Risk
4/3/2012
06:46 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Girls Around Me App: Not Today's Creepiest Stalker

Was the Girls Around Me app tasteless and juvenile? Of course. But we should be far more concerned about being stalked by law enforcement agencies and our cell phone companies.

10 Top iOS 5 Apps
10 Top iOS 5 Apps
(click image for larger view and for slideshow)
Over the weekend, Russian app developer i-Free withdrew its Girls Around Me app, which last week faced a chorus of criticism on various websites for being a stalking tool. It allowed a user to map the location of nearby women and glean information about them, using public Facebook and Foursquare data.

The company said it removed its app from the iTunes App Store because Foursquare, swayed by the controversy, disallowed the app's access to its geolocation API, thereby preventing the app from working properly. The app had been downloaded over 70,000 times.

I-Free defended itself in a statement provided to the Wall Street Journal. "Girls Around Me does not provide any data that is unavailable to the user when he uses his or her social network account, nor does it reveal any data that users did not share with others," the company said.

Girls Around Me might have been tasteless, juvenile, and cynical, but in that it has plenty of company. App stores are full of crassly conceived software. What it's not is creepy, a term used by Cult of Mac to describe the app.

Creepy implies intent. It would be creepy if i-Free designed its app to be used for stalking and harassment. But there isn't any evidence of that intent. Nor is there any evidence that the app has been involved in an actual case of harm.

Certainly, Girls Around Me could be used for stalking, but the same can be said of binoculars. Binoculars are a tool that might be creepy in certain people's hands. But mainly, they're just a tool with legitimate uses.

[ Read 8 Tablets Fit For Windows 8 Beta. ]

Girls Around Me also is a tool, one that aggregates and correlates public data. Its primary crime appears to have been violating Foursquare's rules on aggregating API data from multiple locations. Most Internet users have probably committed a similar website rules violation at one time or another. Just as consumers gloss over privacy policies, i-Free's developers probably didn't read Foursquare's rules very closely.

Where does all this data come from? It's made available by users of Facebook and Foursquare. The thing that's really creepy about Girls Around Me is that it reveals people's proclivity for self-harm. Internet users had privacy before they started using social networks. Now they freak out when they see what can be done with the data they have so blithely shared.

The irony of this particular controversy is that it comes amid a far creepier revelation: According to documents obtained by the ACLU, law enforcement agencies routinely track people using cell phone data, often without warrants and with the cooperation of telecommunications companies--which generate revenue from customer data by charging service fees to law enforcement. You supply the data; your phone company gets paid.

Unlike aggregating public social network data, government scrutiny of cell phone data is a potential violation of constitutionally protected rights: The limited privacy rights enshrined in the U.S. Bill of Rights concern beliefs, home privacy, protection from government searches and seizures, and protection against self-incrimination. The protection against self-incrimination might as well be scrapped if participation in modern society entails unavoidable self-surveillance.

If you want creepy, consider this passage from a collection of documents compiled to help law enforcement personnel obtain cell phone data. It was posted by privacy researcher Christopher Soghoian. Though it is unattributed, the passage also appears in a 2006 newsletter posted in April 2011, where it's credited to California Deputy Attorney General Robert Morgester.

"Cellular phones have become the virtual biographer of our daily activities," Morgester wrote. "It [sic] tracks who we talk to and where we are. It will log calls, take pictures, and keep our contact list close at hand. In short it has become an indispensable piece of evidence in a criminal investigation."

The question we should be asking is not whether Girls Around Me encourages stalking. It's whether we as users of technology can have privacy if we choose it. Or is the unwritten rule of a mobile service contract that we shall submit a full account of our activities to be documented by our virtual biographer?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
holyfire001202
50%
50%
holyfire001202,
User Rank: Apprentice
5/7/2012 | 12:51:33 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
YMOM, You're missing a piece. You stated the intent in that sentence. "...checking out a girl at a bar". His intent is to do whatever he's thinking about doing to-or for- this girl at the bar. The fact that we don't know what he's thinking makes him creepy. Now, If we saw a guy with skin problems and greasy hair missing an eye sitting at a bar having a laugh with another guy sitting next to him, he wouldn't be creepy, huh? Because all of a sudden his intent is having a good time with his friend, rather than [whatever he wanted to do] with that girl.
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
4/7/2012 | 7:27:47 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
Wait, what? Since when does creepy imply intent? A guy with skin problems and greasy hair, missing an eye, checking out a girl at a bar may well be perceived as creepy whether he intended to or not. This app is creepy whether the devs intended it to be or not. You may want to consider supporting your premises with evidence in the future, as you may find holes in your logic before they get published!
kupjones
50%
50%
kupjones,
User Rank: Apprentice
4/6/2012 | 2:07:28 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
My fear is you have this completely wrong - at least with law enforcement (in this country) we have some chance of eventually uncovering government abuse - and there are private orgs established to track this abuse. The Black Helicopters are there -- but at least we know they are there.

Contrast that against millions of free-agent abusers -- the thought is staggering. We've taken our eye off the real ball -- the fact that we are posting our lives onto a medium that is inherently not private, there for the millions to see. If this doesnt scare you, nothing will.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.