Foursquare's privacy loopholes

Summary:Peril, you say? Before you play the social geolocation game, here are a few privacy issues to consider.

Foursquare and its geolocation game counterpart Gowalla were, from what I hear, all the rage at South By Southwest Interactive (SXSWi) this year. While I haven't tried Gowalla -- months ago they only had an iPhone app and I haven't been interested in checking back -- I am an avid Foursquare user, potentially to my own peril. Peril, you say? Of course. Any time you take to a social network you give up some of your privacy. This is especially true when using a social network that's sole purpose is to tell your friends where you are at any given time.

While it's true that the only way to ensure social network privacy is not to use social networks, there are still millions of people like me who flock to them every day for one reason or another. Specifically to Foursquare, there are a few items that I've written about before that deserve calling out after reports of mass lack of user awareness surfaced around SXSWi.

That said, Foursquare is a fun game and gaining points and earning badges is something that brings a smile to the faces of many Web geeks. However, don't go in blind. Three things to consider:

I'm The Mayor

If you check into a venue more than any other person during a set period of time you become the "mayor" of said location. In busier metropolitan or Web-savvy areas, this usually means that you are at this location a lot because there's so much check-in competition. While only your friends can see where you are at any given time, ANYONE who figures out your Foursquare user name can pull up your individual profile page and view the places of which you are mayor. This means, anyone smart enough might be able to figure out your most frequented hangouts and maybe even the times you are there (consider a bar, a dinner location, a gym, etc.). Combine this with information from Twitter ("going to my weekly girls night out!") and who needs PleaseRobMe.com? A little patience and paying attention could eventually yield positive results for whichever creepy person is watching your profile.

I'm In The Room!

This is an issue I've been talkingwhining about for months now. One of the features of Foursquare is the ability to be seen on a list of "Who's Here?" when checking into a venue. Lots of people have impromptu Foursquare meet-ups this way. Some people may not know that checking in puts them on this list, so I hope they are reading this blog post. In other words, I check in at my local Starbucks and settle in to do some work. Someone else -- a stranger, perhaps -- arrives not long after me and checks in. If I don't have this setting disabled (thanks, Foursquare, for the foresight) then he or she will see "Jennifer L. is here" when they check in. If that person is intrusive, he or she might seek me out. Suddenly that person can reach my profile, figure out where else I hang out, and so on. Is it a stretch? Maybe. Though I do know of some people who have had this happen and then immediately changed their settings.

Next: And it gets creepier -->

Who Are You With? Who Are You Not With?

This is perhaps the trickiest piece and it has everything to do with Twitter. When people check in they have the option of whether or not to send their check-ins to Twitter. A lot of people don't do this because they are aware that it compromises their privacy but announcing their locations to a public stream, but many people still do it. Sometimes they do it on a one-off basis. Foursquare allows you to choose this per check-in or allow you to choose that all of your check-ins go to Twitter. Here's the thing: If you have your Twitter account connected to Foursquare OR if you have not disabled the option that shows when you are at a certain place, you have no control whether or not someone else announces your location. For example:
  1. Bob Smith checks in on Foursquare and sends it to Twitter. "I am at Starbucks - Santa Clara (link to map)" shows up on Twitter.
  2. Pretend that I'm friends with Bob Smith and I happened to check in even hours before he did, but just haven't checked in anywhere else yet to clear my history. "I am at Starbucks - Santa Clara (link to map) w/@mediaphyter" shows up in Bob's tweets. This happens even if I personally choose not to send my check-ins to Twitter. This creates two problems. One, my privacy is innocently compromised by Bob. Two, it appears I am hanging out with Bob when really, I only checked in a handful of hours ago to grab a quick latte.

Also, to continue picking on Bob Smith, if he ousts me as mayor of that Starbucks and has it set to communicate such domination to Twitter, his feed now sees my name as someone who does frequent that particular Starbucks.

This can be avoided if people a) don't connect their Twitter names to their Foursquare profiles or b) don't allow themselves to be listed as checked in at any particular place.

But doesn't this defeat some of the fun of Foursquare? What if people want to tweet some locations (i.e. at a conference) and not others? Yet another example of privacy not being convenient.

What most scares me about Foursquare is how ignorant many users appear to be about their privacy and security. Same way people were with Twitter and Facebook and MySpace before they suffered their respective security and privacy hits. I witness -- and ignore -- at least 50 new friend requests per day on Foursquare from people I've never before met. Many of these people are clearly blindly requesting friends through who they follow on Twitter because often times, I get the same requests over and over and over. Does privacy mean so little to these people?

I think that Foursquare has done a tremendous job of considering privacy while creating a fun game. Some of these things can be user controlled and they just need to be aware. And some I do think that Foursquare can improve to protect their users while also protecting the excitement of the game.

Topics: Collaboration, Legal, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.