Hacker News new | past | comments | ask | show | jobs | submit login
The Foursquare of today is a location data giant (wired.com)
183 points by AznHisoka 17 days ago | hide | past | web | favorite | 68 comments



> Foursquare knows where they are in real time, because it powers many widely used apps, from Twitter, to Uber, to TripAdvisor, to AccuWeather.

Holy crap, does Foursquare get your Uber location data and associate it with other services like Twitter?

This is starting to sound like a mini-Facebook. Call me cynical but I bet the only reason Crowley is even talking about this now is because they're trying to get ahead of the reckoning that's coming to Facebook for these kinds of data practices. He's positioning 4square as all innocent "hey we dunno if this is cool or creepy, let's ask people.." But is he really? Or is it an effort to appear like they are being transparent? If they really cared they would make it clear what they know about you. But you can bet they won't because nobody wants Foursquare tracking your Uber destinations and associating it with your Twitter profile or anything else.


No. Uber gets location data FROM Foursquare.

EDIT: That is, the API call doesn't include info about the individual. Foursquare wouldn't know who the individual is for whom the request was made. Except, perhaps, in rare circumstances where they tried correlating them, themselves. Even then, Uber mostly uses it not to understand where a user is but rather the types of locations at a given address.


> No. Uber gets location data FROM Foursquare.

This doesn't make sense and contradicts the article. Don't apps have to send coordinates to Foursquare to get location names? Foursquare then holds onto that data and tracks you. Perhaps also matching it to other services with a unified ID.

Update to your edit: The article strongly implies that Foursquare has figured out how to associate location data from multiple services into a single view. Apps that use Foursquare are feeding Foursquare very detailed location data about you, even if they're only using it to look up location names. It means Foursquare is getting all your Uber destinations and all your geotagged social media posts. The article literally describes how they've taken this data and turned you into a "card" that tracks your ID across services:

He taps on one profile, called “Harry,” and a pie chart pops up that details the habits of the real person associated with that advertising ID. “Harry spends a lot of time in Midtown, sometimes goes to parks, and rides the subway,” Crowley says, looking over the data Foursquare has assembled from the person’s use of popular apps and geotagging services.


If you're just using the Foursquare API, they don't. The search API call doesn't require anything more than Lat and Long: https://developer.foursquare.com/docs/api/venues/search

However, they also have their Pilgrim SDK, which you incorporate into your app to have constant, passive location data available:

> Welcome to the Pilgrim SDK—the always on, passive location detection engine by Foursquare. The Pilgrim SDK provides contextual awareness to mobile applications and connected devices to understand where and how your users are moving through the real world.

> By default, Pilgrim SDK runs in the background and pushes you visits when it detects a stop.

My guess is that the Pilgrim SDK includes the device Advertising ID in the data it sends back to Foursquare to implement this.


> The search API call doesn't require anything more than Lat and Long: https://developer.foursquare.com/docs/api/venues/search

That Lat+Long, the implied time of the venue search call, and some type of disambiguation user id is all you'd need to start building a location history for someone.


A reasonably dense geo, timestamp and IP address event stream over time (ie. Multiple apps sending over time reasonably frequently) should have sufficient information to associate ids. However most ad tech companies including I believe Google and FB are very leery of doing this "Harry" type of stunt and arrange data pipelines in a way that this cannot be done at any aggregation less than a few hundred IDs and export anything beyond segment data to prevent re-identification. I'm very surprised these people are touting it


> However most ad tech companies including I believe Google and FB are very leery of doing this "Harry" type of stunt and arrange data pipelines in a way that this cannot be done at any aggregation less than a few hundred IDs

I would be interested to see any sources about this (I’m not questioning what is said in the comment, just genuinely curious about this topic)


Various apps use Foursquare's API to query what is at a specific coordinate. Foursquare knows what queries were made by a unique device. That's it. Not sure why this is so controversial.


Right? All they’d know about you is your home address, where you take Ubers to/from, where you like to eat, shop, places you post from, your habits over time, and anything else they could correlate across the myriad apps that send your precise, unique location to them. NBD.


This is why "home" is a few blocks away from home in my Uber profile and why I allow it location services only when the app is running.


Everybody should do this as standard, and it should be in all the 'howto guides'!


how would they know anything about my unique device if an app is just using their API? unless the API requires 'unique device id'? Or are they embedding a foursquare sdk, which grabs that info on API calls?


> in rare circumstances where they tried correlating them

That is definitely not a rare circumstance. I would be shocked if any data company at reasonable scale was not actively doing that.


Foursquare was the best data provider for casual geolocation analysis + visualization and POI data (here's a scraper I had written for it: https://github.com/minimaxir/foursquare-venue-scraper), until a April 2018 change neutered both the amount of returned metadata for Personal API clients and the rate limits for those clients. (endpoint documentation: https://developer.foursquare.com/docs/api/endpoints)

It's disappointing, and this article is a reminder I need to add a depreciation notice to that repo.


It's very disappointing. I wrote a fun app for my friends which would find the nearest bar serving picklebacks in New York City on top of Foursquare. These API changes effectively killed it.

This is the same company that regularly hosts hackathons and talks about wanting "to inspire young developers to dream up the next generation of amazing products and services, and provide them with the tools to make them a reality."[1]

How about if you want to do that, don't take your users data and hold it hostage to developers who want to provide them a free service?

[1] https://medium.com/foursquare-direct/foursquare-x-la-hacks-g...


Have you considered using the Facebook Places API? https://developers.facebook.com/docs/places/


Facebook Places is good, but don't be any more reliant on it than Foursquare - they deprecate APIs without warning too. I run a local news site and made heavy use of their Events API (public events indexable by Google and visible without signing in to Facebook available to anyone with a browser even today) until they unceremoniously ripped it away without providing any advance notification, a deprecation warning, or even any reason as to why it's gone.

I still use the Facebook Places API but I have no doubt it too will disappear without any warning.


This hypertrending feature is very similar to how Google Maps tracks traffic. Everyone using Google Maps is constantly uploading position information which makes it possible for Google to infer traffic jams, among other things.

Of course, Google has a more plausible argument that it's users have opted in even if very few realize their anonymized and aggregated position information is being broadcast to the world.


> Everyone using Google Maps is constantly uploading position information which makes it possible for Google to infer traffic jams, among other things.

That's the kind of data collection I can get behind, because it actually provides direct value to the users providing the data that can only be had through aggregation (though I would hope that we'll someday have a regulatory framework that requires it be thoroughly anonymized).

Targeted advertising and retail foot-traffic analytics for hedge funds, not so much.


Everyone using Google Maps is constantly uploading position information which makes it possible for Google to infer traffic jams, among other things.

Except that Apple manages to do it without violating anyone's privacy. It was detailed in a recent WWDC.

If I remember correctly, instead of tracking a person throughout their journey or the day and using "traffic monitoring" as an excuse, Apple takes anonymized snippets of journeys (around a mile or less IIRC), and uses those.

It seems to me that any company not doing the same is just profiling its users for profit.


The foursquare app is literally called "Swarm" - it shows in the app how many people are actively checked into which venue, and the most busy hours of the day.

I'm so confused by people's response here. It's a location tracking app. I've been using Swarm for almost 10 years for this exact purpose.


> I'm so confused by people's response here. It's a location tracking app.

My problem is that Foursquare (the company, not the apps) is using location data of people who aren't using location-tracking apps and who haven't given consent to have their location tracked.


It's more than that. The article implies that Foursquare is sourcing data from a variety of apps, including apps that are associated with your real world identity and preferences and lifestyle activities, which increases the opportunity for privacy invasions.

For comparison when Apple Maps shares your position information it is a strictly anonymous session ID that is not associated with your Apple ID and is regularly discarded.[1]

[1] https://www.apple.com/privacy/approach-to-privacy/


Is that really accurate? iOS comes out of the box with "improve Apple Maps" enabled, which collects location data and associates it with your Apple ID and your registered address. They do this even if you've literally never launched their terrible, useless map application that nobody likes. Always seemed pretty underhanded.


> collects location data and associates it with your Apple ID

What is your source?


That's what it says it does under the control to turn it off in the settings.


That’s a pretty disingenuous reading. It says “Apple will only retain the resulting coordinates in an anonymous form to improve Maps and other Apple location-based products and services.”


> it's users have opted in even if very few realize their anonymized and aggregated position information is being broadcast to the world.

If users don't realize that, then they cannot have given real consent. Real consent requires that you know what you're consenting to.


This sort of spying is one of the reasons why my mistrust of apps, companies, and smartphones keeps growing.


I've come to the realization that any app I use unless I'm paying for it directly or lightly indirectly, is sending home as much data as it can about me.


I've never understood this idea. You might pay for AppX but if they use data provided from LibraryY, nothing outside the privacy policy and license agreement gives you any idea (much less control) Iver what LibraryY does, regardless how much you paid for AppX. Paying isn't enough, you must read and understand these agreements enough to know that most of the time "we partner with certain 3rd parties and your usage of those third party libraries are governed by their license agreement and privacy policies" type wording is all you get besides a big old middle finger.


> unless I'm paying for it directly

The tendency is that apps are doing this even when you're paying for them directly.


So a few weeks ago this article circulated here: https://digiday.com/marketing/confessions-location-data-exec...

How does that reconcile with usefulness of the data Foursquare collects? Wouldn't that mean that Foursquare location data comes from a very limited subset of mobile users? I feel like I am missing something.


One trend I've noticed working with Foursquare data is that since anyone can add POI, there are a lot of garbage POIs. A simple filter on the number of check-ins alleviated that issue, but the new API no longer exposes that to anyone besides Enterprise users.


Wouldn't that mean that Foursquare location data comes from a very limited subset of mobile users?

Data companies exist to combine information from multiple limited subsets of users in order to create large datasets of all users that they can then sell.


We've heard this many times before, but to what end? What does any of this mean in practical terms? What's going to happen? I might be wrong, but nobody I know actually uses Foursquare, and I'm not sure that it offers any tangible value. It seems more people are realizing that location data is a liability these days, and Apple is demanding greater protection for customer data. [1] https://news.ycombinator.com/item?id=14052444 [2] https://news.ycombinator.com/item?id=10904494 [3] https://www.wired.com/2016/01/foursquares-plan-to-use-your-d...


“I don't know how people will react to seeing a heat map in real time of where all the phones are. I can imagine some people would be like, ‘That's the coolest thing!’ And I can imagine some people would be like, ‘That's the creepiest thing!’”

I don’t think I know anyone that would find that the coolest thing ever. maybe the companies that buy the data, sure.


I think it's cool. I don't care that Foursquare has my location. And I continue to use Swarm because I want a record of where I've been and where I want to go.

After watching Long Shot on Netflix, sometimes I'm sort of glad I (and a few other companies) have a corroborated log of where I've been at specific times.


It's cool until a religious politician takes power and slowly starts stacking things against people from other religions and atheists. Your data reveals that you attend the wrong religious building or no building at all. A few years later you get a free train trip to a fun re-education camp.


Or an atheist government uses it to re-educate religious people?


That's fine when it is under your control. But, it isn't. And companies are using it for their benefit, and will avoid your defense, short of a court order.


Of course it’s not under my control, it’s on their servers. I don’t mind that they build a location API with the data. Why should this bother me?


If you think location is the only thing these companies are collecting, you're mistaken. The data is sold to unknown third parties and freely given to dangerous governments. There are any number of bad outcomes possible, though I admit many are not likely.

The point is that these folks are not on your team, will never be, and are potentially malicious to you and your family. Why support them?


I just watched long shot to understand your comment :) in the Netherlands


It was the coolest thing in the world when Foursquare first launched at SXSW years and years ago. You could see local checkins per-venue somehow so that you could find, or avoid, hot popular places. I'm glad to see they've gotten back to those roots — but I'm also glad I deleted my data when they turned into a data marketer.


> but I'm also glad I deleted my data when they turned into a data marketer.

Thanks, I needed a laugh today.


At what?


Shameless self-promotion, but I made this piece of art out of mobile data to ask that same question: http://bit.ly/gpsgenart

The image on the gallery site seems to be a photo of a print so here's a higher quality version and a few related images (gallery contract requires the watermarks):

http://bit.ly/2H8N9K4

http://bit.ly/2CauAB5

http://bit.ly/2UsSleJ

http://bit.ly/2EZd709


Honest question: if the source of the data was anonymous (as in gdpr anonymous, not “we use UUID instead of your name + SSN” anonymous) would you find it cooler? Because we have the tech, but struggling to properly monetize. Throwaway bc not sure if boss is OK with disclosure


The problem is that given enough data, you can infer the identity of a what would otherwise be an anonymous driver. If you could track an anonymous data point (person) for multiple days, you could find out where the location data was confined to for the longest times (home and work), etc.


Yeah, that's the problem we solved. there are a few caveats, but it's precisely why we don't consider UUIDs anonymous


How have you solved it? If you really have, then you're in a position to clean up, since nobody else has managed to crack that nut.

Your mention of "gdpr anonymous" doesn't really give much reassurance, as you can be GDPR compliant but still expose your users to de-anonymization.


If I’m not being paid cash for my location data, I’m not going to be excited to help Foursquare collect it, whether it's anonymous or not. Paying me in contextually-relevant advertisements and recommendations (cough exposure) will never be enough.


Would you do it for 10 bucks a year?

The companies make money because they have data for a lot of people, your individual location is not worth a lot as a result.


No. The flat rate forces them to pay me when they don’t earn revenue and screws me when they earn too much revenue. The content publication industry worked out residuals years ago. They’ll need to do the same to earn my trust, and thus my location data.



Yes I would. if you offer that to everyone, I doubt you would be profitable though.


As another person said, if Foursquare isn’t paying me, I would never find it cool. I am not impressed by data hoarding and creating cool visualizations to distract from foursquare’s true motive: money.


> if the source of the data was anonymous (as in gdpr anonymous, not “we use UUID instead of your name + SSN” anonymous) would you find it cooler?

I wouldn't, unless I could be convinced that the data was actually anonymized -- and considering that effective anonymization is actually a really hard problem to solve, that's a very high bar.

Not to mention that in the end, I'd have to take the company's word for it, which requires a high degree of trust to begin with.


So should I delete the app from my phone?


I don't think that would help much. If I understand what they're saying, they're getting your location from lots of other apps and sources as well.


Ah, so delete all the apps from my phone.


You can make sure none of your apps have the Location permission turned on.

It won't prevent those apps from using IP address for approximate location, but it would definitely reduce the accuracy.


Yes. Foursquare sells your location data to other companies. These companies then know: Where you live, where you work, how you commute, if you use drugs, if you drink a lot, if you are gay, if you are religious, your favorite food, an estimate of your income, if you work out, ... Depending on the company and jurisdiction, they can then use this data to decline you their service or place you inside an advertisement bubble.

Edit: I do not understand the downvotes on this. You could help me form a better view on this, by replying or stating what is wrong. I am talking Enterprise Access to Foursquare data.


> If you use drugs

> If you are gay/religious

Uh, neither of these can be inferred definitively from location data.


You do not need 100% accuracy.

Easy data mining: "Religious center" is a top-level category. "Religious school" is a type of "School". "Marijuana Dispensary" is a type of "Shop & Service". "Gay Bar" is a type of "Bar".

More evolved: Find location patterns that correlate with known gay or religious people (for instance by cross-referencing data sources).

https://developer.foursquare.com/docs/resources/categories


Isn’t foursquare an app people used, like, 10 years ago? Ever seen anyone using it? Do they have a business model?


I believe that the article itself answers all these questions.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: