Foursquare Fixes, Responds To “Who’s Been Here” Privacy Hole

Yesterday, Wired published a report detailing an issue with Foursquare privacy, whereby a program could effectively harvest Foursquare checkin data by constantly refreshing venue pages and looking to see which users were showing up in the “Who’s Been Here” section, which shows a grid of users who recently checked in at that venue. According to the article, white hat coder Jesper Andersen was able to log around 70% of all check-ins in San Francisco — or 875,000 checkins — over the last three weeks.

Today, Foursquare has addressed the report with a post on its official blog outlining the issue. As data breaches go I’m not sure this one was especially “sophisticated”, as Foursquare keeps calling it, but they apologize and explain what they’ve done to fix it.

From the Foursquare blog:

A little over a week ago (on Monday the 21st), our developers were alerted to a problem that enabled sophisticated users, by continuously scraping venue pages from our website through anonymous gateways, to capture private check-in information that users didn’t intend to share with the general public. Three days later, our team began rolling out a number of solutions to this problem. First, we ensured that any user that had opted out of appearing in the “Who’s Here” lists no longer appeared in the “Who’s Been Here” photo mosaics on our site (this fix went live last Thursday). Second, we updated the language on our “Settings” page to clarify what opting into the “Who’s Here” feature entails. Third, we randomized the order of the photos being posted under the ”Who’s Been Here” headings on our venue pages to prevent anyone from scraping this data to try to estimate check-in times of various users.

This won’t be the last time we hear about privacy issues with location-based services, where security and privacy are going to be key. That said, the privacy concerns for Foursquare, where users are explicitly checking into venues, are less worrisome than if this had happened with one that constantly monitors your location, like Google Latitude. And privacy hasn’t really been Foursquare’s big selling point, either — don’t expect to see much of an uproar from its users over this.

Information provided by CrunchBase


Leave a Reply

Your email address will not be published. Required fields are marked *