Sophos Cloud Optix
Maybe it was the New York Times, or maybe it was Cult of Mac, or maybe it was me.
I don’t know which journalist’s query triggered Foursquare—citing violation of API access policy—to turn off API access to Girls Around Me.
All I know is that when Foursquare told me about the API shutdown on Friday, I felt an odd mixture of empowerment and dismay.
It’s easy to know where the empowerment piece comes from. It comes from a reversal of the nausea instilled by the stalkerish application.
If you haven’t yet read the Cult of Mac’s original reporting on the Girls Around Me application (I’m not comfortable calling this a “game”), you should know that it feeds off of publicly available geolocation information from Foursquare and Facebook to display maps of eligible “girls” (or “guys”) nearby.
Here’s how Cult of Mac’s John Brownlee described it in his original report:
"It’s when you push the radar button that Girls Around Me does what it says on the tin. I pressed the button for my friends. Immediately, Girls Around Me went into radar mode, and after just a few seconds, the map around us was filled with pictures of girls who were in the neighborhood. Since I was showing off the app on a Saturday night, there were dozens of girls out on the town in our local area."
Brownlee’s article describes how he pulled out the app at a party, only to watch female guests recoil at the way data from Facebook and Foursquare was depicted, with each woman represented on the map as a “Matrix-like” silhouette of a naked pole dancer or stripper.
Some of the guests’ comments:
“Wait… what? Are these girls prostitutes?”
“How does it know where these girls are?"
"Do you know all these girls?"
"Is it plucking data from your address book or something?”
The answers Brownlee gave: No, they’re not prostitutes, they’re just regular women. The data from the women (I’ll abstain from calling them “girls,” as I believe they were, in fact, adults), including their specific location, reams of photos, Facebook details including birthdays or relationship status or schools attended, had been publicly broadcast from Facebook and Foursquare’s check-in functions.
Given the level of ignorance these women displayed regarding publicly available information, I knew I wanted to write about this application, but given what a wake-up call it was to me, I first wanted to find out what dirty laundry I had hanging on the line.
Thus, I contacted Foursquare on Friday to ask about getting a history of my geolocation updates. First off, do I have a history? Have I ever signed up for an account? Have my friends checked me into places (turns out Foursquare doesn’t allow others to check you in, but Facebook does)? How do I delete my history? How do I delete my house and address from being listed as a venue?
They responded within a few hours, telling me that they had revoked API access for Girls Around Me due to API access policy violation.
I was surprised, and a little dismayed, and as I said, a little gleeful.
Why I’m disappointed that Foursquare revoked Girls Around Me’s API access:
1. I wanted to give it a try. I wanted to stalk guys and girls in my neighborhood. Just to get a feel for how much information is out there.
I wanted to walk up to people in bars and start chatting with them about where they went to college (or high school, depending on how tender, young and juicy my targets turned out to be), their relationship status, what racy things they “Liked” on Facebook, or about the photos they posted on Facebook last weekend when they were drunk.
2. I wanted to stalk myself.
But in preparation for stalking myself, I wanted to dial down access to images and personal information on Facebook, and I wanted to check to make sure friends weren’t checking me in to places. I also wanted to make sure I hadn’t done anything bone-headed in the past, like create a geolocation stalker-aid myself.
In searching for geo-babbling apps on my phone, for example, I came across Twitter’s perpetual nagging for an update.
As far as my applications go, Twitter uses location, as does Yelp.
I’d decided long before Girls Around Me that I didn’t want to feed the stalker pipeline. Unfortunately, it’s impossible to uninstall Twitter from my phone, as it’s bundled into the operating system. If you want to snip Twitter’s thread, you have to uninstall it (if possible) or quit the application on your phone.
3. I thought Girls Around Me was an extremely useful tool to use to teach people how their geolocation and other supposedly personal data can be used in surprisingly stalker-ish ways.
We talk about this all the time in security journalism, but I’ve never had such a clear way to demonstrate how much information you can pull up on somebody.
Since the API access was pulled, Girls Around Me has voluntarily removed the application from Apple’s AppStore.
That’s not the end of it, though. Vlad Vishnyakov, Product Lead for Girls Around Me with the Russian app developer i-Free Innovations, told me on Monday that negotiations with Foursquare are in progress.
Vishnyakov sent me a lengthy statement (the same statement was sent to the Wall Street Journal, which published it in full) defending the application.
He also noted that Girls Around Me developers are working to hammer out their differences:
"Still hope to make our position and goals clear and willing to change the app to meet foursquare (and the community) requirements. Also, we planing to continue the app development but limit it to showing only public places and venues."
What exactly did Girls Around Me do to breach Foursquare’s API policy?
According to Foursquare, it has to do with aggregating information across venues. They told me:
"We have a policy against aggregating information across venues using information from our service, to prevent situations like this where someone would present an inappropriate overview of a series of locations."
I assume this means that i-Free Innovations messed up by broadcasting users’ locations without their explicit permission.
That’s a pretty darn good policy. It’s one thing to know, in the abstract, that your personal information, photos, location, address, and more can be used by some theoretical stalker. We yammer on about it in security journalism.
I watch people nod.
Their eyes glaze over.
Nobody was nodding and looking bored in Brownlee’s description of pulling out Girls Around Me at that party.
I hope the application comes back. I hope it comes back requiring explicit permission from users to be depicted on a map.
I want a tool like that. It’s worth a million words, and it’s worth a thousand finger-wags over privacy.
I doubt, however, that the application will be a showstopper at many parties if it does, however.
I doubt (and granted, I may be overly optimistic when it comes to people’s tendency to say yes to random applications, here) that those maps will be as well-populated.
I’m hoping that a requirement to explicitly request geolocation of users would turn those maps into ghost towns.
In the meantime, check your applications. Stay safe. Check what they’re beaming out about you. Check your children’s applications.
And if you read about an application that disturbs you, write to the developers, and/or to the geolocation service feeding it. If you’re appalled, let them know.
They might just be listening.
facebook is getting sick .and no respect for anyone one hear .dirty old men are the worse on facebook. they dont care how old you are no more im fed up with fake crap on hear .and what facebook alows men to put up or fakes is so dam rong its dangerus ,and stupide.it happens all the bloody time. facebook needs to get real to and better surcruity
Are you serious? I was so upset I could not finish reading the whole article. What about sexual offenders stalking young teenage girls? Does this girls around whatever limit the age of the females it locates? I am speechless. In societies quest to raise the standard of technology we have lowered our standard of morality by allowing the security of citizens especially our young children and teenagers to be jeopardized by things such as this.
Bear in mind that this app is collating publicly available information. Yes, it's doing so with a distastefully predatory vibe, but getting rid of GAM won't get rid of sexual predation. Sex offenders don't need an app to prey on victims. The reason I hope it comes back is because it's a crystal clear indicator of the types of information available on us, *with our consent.* If you want to do something useful with the news coverage of GAM (which, to give kudos to Cult of Mac's John Brownlee, was spectacular writing and intelligent, insightful reporting), don't shake your head about how distasteful the app is. Instead, show it to people who are clueless about geolocation and the ways it enables stalking. You read the comments by the women at the party Mr. Brownlee attended. People are clueless. Use this as a wakeup call. Put the coverage under their noses and help them to understand how they themselves are feeding apps like this with the information they post on Facebook and on Foursquare and other geolocation services. Teach them how to turn that data stream *off.*
You're right. Maybe GAM can do what Firesheep did. That made a difference in a lot of places (although not yet enough), like public Wifi points setting a (openly published) password.
I don't have a Facebook or Twitter account and this is the first time I've heard about Foursquare. I feel like I'm not losing out.
I don't have a Facebook or Twitter account, nor do I have a smartphone, and it's articles like these that make me glad of that. People putting their whole lives on display on FB and other "social media" will sooner or later get bitten in the ass by those very same social media, and I'll laugh and say "told you so".
"I assume this means that i-Free Innovations messed up by broadcasting users' locations without their explicit permission."
That's not what Foursquare said.
You know, it's not really a good idea to write about technology if you don't understand the technical talk.
I know it’s not what foursquare said, but it’s what their API access policy says, and GAM is clearly in violation of the policy to request explicit permission. They were in negotiations with iFree Innovations over a list of items, including things as rudimentary as displaying their logo properly. I don’t know the details of everything else they are/were negotiating, but I hope explicit permission is one of those items.
if you don't want twitter to have your location on your phone, don't tweet from it or, y'know, turn off the location feature in twitter that every mobile twitter app has a setting for. Just having the twitter application embedded in your ROM isn't leaking location like breadcrumbs