geolocation services, and social media in general. A recent case suggests that, at least in the U.S., restraining orders are valid in cyberspace. But “better safe than sorry” is a good mantra to repeat while using the mobile Internet.

If you’re living in Mexico City where kidnapping occurs at “alarming rates“, using a service that broadcasts your exact physical situation would be insane. However, if you’re living somewhere where you feel safe in general, geolocating probably won’t add any more danger into your life than any social network would.

If that’s worth the risk of running into someone you didn’t want to see, give it a try. But don’t expect Foursquare to protect your privacy. Here’s a good source of information on how to secure your “check-ins” for Foursquare. You can these basic privacy concepts—like checking in to a destination as you leave—to most any location service.

If you’re an adult who is smart about what you share online, there aren’t many new security risks inherent in using location services. It comes down to this: if in the pit of your stomach you feel any concern about making your location known, don’t do it.

Property Theft

You may have heard about a crime ring in New Hampshire that allegedly targeted more than 50 victims based on their Facebook postings.  It’s a scary revelation that’s easy to sensationalize. The truth about this case is that the victims in this case were friends with the alleged perpetrators. And the victims were not using Facebook Places.

However, F-Secure Security Advisor Sean Sullivan points out that a thief is going to learn a lot more staring at your driveway than at your Facebook page. By using a location service you are making your schedule public, but you’re hopefully not publishing an exact record of who is at your home at any given time. The bad guys may know you’re out, but they don’t know who else is home.

It’s true.  Facebook has been used to facilitate crimes. But the same could be said for the white pages.

Again, Facebook becomes most dangerous when you “friend” people or make information available to people who you may not trust. Social networks make it easy to connect with people from your past or people who you’d never meet. Your information is only as safe as the most questionable member of your network.

Privacy

What you probably think most when you think about privacy is: How will this affect my ability to get a job I want?

Do you need your next boss to know that you at Taco Bell 5 times in March? Will being the “mayor” of a local pub help you during salary negotiations?

Will employers ever check applicants Foursquare accounts. Maybe not. But if they may well check your Facebook page, unless you’re in Finland or possibly Germany. And there they could find your Facebook Places data, unless you’ve carefully set your privacy settings.

This is something you need to think about before you start publishing your whereabouts. While most services intend to limit your data to your chosen friends, there is always a possibility that your social media data can go public.

The privacy of young people is a much more serious concern. Children with cell phones need to be instructed on how to use location-based services safely, if at all.

Experts have said that said teenage girls are most likely to be the victims of cyberextortion. Not too surprising. “Jailbait” websites specialize in gathering provocative pictures of young girls, which may or may not have been posted by the girl herself.

What if your child’s pictures ended up in a lurid site like that with the location information tagged to the image? That’s a privacy problem that could escalate into something much more dangerous. So let know your children know how to disable the geotagging settings on your their phones now.

Conclusion

We are at the dawn of a new era in social networking. Perhaps in a few short years we’ll all know where everyone is all the time. And as that happens, you know that the bad guys will come up with ways to use this technology against us. But for now, it’s a new frontier that might be worth exploring. Perhaps location-based fun will add  layers to your life you never imagined, the way Facebook and Twitter have.

Or you just may want to check out. Disable Facebook Places now and forget that you ever were invited to join a location-based service.

CC image by: David Fisher

More posts from this topic

twitter, changes

POLL: What Changes To Twitter Would You Like To See?

Little changes can make a difference. For instance, Twitter's decision to switch a star for a heart as its "Favorite" button increased use of the button by as much as 27.82 percent. And it's clear that despite Wall St. demanding that site grow faster and be easier for new users to grasp to have some hope of keeping up with competitors like Facebook and Snapchat, the site is still sweating the small stuff. Here are the four changes to the service announced this week: Replies: When replying to a Tweet, @names will no longer count toward the 140-character count. This will make having conversations on Twitter easier and more straightforward, no more penny-pinching your words to ensure they reach the whole group. Media attachments: When you add attachments like photos, GIFs, videos, polls, or Quote Tweets, that media will no longer count as characters within your Tweet. More room for words! Retweet and Quote Tweet yourself: We’ll be enabling the Retweet button on your own Tweets, so you can easily Retweet or Quote Tweet yourself when you want to share a new reflection or feel like a really good one went unnoticed. Goodbye, .@: These changes will help simplify the rules around Tweets that start with a username. New Tweets that begin with a username will reach all your followers. (That means you’ll no longer have to use the ”.@” convention, which people currently use to broadcast Tweets broadly.) If you want a reply to be seen by all your followers, you will be able to Retweet it to signal that you intend for it to be viewed more broadly. These tweaks are in line with Twitter's tradition of paying attention to how people use the site and make it easier for them to do what early adopters are already doing. That's how we got hashtags, retweet buttons and @ replies. Now you'll be able to tweet a bit longer messages, something people do now with screenshots of text, and have more public conversations, something people do now by putting a "." before someone's @username so their whole feed sees the conversation not just people who happen to follow you and the user you're conversing with. Cool. These are useful little nudges that will keep people who already love the site engaged -- even though they may have some ugly unforeseen consequences. But will they transform Twitter and spark a new wave of growth? Not likely. What would without alienating the hundreds of millions of loyal users? Tough question and we'd like to know what you think. [polldaddy poll=9429603] Cheers, Jason [Image by dominiccampbell | Flickr]

May 26, 2016
BY 
censored

5 Ways to ‘Uncensor’ Your Facebook Feed

Allegations that Facebook "suppressed" conservative news, first reported by Gizmodo, quickly snowballed into broader charges that Facebook "censors" viewpoints its employees doesn't like. Facebook is the first access point to the internet for hundreds of millions if not a billion people around the world. And for millennials in the U.S., it is their primary source for political news. Some have suggested that the site could actually tilt the 2016 U.S. presidential election. Hence Facebook takes these allegations and the damage they've done to Facebook's image among conservatives seriously. Users will never be able to control the "Trending" section of the site, which Facebook insists is handled objectively as possible through curators (and, apparently, a lot of help from Google). But you do have some control over your news feed, which is generated by Facebook's algorithm "Edgerank." There are things you can do to influence your feed in hopes of seeing a diverse flow of information that doesn't simply confirm your biases. Here are 5: Get rid of the noise. Go to https://www.facebook.com/friends/organize and add the people you want to get less news from to your "acquaintances" list. You'll see their posts a lot less often and -- best of all -- they'll have no idea you've demoted them. Let Facebook do less of the picking for you. On the left column of your home page, under Favorites, next to News Feed click the arrow and select "Most Recent". This won't turn off Facebook's algorithm completely, but it will make it more likely you'll see a diversity of sources in your feed. Trust someone. Find a few people you respect who have a different political leanings than you and ask them for one Facebook page to follow. Just one? That's enough. Once you like the page, Facebook will help from there by suggesting a few pages with similar leanings. Of course, you're relying on Facebook's recommendations. But if you don't trust Facebook at all, this would be a good time to delete your account. Prioritize the new blood. Click on the down arrow in the upper right corner of any Facebook page and select "News Feed Preferences" and then select "Prioritize who to see first" and then on the dropdown menu select "Pages only." Now click on those new pages you just added to your stream -- along with the other valuable news sources you think help keep you informed. 5. Teach Facebook what you like. When you see something you like, click on it, comment on it, interact with it. Facebook exists to keep you in Facebook and will reward your clicks with similar content. And if you get a post you don't like, you can tell Facebook by clicking on that subtle little down arrow, which will show you this: Yes, you're sort of "censoring" your feed. But at least it's you doing it. Cheers, Jason [Image by Turinboy | Flickr]

May 18, 2016
BY 
Facebook videos

How far are you ready to go to see a juicy video? [POLL]

Many of you have seen them. And some of you have no doubt been victims too. Malware spreading through social media sites, like Facebook, is definitively something you should look out for. You know those posts. You raise your eyebrows when old Aunt Sophie suddenly shares a pornographic video with all her friends. You had no idea she was into that kind of stuff! Well, she isn’t (necessary). She’s just got infected with a special kind of malware called a social bot. So what’s going on here? You might feel tempted to check what “Aunt Sophie” really shared with you. But unfortunately your computer isn’t set up properly to watch the video. It lacks some kind of video thingy that need to be installed. Luckily it is easy to fix, you just click the provided link and approve the installation. And you are ready to dive into Aunt Sophie’s stuff. Yes, you probably already figured out where this is going. The social bots are excellent examples of how technology and social tricks can work together. The actual malware is naturally the “video thingy” that people are tricked to install. To be more precise, it’s usually an extension to your browser. And it’s often masqueraded as a video codec, that is a module that understands and can show a certain video format. Once installed, these extensions run in your browser with access to your social media accounts. And your friends start to receive juicy videos from you. There are several significant social engineering tricks involved here. First you are presented with content that people want to see. Juicy things like porn or exposed celebrities always work well. But it may actually be anything, from breaking news to cute animals. The content also feels safer and more trustworthy because it seems to come from one of your friends. The final trick is to masquerade the malware as a necessary system component. Well, when you want to see the video, then nothing stops you from viewing it. Right? It’s so easy to tell people to never accept this kind of additional software. But in reality it’s harder than that. Our technological environment is very heterogeneous and there’s content that devices can’t display out of the box. So we need to install some extensions. Not to talk about the numerous video formats out there. Hand on heart, how many of you can list the video formats your computer currently supports? And which significant formats aren’t supported? A more practical piece of advice is to only approve extensions when viewing content from a reliable source. And we have learned that Facebook isn’t one. On the other hand, you might open a video on a newspaper or magazine that you frequently visit, and this triggers a request to install a module. This is usually safe because you initiated the video viewing from a service that shouldn’t have malicious intents. But what if you already are “Aunt Sophie” and people are calling about your strange posts? Good first aid is going to our On-line Scanner. That’s a quick way to check your system for malware. A more sustainable solution is our F-Secure SAFE. Ok, finally the poll. How do you react when suddenly told that you need to download and install software to view a video? Be honest, how did you deal with this before reading this blog?   [polldaddy poll=9394383]   Safe surfing, Micke   Image: Facebook.com screenshot      

April 22, 2016
BY