Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/3/2012
06:46 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Girls Around Me App: Not Today's Creepiest Stalker

Was the Girls Around Me app tasteless and juvenile? Of course. But we should be far more concerned about being stalked by law enforcement agencies and our cell phone companies.

10 Top iOS 5 Apps
10 Top iOS 5 Apps
(click image for larger view and for slideshow)
Over the weekend, Russian app developer i-Free withdrew its Girls Around Me app, which last week faced a chorus of criticism on various websites for being a stalking tool. It allowed a user to map the location of nearby women and glean information about them, using public Facebook and Foursquare data.

The company said it removed its app from the iTunes App Store because Foursquare, swayed by the controversy, disallowed the app's access to its geolocation API, thereby preventing the app from working properly. The app had been downloaded over 70,000 times.

I-Free defended itself in a statement provided to the Wall Street Journal. "Girls Around Me does not provide any data that is unavailable to the user when he uses his or her social network account, nor does it reveal any data that users did not share with others," the company said.

Girls Around Me might have been tasteless, juvenile, and cynical, but in that it has plenty of company. App stores are full of crassly conceived software. What it's not is creepy, a term used by Cult of Mac to describe the app.

Creepy implies intent. It would be creepy if i-Free designed its app to be used for stalking and harassment. But there isn't any evidence of that intent. Nor is there any evidence that the app has been involved in an actual case of harm.

Certainly, Girls Around Me could be used for stalking, but the same can be said of binoculars. Binoculars are a tool that might be creepy in certain people's hands. But mainly, they're just a tool with legitimate uses.

[ Read 8 Tablets Fit For Windows 8 Beta. ]

Girls Around Me also is a tool, one that aggregates and correlates public data. Its primary crime appears to have been violating Foursquare's rules on aggregating API data from multiple locations. Most Internet users have probably committed a similar website rules violation at one time or another. Just as consumers gloss over privacy policies, i-Free's developers probably didn't read Foursquare's rules very closely.

Where does all this data come from? It's made available by users of Facebook and Foursquare. The thing that's really creepy about Girls Around Me is that it reveals people's proclivity for self-harm. Internet users had privacy before they started using social networks. Now they freak out when they see what can be done with the data they have so blithely shared.

The irony of this particular controversy is that it comes amid a far creepier revelation: According to documents obtained by the ACLU, law enforcement agencies routinely track people using cell phone data, often without warrants and with the cooperation of telecommunications companies--which generate revenue from customer data by charging service fees to law enforcement. You supply the data; your phone company gets paid.

Unlike aggregating public social network data, government scrutiny of cell phone data is a potential violation of constitutionally protected rights: The limited privacy rights enshrined in the U.S. Bill of Rights concern beliefs, home privacy, protection from government searches and seizures, and protection against self-incrimination. The protection against self-incrimination might as well be scrapped if participation in modern society entails unavoidable self-surveillance.

If you want creepy, consider this passage from a collection of documents compiled to help law enforcement personnel obtain cell phone data. It was posted by privacy researcher Christopher Soghoian. Though it is unattributed, the passage also appears in a 2006 newsletter posted in April 2011, where it's credited to California Deputy Attorney General Robert Morgester.

"Cellular phones have become the virtual biographer of our daily activities," Morgester wrote. "It [sic] tracks who we talk to and where we are. It will log calls, take pictures, and keep our contact list close at hand. In short it has become an indispensable piece of evidence in a criminal investigation."

The question we should be asking is not whether Girls Around Me encourages stalking. It's whether we as users of technology can have privacy if we choose it. Or is the unwritten rule of a mobile service contract that we shall submit a full account of our activities to be documented by our virtual biographer?

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
kupjones
50%
50%
kupjones,
User Rank: Apprentice
4/6/2012 | 2:07:28 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
My fear is you have this completely wrong - at least with law enforcement (in this country) we have some chance of eventually uncovering government abuse - and there are private orgs established to track this abuse. The Black Helicopters are there -- but at least we know they are there.

Contrast that against millions of free-agent abusers -- the thought is staggering. We've taken our eye off the real ball -- the fact that we are posting our lives onto a medium that is inherently not private, there for the millions to see. If this doesnt scare you, nothing will.
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
4/7/2012 | 7:27:47 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
Wait, what? Since when does creepy imply intent? A guy with skin problems and greasy hair, missing an eye, checking out a girl at a bar may well be perceived as creepy whether he intended to or not. This app is creepy whether the devs intended it to be or not. You may want to consider supporting your premises with evidence in the future, as you may find holes in your logic before they get published!
holyfire001202
50%
50%
holyfire001202,
User Rank: Apprentice
5/7/2012 | 12:51:33 PM
re: Girls Around Me App: Not Today's Creepiest Stalker
YMOM, You're missing a piece. You stated the intent in that sentence. "...checking out a girl at a bar". His intent is to do whatever he's thinking about doing to-or for- this girl at the bar. The fact that we don't know what he's thinking makes him creepy. Now, If we saw a guy with skin problems and greasy hair missing an eye sitting at a bar having a laugh with another guy sitting next to him, he wouldn't be creepy, huh? Because all of a sudden his intent is having a good time with his friend, rather than [whatever he wanted to do] with that girl.
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17424
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.