Some people really just shouldn’t post.
Falling into that category, again, are members of the U.S. military who share photos of beer and digitally “check in” to their favorite watering holes via the Untappd app. By using publicly accessible data in the app — in other words, no hacking required — researchers were able to determine scores of private information about those who thought they were just sharing their latest brew.
So reports Bellingcat, a self-described “collective of researchers, investigators and citizen journalists,” which both conducted the investigation into the app and published its findings. And what findings they are. Bellingcat was able to determine where specific military personnel live, drink, and work. Its researchers also found photos of military IDs, documents, and equipment that were made public by apparent accident.
That a beer app could be such a safety risk might come as a surprise. However, as we saw with Strava’s heatmap, location data often reveals much more about us than we expect. With Untappd, users are encouraged to check in at various locations, keep track of beer they’ve tried, and share that information with other beer obsessives — all seemingly harmless enough activities.
In many cases, that information was all researchers needed.
“Examples of users that can be tracked this way include a U.S. drone pilot, along with a list of both domestic and overseas military bases he has visited, a naval officer, who checked in at the beach next to Guantanamo’s bay detention center as well as several times at the Pentagon, and a senior intelligence officer with over seven thousand check-ins, domestic and abroad,” writes the organization. “Cross-referencing these check-ins with other social media makes it easy to find these individuals’ homes.”
In other words, simply using Untappd as it is intended to be used, a bad actor would be able to invade the personal lives — and potentially determine revealing or compromising information — of member of the military.
We reached out to Untappd for comment, but received no immediate response.
It’s important to note that Untappd isn’t necessarily doing anything untoward. The app appears to be functioning in the way its creators intended. The problem, of course, is that its creators may not have realized users would post photos of literal fighter planes on a beer-rating app (they did).
While the potential risks are different for members of the military than the public at large, its important to keep in mind just how much privacy you sacrifice when you shed location data. Knowing where someone sleeps, works, shops, and visits, it’s not difficult to determine exactly who they are — and, potentially, their health, religion, and potential medical problems.
So keep this in mind the next time you consider hitting “share” on that social media post, regardless of how many beers you’ve had.