I Know Where You Were Last Summer: Chrome Extension Reveals Users’ Movements
It’s probably naive to expect even the tiniest measure of privacy in an age of pervasive surveillance, but you could be forgiven if you thought Facebook Messenger was a source of respite. That sadly isn’t the case — a new browser tool developed by a Cambridge, MA student reveals that Messenger, if left configured on the default setting, can be quite invasive.
The Chrome extension, dubbed “Marauder’s Map” in a tongue-in-cheek nod to Harry Potter, harvests your friends’ location data to map a history of their movements over time. It works like this: if your friends use Messenger on mobile and have opted in to location sharing, their coarse latitude and longitude is recorded with every reply and text they send. “Marauder’s Map” pulls that data from Javascript objects in the Messenger web client and presents it as dots and lines over a geographical map.
Location sharing is an optional feature, but it’s easy to leave it enabled unwittingly — at no point during the Messenger app setup process are users informed that location tracking is turned on by default. Switching it off isn’t exactly arduous — you need only jump settings and uncheck the box next to ‘Location’ — but given the opaqueness of the process, the potential for unintentional sharing is all too apparent.
Related: Terms & conditions: Waze is a privacy accident waiting to happen
Concededly, extensions like “Marauder’s Map” are little more than a voyeuristic curiosity — all whereabouts are approximate and reported only as messages are received — but they do illustrate the dangers of liberal sharing. After all, it’s not hard to extrapolate from big pools of data, especially location data, such things as when your friend last vacationed, or the likely home of a former romantic partner.
Services that track and share your whereabouts surreptitiously are nothing new — traffic app Waze has a particularly liberal policy that permits it to shop your information around to pretty much anyone — but they speak to a worrisome trend: sacrificing privacy for convenience. Somewhat surprisingly, many aren’t opposed to the idea — a study conducted by Accenture found that the majority of consumers in both the U.S. and UK are willing to have trusted retailers use some of their personal data in order to present personalized and targeted products, services, recommendations, and others. But the survey participants said they’d still prefer control over that data — 88 percent thought companies should give them flexibility to control how their personal information is being used.
For services like Facebook, then, transparency would be the best policy. Here’s hoping a disclaimer about location sharing accompanies the next Messenger update.
