A Chrome browser extension developed by a Harvard College computer science student allows people to pinpoint and track the location of Facebook Messenger users.
The extension – called Marauders Map after the magical chart from the Harry Potter books that reveals the location of every person within Hogwarts School – works by scooping up the location data of Facebook Messenger users and plotting it on a map.
That Facebook has that data at its disposal is probably no surprise, but the ease with which it can be extracted from the social network, and the accuracy with which it can track someone – to within just one metre – may comes as a shock.
Even developer Aran Khanna concedes that such accurate tracking is “a bit weird,” saying via Medium that:
The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.
To prove his own point, Khanna used Marauders Map to track one of his brother’s friends for a couple of weeks.
Even though he himself doesn’t know the Stanford student all that well, they are friends on Facebook, and so Khanna was able to use his target’s frequent use of the messaging service to work out his weekly routine.
Khanna was also able to determine where his casual acquaintance ended up at night, deducing not only exactly which dorm he slept in, but also which room.
Would-be stalkers will be even more overjoyed to hear that Khanna was able to collect enough location data to be able to start making predictions as to where his brother’s friend would be at any point during the week:
By gathering a couple weeks’ worth of chat data on the map and looking at the location clusters you can even figure out his weekly schedule. With this you can predict exactly which building he would be in at a given time.
In fact I found that I could infer a schedule for almost everyone in this chat as well as the other active chats I am in.
After experimenting further, Khanna soon realised that he didn’t even need to be Facebook friends to be able to track another user – simply being engaged in the same messaging thread was sufficient.
Khanna said that when he shared his findings with other people the overwhelming response was one of either surprise or disgust; everyone he spoke to was shocked at how much of their personal data was available to their friends and casual chat partners alike.
The root problem here of course is the fact that the sharing of location data is switched on by default.
Added to the fact that it is not clear that such data is being shared by Facebook Messenger – you need to click on the sent message to see it – and it is hardly surprising that many users have no idea what they are broadcasting to their friends, acquaintances and potential stalkers.
Although Marauders Map can still be added to Chrome, it is unlikely to remain functional, according to the Guardian, which reports that its API key has been revoked by Mapbox, a mapping platform from which the extension was developed.
But Khanna – who will be starting an internship at Facebook next month – has made the source code available via Github, meaning it could be picked up and modified by other developers.
So you might like to take this opportunity to disable location sharing on Facebook Messenger (you can disable it on a message by message basis but it’s tricky to always remember to do that!):
Disabling location tracking on iOS
Firstly, go to Settings, then Privacy and, finally, click on Location Services. Here you will see a list of every installed app that is capable of logging your location.
From this list, find Facebook Messenger and ensure it says ‘Never’ next to it. If it doesn’t, click on the appropriate entry and change it so it does.
It’s also worth checking all the other iOS apps listed under Location Services to see if you *really* need them to be tracking your location.
Disabling location tracking on Android
Unfortunately for Android users, Google has not provided the same per-app level of privacy control.
Instead, users are (for now at least), at the mercy of app developers and their ability to code in the means to disable location sharing.
As far as Facebook Messenger goes, this means opening the app, clicking on the Settings icon and then finding the “New messages include your location by default” field. Next to that is a checkbox – untick it.
Now may also be a good time to review other privacy and security settings associated with your Facebook account – check out our 5 tips to make your Facebook account safer.