Currently I am in the Computer Science Master’s Program at West Chester University and I am focusing my research on Location Based Updates in Social Media and their societal and security implications. So you can say I think about this topic more than most normal people do.
FourSquare is a growing service that allows you to “Check in” to restaurants, grocery stores, museums and just about any place you can imagine. However, I have seen several of my friends checking in to locations which, I must say as a security research student, set off warning bells. Although I am calling out FourSquare specifically, these also apply to just about any other location based software where you broadcast your location to other folks, whether they are your friends or the general public. GoWalla and BrightKite are in the same boat.
As with any list, there are exceptions to the rule. So although I would say that you should generally avoid checking in at these locations and you can use it as a rough guide, things might be different for you personally.
Without further ado… here is my list of top FourSquare Check-in Locations To Avoid:
1. Checking In At Home
This one would seem to be obvious a few years ago. Remember the “old rules” when you got on the internet – don’t give anyone your real name, address, phone number or other personally identifiable information? It seems like this one went out the door when social media came into the picture. I’ve seen many folks posting the exact coordinates of their home, as well as when they are home. Between that and the fact that many users have their real names associated with their user ids, this becomes a huge security problem. Stalkers would love to get their hands on this information.
2. Checking In At Your Significant Other’s Home
Similarly to checking in at home, does someone need to know the location of your boyfriend’s, girlfriend’s or fiance’s residence? This information should be public knowledge.
3. Checking In At Your Bank
One thing you should never, ever let scammers, con artists, and identity thieves know is where you do your banking. Checking in even once at this location gives them not only an idea of the company where you bank at, but which branch you go to and the time of day you typically visit. This should definitely be a no-no. It’s like wearing an “I’m carrying cash” sign on your back.
4. Checking In While On Vacation
“I’m in Florida for the next 7 days with my whole family” is just begging for a burglar to come ransack your house. Maybe you have someone house sitting for you, or have some sort of security system in place, but I suspect many do not.
This is a tough one to follow. When you are on vacation in some interesting place, you want to tell your friends about it. What I tend to do is to check in, but not mention that my family is with me. This obfuscates some of the information and would hopefully give enough doubt to any would-be intruders to actually trying to break into your home.
5. Checking In At Your Doctor’s Office
In addition to calls of “TMI” this is another one that you should keep to yourself for privacy purposes. Someone could in theory call or visit your doctor’s office and get your personal medical information.
6. Checking In At Work, Depending on Your Job
This one depends highly on your job. If you are a security guard, you probably don’t want anyone knowing when you are on or off the job. However if you are a desk worker, you won’t mind if your friends, or anyone knows that you are indeed at work as this can be assumed. If you are in the military and are deployed on a secret assignment in a foreign city, don’t think it is proper to check in anywhere in that city. (In fact, you might want to check in at a false location for misdirection, but that topic is for another day.)
Alternatively, if you are supposed to be at work but have called in sick, don’t check in at your favorite bar that night. It will reveal your ruse in an instant to anyone who is in-the-know enough to follow you on 4square.
7. Checking in at Your Child’s School
This is an addition from a friend, he mentioned that he makes sure that he never checks in at his children’s school. You don’t want to give someone a direct map and time table for when your kid is at school. This is another check in place that should be strictly off limits.
In conclusion, when checking into a location, be aware of what someone would do with that information if they had a malicious purposes. Maybe it is a bit paranoid, but I try to think of the above reasons before I check in at locations which could divulge sensitive information to unknown parties.
Sure you can restrict who you friend on these networks, but increasingly it has become obvious that criminals are using fake accounts to friend folks and “grow” their network. Be careful with who you friend and send all of your location information to. In addition to the above specific locations which can reveal sensitive information about you, any 4square user checking in at restaurants or other places divulge a pattern of travel that could be used against them.
Originally posted 20100202 and last touched 20100203