A great many of us are active users of social media, whether it be facebook, twitter, myspace or 4square, but how many of us realise that by using services such as these can actively impair our home security?
I’m not a user of 4square, I don’t believe in its service and consider it to be, in some respects very dangerous and find updates from other users to be more than a little irritating. Quite frankly I don’t care that you’re taking a dump at Picadilly train station. However, as this service can be linked to your twitter or facebook account, not everybody who follows you may be as discerning as I am.
I don’t know just how much of the criminal population has cottoned on to social media just yet or even fully comprehends the welath of information which can be gleaned from such services but let say, for example that I am a user of twitter, 4quare and the XBox 360 live gamecard and with this in mind, consider the following scenario.
On my twitter account, lets say I am being followed by a guy called skankyjim. He’s kept himself to himeself and I’ve not noticed that he is following my updates which are public by default.
Throughout the day, my twitter account has been populated by fairly mundane tweets. A couple of jokes with collegues, maybe a retweet of the company blog and a couple of items which I have found of interest. These are of little use or interest to skankyjim though. What he is interested in is the fact that my twitter is being populated by location based services.
For anyone who doesn’t already know, location based services such as 4square work by posting where you are at any given time. This can make it easy to work out someones routine and even if protect your home address, it is not always that easy to hide it. A little bit of deduction can often reveal exactly where you live.
Each day, 4quare updates the world via twitter that I am at Huddersfield train station at 7am. An hour later, picadilly train station. Already skankyjim knows that I work in the Manchester region, probably live in Huddersfield and get the 7am train. 30 minutes after this, an update goes out that I have reached the office. At 5:30pm, another update goes out to say I am back at Picadilly station where I stop broadcasting my location.
At half past 6, an update gets sent out from my gaming platform to say that I have just logged in to my favourite game and am available online.
Skankyjim now has a large amount of information about me.
- Allowing time to get a drink when I get home, I live at most 20 minutes from the train station.
- My line of work (taken from the more innocent and mundane tweets)
- I probably live alone (Discerned from the fact I’ve no sooner got home every day than I’m logging into a game).
- I am out of the house for 12 hours a day at least.
- Some of the contents of my house. (Xbox 360, modern phone with geoip, a computer, probably a decent TV)
Couple this with last years photo of the snow outside my window, skankyjim now knows not only my routine but almost exactly where I live. From my twitter account, he also knows exactly what I look like whilst I know nothing about him.
By watching for subtle changes to the routine over the course of a few days, skankyjim can narrow down further your exact location and maybe even work out more of the contents of your house. skankyjim doesn’t need any technical expertise to find this out. He doesn’t even need a great level of intelligence. He just needs listen and the next thing you know your insurance is skyrocketing because you were careless enough to broadcast everything he needs to know about you.