Foursquare's New App Needs New Privacy Controls

In early June, the popular location based service foursquare overhauled its mobile app. As a result of these changes, users can now see all of their friends' check-ins from the last two weeks. Many users may not understand how much of their location history is visible to their friends, and even those users aware of the details have no practical way to opt out. And while forcing users to share that sensitive information might be popular with hitmen, it might not be popular with foursquare users who now broadcast location history to their friends (and maybe soon to their friends' intensely curious apps?) without expecting or intending to. Help us tell foursquare to give you the tools to control your own location history.

foursquare's new mobile app allows a user's friends to see all of her check-ins for the past two weeks, as opposed to only being able to view a few of the user's most recent check-ins. This has significant privacy implications, as historical location data reveals far more about a person than a small number of location records. Although one check-in can reveal quite a bit about what you're doing and who you're with, your location history includes patterns in your behavior that expose more than you might realize: do you check in at that coffee shop after a religious service every week, only when there's a career fair nearby, or at the same time as another person every Saturday morning? And even if foursquare has already retained historical data for internal use, exposing location history to other users is a big change.

foursquare did a great job of prominently telling users that the company had "increased the number of check-ins" that friends can see—but forgot to explain exactly what that number is. Instead, it suggested users "learn more" by reading its privacy policy, but neither that policy nor the related "privacy grid" (linked in the splash page) or "Privacy 101" pages were edited to explain exactly how many check-ins friends can see. Even the online "FAQ" section only explains "why" the change was made (because some users wanted to see this information) rather than explaining how much location history is now visible to friends. In fact, we have yet to find anything on foursquare.com at all that says how much—the two week timeframe was been reported by outside sources. Without specific information about what the app now shares, foursquare users may struggle to make informed choices about how to use the service.

Front-page billing, but the details are lacking.

foursquare also failed to give users the ability to control the visibility of their location history. At minimum, users should be given the choice to simply keep their location history hidden and retain the same level of privacy they had before—and the default option should be retaining the prior setup until users choose otherwise. But right now, foursquare does not give users a meaningful way to retain the prior limitation on location history visibility. Instead, it offers users two inadequate options: delete old check-ins individually or check in "off the grid" so that no one can ever see the check-in. Both of these options put the burden on users to monitor and groom their own location histories and hinder users who want their friends to see where they are right now. foursquare needs to replace this unwieldy suggestion with tools that enable users to control the privacy and visibility of personal information such as location history.

Finally, it remains to be seen whether these changes to location history visibility will apply not only to your friends but also to their apps. foursquare allows third party apps to access "certain personal information" (according to its privacy policy), including limited information about anyone who is a friend of the app user. In connection with its recent changes, foursquare has announced that "the Friend Tab is almost certainly going to undergo a major API refactoring" – but it's not clear what it means. We hope that foursquare will live up to its commitment that any access to location information requires specific user consent for that user's location, but it's not clear how that requirement will be implemented, and some developers are already looking for ways to access the check-in history of their users' friends. And while highly publicized cases of data misuse might get apps booted off the platform and even inspire a policy revision, foursquare itself candidly admits that not all apps follow its platform policy, making it even more important to ensure that the tools to protect user privacy are placed in the hands of the users.

There are several steps that foursquare should take to address the privacy concerns with increasing location history visibility:

• Provide all users with a more detailed explanation of the increased visibility of their location history as a result of the changes to foursquare's mobile app.
• Give users effective privacy controls that allow them to control the visibility of their location history, including the option to keep the same visibility for past check-ins as before.
• Update its privacy policy and privacy grid to explain how much location history is displayed on the new activity feed or otherwise visible to friends.
• Require that users specifically consent to sharing their location history with an app, whether they run the app themselves or their friend runs the app.

Help us let foursquare know it needs to give you control over the visibility of your location history. Send them a tweet @foursquare or @4sqSupport telling them to give you control over your location history – write your own or just retweet ours!

Chris Conley is the Technology and Civil Liberties Fellow with the ACLU of Northern California.