Facebook Puts You In Your Place

Today sees the launch of Facebook Places in the UK, a new service that allows you to use your iPhone or other touchscreen GPS enabled device to “check-in” and show the world where you are.

With the launch of this service, Facebook are jumping onto the geo-location bandwagon previously offered by the likes of foursquare and others. However with Facebook’s 500 million users and the ever increasing popularity of GPS aware mobile devices the could be the first time it hits most mainstream users.

Essentially Facebook places allows user to manually check themselves in at any location they happen to visit, which sounds great for locating friends and acquaintances who may be at the same place or event, but also has some serious privacy implications.

Like most things on Facebook who is able to see your updates and check-ins can be restricted by your privacy settings, and the check in process itself must be manually completed every time, so no one’s going to be able to follow from place to place unless you allow them to.

However in these default privacy settings, once you check in, even if you have set your location to be visible to “Friends only” Facebook will allow anyone else checked in nearby to see your location, that doesn’t sound ideal to me and could represent valuable information to someone with less than honourable intent.

By the way, to get here and change these settings you should click on Account in the top right of your Facebook screen, then choose Privacy Settings and then search for the very small “Customise settings” link on that page. As well as the settings shown in the image above, if you scroll down a little further you can choose to disable Friends being able to check you in, which is once again sadly enabled by default.

Unfortunately it doesn’t stop there, it is also possible to tag friends in your own check-ins, meaning that you can be “checked-in” either against your will or without your consent. Friends can check you in anywhere, regardless of your actual location, even making it look as tough you are somewhere you are not. Once another user has been tagged in your check-in, they receive a notification along with the option to remove the tag; but from the moment they are tagged, the information is posted on Facebook, without their consent, even if they have not started using Places themselves.

Also, it cuts both ways. If I check-in and tag a friend, then although my privacy settings should allow “Friends Only” to see my location, any friends of the person I tagged will see my location on that person’s wall.

Clearly this systems represents a massive risk to individual privacy. If Facebook persist in allowing check-ins by third parties then they need to ensure that the information is not made public until it has been agreed to by all people identified. Facebook should also ensure that any privacy settings are either fully respected or that the implications of your actions are make crystal clear.

Otherwise it means that anyone with an interest in the location of their potential burglary victims, friends, colleagues, partners even ex-partners simply needs to become a friend of a friend or just frequent the same places and Facebook will do all the espionage for them.

Facebook say: “When a friend checks in and tags you. If you’re already using Places, it’s like you checked in yourself without having to do a thing. If you’re not using Places yet, it’s just like being mentioned in a status update”

I say, it’s a lot more than that.

As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organisations. Recognised as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over 15 years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today.