It sounds like a sweet deal: report your location to a social network and get a coupon for discounts and prizes. The price? The possibility that advertisers and other third parties will know where you are and where you've been.
A recent survey by the Pew Center's Internet & American Life Project found that only 4 percent of Internet users have adopted location-based services, as Cecilia Kang reports on The Washington Post's Post Tech blog. That survey was conducted in August and September, before Facebook and Yelp joined Foursquare and Gowalla in offering coupons to users who check in when they visit participating establishments, which may include Starbucks, McDonald's, and other popular chains.
(Lisa Barone describes the companies' plans on the Small Business Trends blog.)
The crux of the matter for privacy advocates is that when people check in to businesses participating in social networks' coupon programs, they're trading a little of their privacy for the chance to save money. As the Electronic Privacy Information Center (EPIC) reports, third parties may have access to users' location history without the users' explicit consent.
For example, Facebook application developers are able to store their own check-in data in the Facebook Places database and retrieve information from the database. But Facebook is far from the only source of "leakage" for this location data.
EPIC cites an AT&T research paper (PDF) that found some kind of private data leaked to third parties in all 20 of the mobile online social networks studied. The services examined include Facebook, MySpace, Twitter, Flickr, Foursquare, Yelp, and Loopt. While these services may have robust privacy policies, the advertisers and developers they deal with may be less secure.
As Frederic Lardinois reported last February on the ReadWriteWeb, a site named PleaseRobMe aggregated information from several location-based services to indicate houses whose residents were away, making them easy pickings for thieves.
Keep the mobile-device trackers at bay
Services such as Foursquare, Gowalla, and Facebook Places depend on location information volunteered by their users. But the trails left by mobile phones and other location-reporting devices can also be tracked by third parties without users' consent or knowledge. A white paper released by the Electronic Frontier Foundation (EFF) in August 2009 listed transit swipe-cards, electronic tolling devices such as FastTrak and EZPass, free wireless access points, and even smart parking meters as potential tracking systems.
The EFF points out that location-based services can be deployed anonymously, although doing so would make the services more expensive to develop and deploy. But the researchers point out that anonymizing technologies wouldn't entirely prevent leakage of identifiable location information. For example, it's relatively easy to deduce the identity of users in areas with low population densities from little more than their GPS coordinates and a time of day.
Prevent Facebook friends from checking you in
Opting out of Facebook Places requires changes to several of the service's default settings. Click Account > Privacy Settings > Customize settings. Next, choose Custom in the drop-down menu next to "Places I check in to" and select your preferred setting in the "Make this visible to" drop-down menu. Disable "Include me in 'People Here Now' after I check in." In the "Things I share" section, click Edit Settings next to "People can check me in to Places" and choose Disable from the drop-down menu in the top-right corner.
Location-based services promise to make it easier to connect with family, friends, and associates and to be rewarded for being a loyal customer. But in their current form, the services make it too easy for people and organizations to access your private information without your explicit consent. While many--perhaps most--of these third parties won't misuse this information, others won't be so trustworthy.
The reality of today's Web is that the personal information we volunteer to online services will be shared for profit with unknown third parties, and the services' promises of anonymity simply cannot be guaranteed. Beware what you share!