Marauders Map Chrome App Tells You The Exact Location Of Facebook Messenger Users

A Chrome browser extension has been created that allows users to find out the exact location of their Facebook Messenger contacts to within a meter. 

The app has been named Marauders Map after a map in the Harry Potter books and films that could display the name and location of everyone inside a building. The extension was created by Aran Khanna, a computer science and mathematics student at Harvard. 

Facebook’s default location settings can be toggled on the iOS and Android Facebook Messenger app but have to be manually turned off. Using these, the extension can find and display latitude and longitude settings using GPS functionality. Khanna realised that the coordinates are accurate to five decimal places, meaning that he could locate a friend’s college dormitory but go further to locate the room. 

Time stamps are also included in the JavaScript location data, meaning that movements can be tracked over the course of minutes or hours and can even go back years. The location history of an individual can be viewed back until the first time they engaged in messaging on Facebook. In addition, someone using the Marauders Map extension doesn’t even need to be friends with another Facebook user in order to view their current location or location history, they just need to be part of the same group message.  

Khanna had written on Medium that he was surprised that more people hadn’t turned off location settings, although the steps that need to be taken aren’t made clear to people using Facebook’s messenger app. He also said that everyone he has shown the app to has expressed emotions from surprised to appalled that both friends and strangers might be able to get their hands on this data which is available online. He says that every time someone turns on their phone and sends a message it’s easy to forget that your location is attached to it. Also, it seems harmless to send one message with a location attached, but over the course of many messages the data can add up. 

The Marauders Map was originally developed using a mapping platform called Mapbox. However, the extension became so popular that Facebook asked Khanna to remove the Mapbox API needed for it to work, so the version no longer functions. However, the code is still available on open source site Github which allows others to create their own versions of the extension. Facebook has not yet issued a statement but it is working on a fix that will disable the tracking extension. 

On Android, Facebook Messenger tracks and sends your location in chats by default, although it only tracks you when you have the app open and you’re in a conversation thread. Users of the Facebook Messenger app on Android can tap the compass icon above the Like button to disable location services for individual conversations, while iOS users can do the same by tapping the arrow at the top of a conversation which will turn from blue to grey. To turn tracking off for all conversations on Android, open the Settings tab of the app and disable location. The default location setting for Facebook Messenger on an iPhone is off, but if you have turned it on and want to turn it off completely you must to go to Settings > Privacy > Location Services > Messenger.

Both Barack Obama in the US and David Cameron in the UK plan to decrease online encryption and increase legal government ‘snooping’ which could see the NSA and GCHQ being able to tap into anyone’s online and social accounts. It seems that we don’t know ourselves how much data and of what type is being held about us by the sites and apps we use. It isn’t just the government that we should worry about, but hackers who may not be able to sell information such as our current or past location, but could blackmail us and scare us into paying them.  
 
If you have any other apps aside from Facebook Messenger which use your location in a way that you don’t find useful then you should disable this function for each of them. Similarly, on Android you may wish to also check any apps you’ve downloaded recently to ensure they aren’t saving or sending your location without your knowledge.