The growing popularity of  location-based services in the social networking world is a serious security and privacy risk that must be taken seriously.

These services, which allow users to share their whereabouts with other people by disclosing their own location, is a very popular trend on social networking platforms.  There are standalone services like FourSquare, Google Latitude or Gowalla that use a smart phone’s GPS coordinates to publicize a user’s location.

But now this feature has been introduced by default on Facebook, the world’s most widely used social network platform, exposing hundreds of millions users to all kinds of privacy invasion ramifications.

If we consider that it is estimated that more than a quarter of Facebook users access the site via mobile devices, these users are ideal candidates for such location-based services. Obviously, there are a number of benefits from using this type of service while interacting with your friends; however the security implications are substantial in that other people might be able to track your movements as well.

Of course, the question is how can tracking your movements affect your online security? While location-based technology provides trend-setting social media services, the potential for its misuse potentially outweighs its usefulness. There have been known cases where thieves break into a house after seeing that the owners were on vacation through the use of a social networking web site.

Criminals usually seek personal data for identity theft. Providing location-based information gives them additional information to further recreate your persona. Criminals used to be more reliant on social engineering to get personal information, but with social networks we see the trend of criminals being able to access publicly available information from the Internet – which gives them an edge – yet despite such security concerns, I think we are going to see more and more such features.

Some simple yet crucial advice then: do not post your location online if you don’t want people to know where you are and be careful whom you befriend on social networks. And bear in mind that the data you post on social networks could become public one day. Consider everything you post as potentially public and potentially a security risk.

Facebook users should consider turning off the new service by following these instructions:

  1. Go to the Account tab and choose “Privacy Settings” (top right of Facebook page).
  2. Click “Customize settings” in the “Sharing on Facebook” section. (bottom left)
  3. Under “Things I share”, click the option box next to “Include me in ‘People Here Now’ after I check in.”

You can also block others from tagging you with the new location service:

  1. Go to the Account tab and choose “Privacy Settings”
  2. Click “Customize settings” in the “Sharing on Facebook” section.
  3. Under “Things others share,” click on “Friends can check me into Places.”
  4. Click “Disable” from the list of options.

* Stefan Tanase is a senior security researcher at Kaspersky Lab. He specializes in monitoring Web 2.0 and social media threats.

Categories: Social Engineering, Vulnerabilities

Comments (2)

  1. Emily
    1

    Thank you for this.  I am going over to Facebook and removing this “service” right now.

  2. Scott
    2

    I think what you meant to write in the first set of instructions was “uncheck (or clear) the option box next to ‘Include me in “People Here Now”‘.” My box was unchecked by default. Had I clicked it, I would have “opted in” to the People Here Now feature.

Comments are closed.