‘Girls Around Me’ stalking app developer and Foursquare negotiate API access


Girls Around MeMaybe it was the New York Times, or maybe it was Cult of Mac, or maybe it was me.

I don’t know which journalist’s query triggered Foursquare—citing violation of API access policy—to turn off API access to Girls Around Me.

All I know is that when Foursquare told me about the API shutdown on Friday, I felt an odd mixture of empowerment and dismay.

Response from Foursquare

It’s easy to know where the empowerment piece comes from. It comes from a reversal of the nausea instilled by the stalkerish application.

If you haven’t yet read the Cult of Mac’s original reporting on the Girls Around Me application (I’m not comfortable calling this a “game”), you should know that it feeds off of publicly available geolocation information from Foursquare and Facebook to display maps of eligible “girls” (or “guys”) nearby.

Here’s how Cult of Mac’s John Brownlee described it in his original report:

"It’s when you push the radar button that Girls Around Me does what it says on the tin. I pressed the button for my friends. Immediately, Girls Around Me went into radar mode, and after just a few seconds, the map around us was filled with pictures of girls who were in the neighborhood. Since I was showing off the app on a Saturday night, there were dozens of girls out on the town in our local area."

Brownlee’s article describes how he pulled out the app at a party, only to watch female guests recoil at the way data from Facebook and Foursquare was depicted, with each woman represented on the map as a “Matrix-like” silhouette of a naked pole dancer or stripper.

Some of the guests’ comments:

“Wait… what? Are these girls prostitutes?”

“How does it know where these girls are?"

"Do you know all these girls?"

"Is it plucking data from your address book or something?”

The answers Brownlee gave: No, they’re not prostitutes, they’re just regular women. The data from the women (I’ll abstain from calling them “girls,” as I believe they were, in fact, adults), including their specific location, reams of photos, Facebook details including birthdays or relationship status or schools attended, had been publicly broadcast from Facebook and Foursquare’s check-in functions.

Girls Around Me app

Given the level of ignorance these women displayed regarding publicly available information, I knew I wanted to write about this application, but given what a wake-up call it was to me, I first wanted to find out what dirty laundry I had hanging on the line.

Thus, I contacted Foursquare on Friday to ask about getting a history of my geolocation updates. First off, do I have a history? Have I ever signed up for an account? Have my friends checked me into places (turns out Foursquare doesn’t allow others to check you in, but Facebook does)? How do I delete my history? How do I delete my house and address from being listed as a venue?

They responded within a few hours, telling me that they had revoked API access for Girls Around Me due to API access policy violation.

I was surprised, and a little dismayed, and as I said, a little gleeful.

Why I’m disappointed that Foursquare revoked Girls Around Me’s API access:

1. I wanted to give it a try. I wanted to stalk guys and girls in my neighborhood. Just to get a feel for how much information is out there.

I wanted to walk up to people in bars and start chatting with them about where they went to college (or high school, depending on how tender, young and juicy my targets turned out to be), their relationship status, what racy things they “Liked” on Facebook, or about the photos they posted on Facebook last weekend when they were drunk.

2. I wanted to stalk myself.

But in preparation for stalking myself, I wanted to dial down access to images and personal information on Facebook, and I wanted to check to make sure friends weren’t checking me in to places. I also wanted to make sure I hadn’t done anything bone-headed in the past, like create a geolocation stalker-aid myself.

In searching for geo-babbling apps on my phone, for example, I came across Twitter’s perpetual nagging for an update.

As far as my applications go, Twitter uses location, as does Yelp.

I’d decided long before Girls Around Me that I didn’t want to feed the stalker pipeline. Unfortunately, it’s impossible to uninstall Twitter from my phone, as it’s bundled into the operating system. If you want to snip Twitter’s thread, you have to uninstall it (if possible) or quit the application on your phone.

3. I thought Girls Around Me was an extremely useful tool to use to teach people how their geolocation and other supposedly personal data can be used in surprisingly stalker-ish ways.

We talk about this all the time in security journalism, but I’ve never had such a clear way to demonstrate how much information you can pull up on somebody.

Since the API access was pulled, Girls Around Me has voluntarily removed the application from Apple’s AppStore.

That’s not the end of it, though. Vlad Vishnyakov, Product Lead for Girls Around Me with the Russian app developer i-Free Innovations, told me on Monday that negotiations with Foursquare are in progress.

Vishnyakov sent me a lengthy statement (the same statement was sent to the Wall Street Journal, which published it in full) defending the application.

He also noted that Girls Around Me developers are working to hammer out their differences:

"Still hope to make our position and goals clear and willing to change the app to meet foursquare (and the community) requirements. Also, we planing to continue the app development but limit it to showing only public places and venues."

What exactly did Girls Around Me do to breach Foursquare’s API policy?

According to Foursquare, it has to do with aggregating information across venues. They told me:

"We have a policy against aggregating information across venues using information from our service, to prevent situations like this where someone would present an inappropriate overview of a series of locations."

I assume this means that i-Free Innovations messed up by broadcasting users’ locations without their explicit permission.

That’s a pretty darn good policy. It’s one thing to know, in the abstract, that your personal information, photos, location, address, and more can be used by some theoretical stalker. We yammer on about it in security journalism.

I watch people nod.

Their eyes glaze over.

Nobody was nodding and looking bored in Brownlee’s description of pulling out Girls Around Me at that party.

I hope the application comes back. I hope it comes back requiring explicit permission from users to be depicted on a map.

I want a tool like that. It’s worth a million words, and it’s worth a thousand finger-wags over privacy.

I doubt, however, that the application will be a showstopper at many parties if it does, however.

I doubt (and granted, I may be overly optimistic when it comes to people’s tendency to say yes to random applications, here) that those maps will be as well-populated.

I’m hoping that a requirement to explicitly request geolocation of users would turn those maps into ghost towns.

In the meantime, check your applications. Stay safe. Check what they’re beaming out about you. Check your children’s applications.

And if you read about an application that disturbs you, write to the developers, and/or to the geolocation service feeding it. If you’re appalled, let them know.

They might just be listening.