While PleaseRobMe (now shuttered) focused on how publicly broadcasting your location could alert criminals to an empty house nearby, ideal for burglarizing, the new site aims to raise awareness about the dangers of geo-tagged photos, specifically the ones shared from your smartphone to social networks like Twitter.
"Many people may be unaware that lots of smartphones geo-tag photos," explains security researcher Graham Cluley, who revealed the site via blog post today. The site itself quietly launched a few months ago to little fanfare.
Geotagging, the process of adding geographical information to media files like photos and videos, is a feature commonly turned on by default in many of today's smartphones, including Apple's iPhone.
That means, says Cluley, that anyone who accesses your digital photos could figure out where you were when you took the snapshot. The concern here is that that this leaves people open to being "digitally stalked." And thanks to real-time social sharing services like Twitter and Facebook, that digital stalking can now occur in real time.
I Can Stalk U: Your Twitter Photos Reveal Where You Are, Even When You Don't
Geotags and other camera-related information like device time and settings are encoded as metadata within the smartphone's picture file itself, yet are not visible to the naked eye. However, extracting the location-specific information a photo contains is not difficult to do. A plethora of tools exist that allow anyone - even those who aren't all that technically sophisticated - to quickly and easily read the geo-coordinates photos contain. For example, a Firefox Web browser plugin called Exif Viewer lets you simply right-click on a photo to reveal the location it contains, plotted on a map.
To raise awareness of this issue, one that many smartphone owners probably don't even know about, developers Ben Jackson, Larry Pesce and an independent security research team called Mayhemic Labs, created the I Can Stalk U website. The site parses the public stream of Twitter updates for photos posted by Twitter users and then, in near real time, re-posts them on the site's homepage, edited to reveal location.
"What are people really saying in their tweets?" asks the site. Instead of innocuous "twitterisms" like "Large Chocolate Milkshake" followed by a picture of what the milkshake looks like (yes, some people do tweet about what they eat!), the edited Twitter update on I Can Stalk U is changed to read "I am currently nearby..." followed by an exact location.
Twitter usernames, links to the original tweet, links to the original photo and links to a map of the location by way of Google Maps are also provided for every item posted.
Why are They Doing This?
The site's authors explain that anyone, by analyzing your photos, could find out where you live, who else lives there, your commuting patterns, where you go for lunch, who you go with and more.
But who would be interested in all this data?
The developers say "anyone" - from "a government to a nosy neighbor." That may sound a little tin foil hat to you, but there is some value in understanding the nature of geotagged and how it reveals your location when shared instantly via social networking sites. If you're a high-profile person, like a celebrity or executive, for example, you may not want this information to be public. More importantly, perhaps, if you're someone who's been stalked in the past, or have a dangerous ex-significant other of some kind, you may also need to take additional precautions.
Geo-Locational Dangers, The Flip Side of Mobile Social Networking
I Can Stalk U is hardly the first initiative to raise awareness of the potential dangers in location-based information sharing, a topic you'll likely hear more about in the coming days, thanks to Facebook's launch of "Places," a feature that lets the network's half-a-billion users share their physical location instantly with their Facebook friends.
Previous efforts in awareness-raising included the aforementioned PleaseRobMe.com, which warned users that posting their location to Twitter invited burglars to break in their unattended home, as well as the more recent research report called "Cybercasing the Joint: On the Privacy Implications of Geotagging." This latter effort found that, in scouring sites like Twitter, YouTube and Craigslist, it was easy to identify users unintentionally sharing their location. In fact, it was so easy that it could, in some cases, be automated.
Managing the privacy of your physical location is going to be a new skill set for the upcoming digital age, the era of the mobile Web. And it's one most companies, at least, are taking seriously. For example, Foursquare, the location-based game based on "checking in" to local hotpots, recently highlighted its dedication to user privacy on the eve of Facebook's launch of Places. Even Facebook, known lately for forcing publicity onto its formerly private user base, made Places "friends only" by default.
Whether or not you think that there is inherent danger in revealing your location to Twitter or Facebook is a question you'll have to answer for yourself. If you'll rather play it safe than sorry, though, I Can Stalk U provides a guide to switching off geo-tagging on four of the topmost smartphone brands: iPhone, Android, Palm and Blackberry.