When you’re running a service that relies on users posting their current whereabouts, privacy has to be a top priority. Foursquare has done a pretty good job of navigating this minefield so far, with just a few minor missteps along the way. This weekend, though, marked foursquare’s first real step right onto one of those privacy landmines, highlighting their biggest privacy flaw in the process.
Cult of Mac was the first to post about the issue, which stems from their discovery of a Russian-built app called Girls Around Me. As its name suggests, Girls Around Me uses foursquare’s API to see the people â€” filtered by gender â€” currently checked in around a neighborhood (it’s powered by the same foursquare API endpoint that generates the “who’s here” list in the foursquare app). If they’ve linked their foursquare account with Facebook, it pulls public photos from their Facebook profiles and compiles them together for your
shopping browsing pleasure.
Foursquare moved quickly to shut down the app following the initial post, telling Cult of Mac:
We have aÂ policy against aggregating information across venuesÂ using our API, to prevent situations like this where someone would present anÂ inappropriate overview of a series of locations.
Girls Around Me’s real transgression, though, doesn’t seem to be violating foursquare’s API policies. It was getting noticed by a publication with a following big enough to raise a stink. It’s not the first app of its kind to be built on the foursquare API, and sadly, it’s not the worst.
The honor of first goes to Assisted Serendipity, an app that monitored your favorite venues and then alerted you when the gender ratio tipped in your favor. The alert included the profile photos of the users (of your preferred gender) who were currently checked in. I liked the app (and still do), but in reality â€” other than the Facebook connection â€” that’s not too far from what Girls Around Me was doing. It shows just how fine the line between clean and creepy is.
Assisted Serendipity was hyped heavily by foursquare co-founder Dennis Crowley at a number of speaking engagements throughout 2010, opening the door to other developers to follow a similar path. It’s still working just fine.
In my opinion, the worst â€” if you ignore Girls Around Me’s creepy silhouetted pole dancers on the splash screen â€” is Nock Nock. It’s a web-based service (covering just New York, San Francisco, Bangkok and Hong Kong) that does exactly what Girls Around Me was found guilty of, except it doesn’t pull photos from Facebook. You’d have to click the Facebook link and do that digging on your own if you liked the user’s foursquare profile picture enough.
Nock Nock creeped me out enough that I contacted foursquare about it shortly after it launched. Like Assisted Serendipity, it too is still running.
Sonar.me, Ban.jo and Grindr offer most of the same functions. They’re touted as ways of “meeting new people,” with the common, but unspoken, understanding that it means “meeting new peopleâ€¦ of the opposite sex.”
Those apps? Still working without a problem.
Girls Around Me’s developer defended his app in a statement to the Wall Street Journal, saying:
We believe it is unethical to pick a scapegoat to talk about the privacy concerns.Â We see this wave of negative as a serious misunderstanding of the appsâ€™ goals, purpose, abilities and restrictions.
Given the other apps that function in much the same way, it would appear Girls Around Me was indeed chosen as a scapegoat â€” an easy target to silence the critics.
The kerfluffle highlights foursquare’s biggest privacy flaw: the who’s here list. There’s a veryÂ fine line between legitimate uses for the data and creepy uses, making it ripe for abuse. Foursquare’s API is simply too open and there are too many apps for them to be able to monitor them all and make a judgement call about each one.
And to make it worse â€” as if the apps released to the public aren’t creepy enough â€” think of what someone could do on their own server with a lot of determination and a little programming skill that we’d never see. As just one example of the potential creepiness, it would take no time at all to build a simple script that monitors nearby venues for a single person and alerts you when they’ve checked in.
Foursquare users can opt out of the who’s here list (from the privacy settings page), but very few do. As I’ve had time to reflect on it over the past few days, I chose to opt out myself. I’ll still appear in the list for my friends, but no one else.Â As I’ve noted, the chances of abuse are just too great.
At this point, I don’t see how foursquare has any choice but to make the who’s here list an opt-in feature. Immediately. It serves very little purpose anyway. Unless you’re friends with someone, who really cares who else is checked in anyway?
That would have a significant negative effect on the apps who’ve built their business on that portion of the foursquare API, effectively shutting down the likes of Sonar and Ban.jo. It also would put an end to some of the serendipitous discovery of meeting new people via foursquare. It’s a steep price to pay, but it’s the right move for foursquare to make to show they’re serious about user privacy. As Girls Around Me has shown, it’s simply too easy to abuse.[poll id="26"]