Places and Location Based Services (LBS)

After yesterday’s post on Facebook “Like” button, today’s post continues to present some of Facebook’s features that might put at risk your personal data and private information if no proper privacy settings are done to your Facebook account. Here you can find out how to adjust your Facebook privacy settings.

Regarding users’ personal information and privacy this blog shows how even applications designed by the SNS provider, in this case Facebook, can access users’ private information.

A contested application provided by Facebook itself is called: Facebook Places. According to Facebook Help Center:

“Places” is a Facebook mobile application that allows you to see where your friends are and share your physical location. You can check in to nearby Places to tell your friends where you are, tag your friends in the Places you visit, and view comments your friends have made about the Places you visit. Use “Places” to experience Facebook in a completely new way by connecting with your friends in the real world”.

Facebook Places application shows the geographical position where a certain place is located. Another feature allows the user’s friend’s to check him in with that particular location and the history of the user’s friends who visited that particular place during the time. For example, if the chosen Place will be the Eiffel Tower in Paris, additional information will be provided such as: exact location, tourist information, hours of operation, along with personal comments of friends that visited it in the past, similar to Trip Advisor reviews.

LBS means the delivery of a particular service/information based on a certain location. The location of the user is given by the location of his portable device (e.g. smartphone), and could mainly be determined by: GPS (built into the smartphone), which compares the timing of radio signals from satellites in space, by triangulation, which means the collection of directional signals from cell phone towers and/or through wi-fi local area networks, which track high-frequency radio signals from transmitters (smartphones).

It is uncontestable that a user can get useful information through LBS such as the weather forecast, the nearest restaurant, gas station, public transportation, news, tourist information and reviews, but the point Tony Dyhouse (cyber security director of the UK Digital Systems Knowledge Transfer Network) makes is that together users and providers should use them responsibly and most notably, the providers should know better how this applications works and which are the flaws or risks.  Users are not all educated about the technical functionality nor are they proficient in application development and usage. Thus they are more likely to not foresee and also disregard the potential risks (i.e. to be localized in a certain geographical area, location, place without his acknowledgment), which might occur for using a certain application.

Getting back to Places application, Graham Cluley, senior technology consultant at Sophos, declared for SC Magazine the following:

“This is one of the growth areas and it is beginning to gain momentum. We have seen documented cases of people who posted statuses of where they were and then got robbed, while there are cases of physical violence.”

In other words, by reading the Places post on Facebook, someone knows that the subject is on the French Riviera and his house in Brussels is unattended, and this would be a great opportunity for someone (who knows where the subject lives) to break into and take all the goods from the house. Another important aspect is the difference between someone who voluntarily updates his position as being on French Riviera, and someone who is signed in by a friend as being in a particular position/location without his acknowledgment. In practice, user X updates through Facebook Places that he is on French Riviera with friend Y, which could be the truth or sometimes could not be true. The person, who is involuntarily signed up as being in that location, might physically be there but also might not want his parents to know this fact. Furthermore, when the signed-up person is not even being physically there but someone made a bad joke or did it for another purpose, it could have negative effects (for example, his house could get broken in). This danger was also pointed out by Tony Dyhouse, Cyber Security Director of the UK Digital Systems Knowledge Transfer Network, who said:

“Location-based services have done a lot to improve our lives but people need to treat applications like Facebook Places with care. It’s important to realize what criminals can glean from where you are not”.

Furthermore, Tony Dyhouse’s personal concerns proves this application’s design flaws: “My main concern here is that the default setting for the location application will be ‘on’ – people need to be aware of the potential privacy risks associated with this.” Instead being delivered turned “on” as a default setting, the Facebook Places application could come turned “off” and the user could be informed and educated regarding how to use this application. From the SNS provider or developer’s perspective, these applications should be monetized somehow in order to sustain their development and keep the business rolling. Also by knowing where users frequently go, what they like, use and do, better-targeted advertising could be delivered through the SNS provider as a distribution platform, which nonetheless has a monetary value.

 Any questions can be submitted to:

dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used Place? Have you ever used LBS? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.