Tips & Tricks for Technologists & System Administrators | About & Contact

Essential FourSquare Anti-Stalking Security Tips


Posted 2nd February in Other Technology, Social Media. 10 Comments

Currently I am in the Computer Science Master’s Program at West Chester University and I am focusing my research on Location Based Updates in Social Media and their societal and security implications. So you can say I think about this topic more than most normal people do.

FourSquare is a growing service that allows you to “Check in” to restaurants, grocery stores, museums and just about any place you can imagine. However, I have seen several of my friends checking in to locations which, I must say as a security research student, set off warning bells. Although I am calling out FourSquare specifically, these also apply to just about any other location based software where you broadcast your location to other folks, whether they are your friends or the general public. GoWalla and BrightKite are in the same boat.

As with any list, there are exceptions to the rule. So although I would say that you should generally avoid checking in at these locations and you can use it as a rough guide, things might be different for you personally.

Without further ado… here is my list of top FourSquare Check-in Locations To Avoid:

1. Checking In At Home

This one would seem to be obvious a few years ago. Remember the “old rules” when you got on the internet – don’t give anyone your real name, address, phone number or other personally identifiable information? It seems like this one went out the door when social media came into the picture. I’ve seen many folks posting the exact coordinates of their home, as well as when they are home. Between that and the fact that many users have their real names associated with their user ids, this becomes a huge security problem. Stalkers would love to get their hands on this information.

2. Checking In At Your Significant Other’s Home

Similarly to checking in at home, does someone need to know the location of your boyfriend’s, girlfriend’s or fiance’s residence? This information should be public knowledge.

Photo by epicharmus

3. Checking In At Your Bank

One thing you should never, ever let scammers, con artists, and identity thieves know is where you do your banking. Checking in even once at this location gives them not only an idea of the company where you bank at, but which branch you go to and the time of day you typically visit. This should definitely be a no-no. It’s like wearing an “I’m carrying cash” sign on your back.

4. Checking In While On Vacation

“I’m in Florida for the next 7 days with my whole family” is just begging for a burglar to come ransack your house. Maybe you have someone house sitting for you, or have some sort of security system in place, but I suspect many do not.

This is a tough one to follow. When you are on vacation in some interesting place, you want to tell your friends about it. What I tend to do is to check in, but not mention that my family is with me. This obfuscates some of the information and would hopefully give enough doubt to any would-be intruders to actually trying to break into your home.

5. Checking In At Your Doctor’s Office

In addition to calls of “TMI” this is another one that you should keep to yourself for privacy purposes. Someone could in theory call or visit your doctor’s office and get your personal medical information.

Photo courtesy of tidewatermuse

6. Checking In At Work, Depending on Your Job

This one depends highly on your job. If you are a security guard, you probably don’t want anyone knowing when you are on or off the job. However if you are a desk worker, you won’t mind if your friends, or anyone knows that you are indeed at work as this can be assumed.  If you are in the military and are deployed on a secret assignment in a foreign city, don’t think it is proper to check in anywhere in that city. (In fact, you might want to check in at a false location for misdirection, but that topic is for another day.)

Alternatively, if you are supposed to be at work but have called in sick, don’t check in at your favorite bar that night. It will reveal your ruse in an instant to anyone who is in-the-know enough to follow you on 4square.

7. Checking in at Your Child’s School

This is an addition from a friend, he mentioned that he makes sure that he never checks in at his children’s school. You don’t want to give someone a direct map and time table for when your kid is at school. This is another check in place that should be strictly off limits.

In conclusion, when checking into a location, be aware of what someone would do with that information if they had a malicious purposes. Maybe it is a bit paranoid, but I try to think of the above reasons before I check in at locations which could divulge sensitive information to unknown parties.

Sure you can restrict who you friend on these networks, but increasingly it has become obvious that criminals are using fake accounts to friend folks and “grow” their network. Be careful with who you friend and send all of your location information to. In addition to the above specific locations which can reveal sensitive information about you, any 4square user checking in at restaurants or other places divulge a pattern of travel that could be used against them.


Originally posted 20100202 and last touched 20100203
Dave Drager+ is the Chief Technology Officer at XDA-Developers, where he keeps the server farm running efficiently for millions of visitors per day. He has written previously for the technology blogs Lifehacker and MakeUseOf.


  • Pingback: Matthew Shepherd

  • Pingback: Location-based Social Networking Sites could benefit your business

  • Pingback: Does Foursquare Encourage Conspicuous Consumption? | Tyler L. Clark

  • Pingback: Kerri Goldsmith

  • Pingback: Christopher Rhodes

  • Pingback: Check-in addicted | Webeconoscenza

  • swytch

    Thanks to HIPAA Laws, number 5 is really a non-issue. There has to be written consent on file from you for each person or office(specifically) that you want your information (again the exact information to be made available is specified) released to on file before the information will ever be released. So 4square away you ailing 4squarers

  • Pingback: Social Sharing – October 26th : Catepol 3.0

  • http://davedrager.com Dave Drager

    True, HIPAA has made this aspect much more secure. But, from my admittedly limited knowledge of the subject, it seems that there are still security holes in that you could say you are the patient and want your chart faxed to another office, that kind social engineering trick. The thinking behind this entry on the list is that it is much better to not broadcast that information to the world.

  • http://www.globalshieldsecurityinc.com security guards

    You have some great points. I think we really need to be aware of how we are using Foursquare and other location-based social media. But I think we forget that if someone really wants to know when I’m not home that could see me leave my house every day to see what time I work, or even come to my door and ringing the doorbell to see if the answers anyone.