One Thursday afternoon at the office in San Francisco, a person whose face was vaguely familiar approached me (Leah) at my desk with a knowing grin.
“Awww, man! You found me,” I said with a groan. The man proceeded to tell me where I live, where I had gotten lunch earlier that day, and what I had been up to over the weekend. Even though it was approaching 6:00 p.m., which is a little later than I usually stayed at work, he knew I was still in the building. He had no keycard to access our office, yet he followed someone in, and walked around until he recognized me.
This man and I don’t communicate with each other at all. We briefly worked in the same building a few years ago, but we aren’t regular friends, and we aren’t connected on Facebook or any other social network. He doesn't have my e-mail address, and I don't have his. Yet here he was standing at my desk at work, telling me what time my plane had landed when I visited Long Beach on a recent weekend.
How on earth was he able to find out so much about me? He simply used a few commonly available mobile and social apps and the social networks and services where I had signed up and left various bits of personal information and had used only the default privacy settings.
The TMI culture
Most of us are guilty of oversharing, and the social platforms we love and use on a regular basis make it so easy to do so—the "too much information" culture being one result. But one problem that many social users still don’t understand is how important it is to pay attention to privacy settings. Today’s mobile and social platforms make it possible to walk right up to the line of privacy invasion, and if you’re not careful, anyone could find out pretty much anything they want about you.
The "strange man" who approached my desk was one of two freelancers TechHive had hired to "stalk" me. Giving them only my first and last name and personal email address (which they could easily have found out on their own, as it’s publicly listed), we at TechHive asked freelancers Chris Holt and Sam Felsing to find out as much about me as they possibly could.
Here’s what they found, in their own words.
Stalker #1: Chris Holt, Social Detective
“Phil Michaels knocked on my door on a Friday. Chomping a cigar, the seasoned editor threw a file on my desk. ‘Holt, we got a job for you.’ I pushed back my fedora and told him that I had quit the force, but he told me that this would be worth my time.
"I looked at the file. It was a tail job, but with an interesting twist: I had to track the subject using only social networks—with her account on all of them set to default privacy settings. I laughed. This would be like doing a stakeout with the blinds open. I took the case, grateful for the easy money.
"The first thing I did was search for the subject on Facebook. She was easy to find, with a unique last name, but I could have found Joe Anybody just as easily if I had their e-mail address. I now knew what she looked like and could access the 40 or so profile photos she had saved. I also knew basic info like her job (assistant editor), her favorite bands (No Doubt, Saves the Day), and her work experience (PC World intern, Urban Outfitters sales associate).
"With Google+, I got her education (NYU) and the places she's lived. I could also check out her photos and any posts she's had, though both at this point are empty. If she posted here more often than on Facebook, I'd imagine I'd have similar info.
"Since her Foursquare account was linked to her Facebook account, I knew some of her movements. The assignment was requiring less and less legwork for this gumshoe. The subject checked in at the Oakland Airport and declared on Facebook her intention to travel to Long Beach for the weekend, so I knew exactly where she was going to be. Unfortunately, this also meant she was out of range for People Around You and Highlight, two apps designed for close-range meeting up/stalking.
"So I settled in the office for a long night with my partner: a tall bottle of Jameson. I was quickly gaining more information for my growing dossier. I turned to Twitter to learn whatever treatises she could express in 140 characters or less, and to my surprise I simply had to search for her full name to gain access to her running life diary. By Friday afternoon I had a running commentary on her likes, plans, and opinions in addition to her whereabouts and basic information. Plus, a slight buzz.
"I wracked my brain trying to guess her Instagram account—with no success, until, on Saturday, unshaven and feverish, I followed a hunch: I checked some of her Twitter images, and sure enough, they included the name of her Instagram account. Now I had a full range of pictures that showed me what exactly she was doing. The game was afoot.
"When she went to the FYF Fest in L.A. on Saturday, she checked in with Foursquare and took a picture. Based on the photo, I could probably have figured out where she was within 10 feet—this, in a crowd of thousands. With her friends tagged, it was even easier. Who needed binoculars? This stakeout was cake.
"Because it was the Labor Day weekend, I figured that she would fly back on Sunday night. If I had wanted to, I could probably have looked up flights and known within a 3-to-4-hour window when she was arriving. But she never checked in at an airport, so I had to wait until she resurfaced on social media to know her whereabouts.
"I didn't have to wait long. On Tuesday morning, I had shaved and sobered up, and she had checked in at her favorite breakfast place in the Upper Haight on the way to work. Looking at the Foursquare map on her Facebook profile, I realized that the places where she had the highest concentration of check-ins was her place of work (in SoMa—south of Market) and home. She checked in at the same breakfast places and coffee shops (such as Peet's on 2nd) near her work on a regular basis. I also knew what her favorite lunch places were (Small Foods) and where her gym was (Crunch on New Montgomery). From this, it was easy to determine not only her neighborhood and work, but also her routes to and from these places, and her hours.
"The last part of my assignment was to physically find her, and I had to decide between her work and her home. Either way, I just had to keep my People Around Me and Highlight apps open, and I could drive within a radius of a few blocks and be alerted to her presence. I ultimately decided that her check-in patterns were more consistent near her work, so I'd start there. I drove to that neighborhood, and within three blocks, Highlight alerted me to which block the subject was on. (People Around Me was supposed to do something similar but kept crashing.)
"Making my way into her office, I confronted the subject and gave her the rundown, the whole yarn: where she was this weekend, what she was doing, who she was with, and other details: her favorite places to go after work, her hours, her gym. I knew it all. I could tell her within a three-block radius where she was for some 18 to 20 of the hours of the day.
"The truth of the matter was, Phil Michaels didn't need the services of Chris Holt, private detective. He could have gone with someone far less dashing. And honestly, anyone could have done what I did to learn about the subject. Aside from credit card and social security numbers, there was nothing that was unavailable to me... and that's frightening. I told Michaels that he didn't need to hire a detective to search someone on social media next time—he might as well ask to search the pockets of a naked person.
"And that's when he kicked me out of the office.”