by Tom Eston, SecureState - Facebook recently released a new feature called "Places" which aims to tap into the growing location based services market made popular by other social networks like FourSquare and Gowalla. Facebook Places allows you to "check-in" to a location with your mobile device. You can check-in with the official Facebook application for the iPhone or Android or you can use the Facebook mobile site: touch.facebook.com. You can use touch.facebook.com if you have a location aware web browser such as Firefox, Opera or Chrome. In this post we will explore what Facebook Places is, how businesses are going to use it, the privacy and security concerns, and how one can fake a location check-in with a few easy steps.
How Does Facebook Places Work?
When you check-in with Facebook Places your location is shown as a status update in your profile feed so your friends can see where you are. You can also "tag" your friends who might be at the same location as you. The key word is "might." Your friends don't necessarily have to be physically at the same location as you.
For example, if you were at the Monroeville Zombie Museum with a few of your Zombie loving friends, why not check them in with you? This is what Facebook calls "tagging" your friends. If you haven't noticed, there is a privacy flaw here in which you can tag your friends if they haven't disabled or "opted out" of the Places service yet. The friends you tag will still show up as a status update on your profile feed. This could be fun, especially if you allow "Everyone" to view your updates.
Using Geolocation for Business Promotions
It should be no surprise that with the recent popularity of location based services businesses are beginning to use them for advertising and promotions as well as unique ways to generate revenue. This concept isn't new. Businesses have been using FourSquare to promote check-ins and virtual mayorships at businesses including coffee shops, restaurants, and anywhere else with a physical address. Most of these include getting free products, coupons, and other promotional items. For example, if I am the person who checks-in to a location most often in a set period, I might win a free coffee or half off my pizza.
Privacy and Security Concerns
Over the past year, researchers have already been discussing the privacy and security implications of using location based services. For example, you might remember PleaseRobMe.com where tweets from Twitter that contained geo-tags were changed to read that the user was "not at home." In a more recent example the website ICanStalkU.com displays maps and location coordinates from the metadata found in photos uploaded and automatically tweeted by services like TwitPic. As the authors of ICanStalkU.com have noted, many people who upload pictures to services like these have no idea that geo-tagging is enabled by default on most mobile devices. The thing to remember is that you have control of your location and what information you share with social networks! If you want to know how to configure your Facebook privacy settings for "Places," check out this article over at ReadWriteWeb. Or better yet, download the updated version of my Facebook Privacy & Security Guide which now includes information on Facebook Places.
Hacking Your Location for Fun and Profit
How can you easily manipulate Facebook Places so we can get free drinks, swag, and other fun items? This is actually quite easy. A researcher recently posted a simple Perl script to automatically check you in to locations on FourSquare. This concept could also be carried over to Facebook Places with a bit more complex code. But what if you don't want to mess with scripting languages or other technical tricks? Here are three quick and easy methods to spoof your location using Facebook Places through your mobile phone or a geo-aware web browser.