How to Stalk Someone’s Location on Facebook

Uploaded on 2015-06-08 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

acab31bb-0d3b-49ca-aa3e-55f40847f5c6-bestSizeAvailable.png

Once again, warnings are being given that Internet users may not realise just how much personal information they are sharing with others online – and this time it’s about where you spend your life working, playing and sleeping.

A newly released tool lets you easily track the movements of other Facebook users and plot them on a map, by scooping up the location data they have shared in Facebook Messenger chats.

Marauder’s Map is named after a magical chart from the Harry Potter novels that shows the location of every person in the grounds of Hogwarts School.

But the new Marauder’s Map is real, not fictional.
Initially released by Harvard College computer science student Aran Khanna as a Chrome browser extension, Marauder’s Map makes it child’s play for anybody to become a stalker – finding out a contact’s place of work, where they live, or favourite bars and hangouts. 

Marauder’s Map scrapes the location data from your Facebook Messenger page, and plots it on a map. In a blog post, Khanna describes Marauder’s Map as having “creepy potential”:

“The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.”

In one example, Khanna describes how he was able to use Marauder’s Map to determine where a casual acquaintance slept at night:

“I am in a pretty active group chat with some of my brother’s friends (who I am friends with on Facebook but don’t know too well). They are all fairly active on the chat, posting once a day or more.”

“Let’s pick on the one who goes to Stanford. By simply looking at the cluster of messages sent late at night you can tell exactly where his dorm is, and in fact approximately where his room is located in that dorm.”
  
Deeper analysis of data collected in this way begins to draw up a clear picture of people’s schedule: where they work, where they drink coffee, where they go the gym, where they sleep…

You may not have even realised that your friends’ location information was being shared in the conversations you had via Facebook Messenger, as there is no visual sign.

It’s only when you click on their speech bubble that you discover that embedded into the chat is location data, which reveals where the sender was with creepy accuracy. One issue is that you may think it’s harmless to attach your location to a single message, but – unless you remember to disable location sharing afterwards – it’s all too easy for an archive of your past locations to build up.

And, as far as I can tell, there is no way to delete the location data from past messages you have sent.
Such creepy collection and examination of location data has clear implications for not just consumers, but also businesses.
If your company is being targeted by criminals they may attempt to learn the schedules of your workers – hoping to launch man-in-the-middle attacks over unsecured WiFi in coffee shops, or determine the home addresses of senior executives. All they would need to do to begin to collect the data is start an online chat with you, perhaps posing as a potential customer or romantic interest.

The potential for abuse, whether it be by organised criminal gangs targeting an enterprise, or jealous former partners and obsessive stalkers, should be clear. Which means that consumers and businesses alike should consider disabling Facebook

Messenger’s ability to track and share your location.
 Don’t wait. Check that the phones you own, or the ones you’re responsible for protecting in your business, aren’t sharing any information, which they don’t need to – which includes, of course, their location.

Tripwire
 

« Fixing Security Holes in the Consumer Debt Market
Stegosploit Hidden Image Code is the Future of Online Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

PAX Momentum

PAX Momentum

PAX Momentum is the Mid-Atlantic’s premier startup accelerator, specializing in cyber, enterprise software, telecom, CleanTech, FinTech, InsureTech, and AI.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Emergence Insurance

Emergence Insurance

Emergence is an insurance underwriting agency, focused on providing insurance solutions to help protect businesses and families against their cyber risks.