How to Stalk Someone’s Location on Facebook

acab31bb-0d3b-49ca-aa3e-55f40847f5c6-bestSizeAvailable.png

Once again, warnings are being given that Internet users may not realise just how much personal information they are sharing with others online – and this time it’s about where you spend your life working, playing and sleeping.

A newly released tool lets you easily track the movements of other Facebook users and plot them on a map, by scooping up the location data they have shared in Facebook Messenger chats.

Marauder’s Map is named after a magical chart from the Harry Potter novels that shows the location of every person in the grounds of Hogwarts School.

But the new Marauder’s Map is real, not fictional.
Initially released by Harvard College computer science student Aran Khanna as a Chrome browser extension, Marauder’s Map makes it child’s play for anybody to become a stalker – finding out a contact’s place of work, where they live, or favourite bars and hangouts. 

Marauder’s Map scrapes the location data from your Facebook Messenger page, and plots it on a map. In a blog post, Khanna describes Marauder’s Map as having “creepy potential”:

“The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.”

In one example, Khanna describes how he was able to use Marauder’s Map to determine where a casual acquaintance slept at night:

“I am in a pretty active group chat with some of my brother’s friends (who I am friends with on Facebook but don’t know too well). They are all fairly active on the chat, posting once a day or more.”

“Let’s pick on the one who goes to Stanford. By simply looking at the cluster of messages sent late at night you can tell exactly where his dorm is, and in fact approximately where his room is located in that dorm.”
  
Deeper analysis of data collected in this way begins to draw up a clear picture of people’s schedule: where they work, where they drink coffee, where they go the gym, where they sleep…

You may not have even realised that your friends’ location information was being shared in the conversations you had via Facebook Messenger, as there is no visual sign.

It’s only when you click on their speech bubble that you discover that embedded into the chat is location data, which reveals where the sender was with creepy accuracy. One issue is that you may think it’s harmless to attach your location to a single message, but – unless you remember to disable location sharing afterwards – it’s all too easy for an archive of your past locations to build up.

And, as far as I can tell, there is no way to delete the location data from past messages you have sent.
Such creepy collection and examination of location data has clear implications for not just consumers, but also businesses.
If your company is being targeted by criminals they may attempt to learn the schedules of your workers – hoping to launch man-in-the-middle attacks over unsecured WiFi in coffee shops, or determine the home addresses of senior executives. All they would need to do to begin to collect the data is start an online chat with you, perhaps posing as a potential customer or romantic interest.

The potential for abuse, whether it be by organised criminal gangs targeting an enterprise, or jealous former partners and obsessive stalkers, should be clear. Which means that consumers and businesses alike should consider disabling Facebook

Messenger’s ability to track and share your location.
 Don’t wait. Check that the phones you own, or the ones you’re responsible for protecting in your business, aren’t sharing any information, which they don’t need to – which includes, of course, their location.

Tripwire
 

« Fixing Security Holes in the Consumer Debt Market
Stegosploit Hidden Image Code is the Future of Online Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.