The Internet is abuzz today with news of Please Rob Me, a service that claims to expose the dangers of geolocational social networking through a serious lesson in tough love: calling out how many "empty homes" are available for robbing when people check in elsewhere on Foursquare. It mostly picks on those users who automatically post their locations to a public Twitter feed. While those people deserve to be mocked (it's senseless, really), there's a serious question here: Is Please Rob Me actually helping the problem or making it worse?
A quick overview of the service from the site itself:
The danger is publicly telling people where you are. This is because it leaves one place you're definitely not... home...
The goal of this website is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc.
It's been said over and over again that "security is not convenient." Even I, who live and breathe security on a daily basis, am a fan of geolocational social networking. I am, however, also a fan of doing it safely. With Foursquare being my service of choice (Gowalla and Brightkite are also popular), I refuse to add anyone that I don't personally know and I would never auto-tweet or auto-Facebook my location. I also have a location on Foursquare set up for my home, but it's not anywhere near the place I actually live. At the same time, I have been foolish enough to post comments on Twitter such as, "Out dancing with so-and-so" or even complaining about the airline I'm currently flying, indicating that I would be away from home for several days.
While Please Rob Me is a much-needed slap in the face for users who don't use common sense with geolocational apps, there is a bigger problem in which novice computer users don't often exercise common sense online. Hence, the success of phishing scams. In security, we have rules under something called Responsible Disclosure in which under only rare circumstances would you publicly release a proof of concept (POC) without first notifying the company responsible for a vulnerability and giving them an opportunity to patch. While Responsible Disclosure in this regard does not apply here, doesn't exposing such human vulnerabilities only hurt the situation by putting this kind of tool into the hands of the wrong people?
At the same time, the responsibility generally falls on the person who is broadcasting his or her own location. But is Please Rob Me -- while garnering laughs -- only making it worse? The service's tagline is "Our intention is not, and never has been, to have people burglarized," but does that get them off of the hook?