How web detectives find out where you live
An explosion of people checking into social networks is being exploited by mobile application makers and private detectives, who say they can use people's online chatter and photos to track them and find out where they live.
In March, Apple stopped downloads of a "stalker" mobile application that told men where women around them were "hanging out", using only publicly available information from social networks.
But other readily available apps can do the same and more, say online investigators who use them.
When a person uses a mobile phone to post a tweet on Twitter or upload a photo to the image-hosting website Flickr, sometimes so-called geolocation data can be found lurking underneath the tweet or photo. This can be used to track down their local haunts, including their home or where they study.
"It is quite easy sometimes to work out which house a tweet is coming from," said Neil Smith, a former police officer turned online researcher in Britain.
Geolocation research is a fast evolving area as most applications are built on the back of freely available open-source software.
One of Smith's favourite applications was developed by 27-year-old Greek IT engineer Ioannis Kakavas, who aptly called his invention Creepy.
The free app collates geolocation data attached to a person's tweets and pictures to figure out where they might work, said Smith, who says he uses it to track down perpetrators of insurance fraud for corporate clients.
Police officers in Vancouver, Canada and in Arizona and Colorado in the United States also say they have used Creepy in their investigations.
Some of these websites allow users to disable geolocation, but those like Foursquare and Gowalla depend on it. Twitter users can choose to enable it when they join and Facebook says it strips off the location data on photos.
Smith, who says he has recently been hired by journalists who want to use geolocation data in their research, says his work is for "honourable, legal purposes".
But Smith and other professional snoops admit that many people oblivious to geolocation data can find themselves unwittingly exposed.
"Teenage girls are taking pictures of themselves unclothed and then sending them to their boyfriends," said Chris Hadnagy, a security expert and owner of social-engineer.com, a service which shows companies how vulnerable they might be to hacking.
"These photos may contain the location of where the photo was taken."
Regulators in the United States and the European Union have come out in force for new ways to protect people's privacy online, but geolocation data on social networks seems to be at anyone's fingertips without breaking the law.
"We have geolocation information that the users knowingly and deliberately make public," said Kakavas, who says he developed Creepy to show people how easy it can be for prying eyes to scrutinize their private lives.
But Smith cautioned: "If you don't care about your own security then don't be surprised by tools like Creepy which can harvest that information."
US and EU regulators agree that people using the Internet should have the choice to stop websites from gathering their data to send them targeted ads.
To meet these demands advertising firms, web publishers and privacy experts have been meeting under the banner of the World Wide Web Consortium (W3C) to write an updated version of "Do Not Track", a tool users can install on their browser to stop online marketing companies from gathering their web browsing history.
But geolocation is more difficult to deal with.
"Because where someone is located may affect how they are treated under law, we cannot bar all geolocation," said Aleecia McDonald from the open source browser company Mozilla Firefox, a member of the W3C.
"However, we are agreed that very precise geolocation ... which gets down to about a dozen households, is not in keeping with the spirit of Do Not Track."