Skip to content ↓ | Skip to navigation ↓

Once again, warnings are being given that internet users may not realise just how much personal information they are sharing with others online – and this time it’s about where you spend your life working, playing and sleeping.

A newly-released tool lets you easily track the movements of other Facebook users and plot them on a map, by scooping up the location data they have shared in Facebook Messenger chats.

Marauder’s Map is named after a magical chart from the Harry Potter novels that shows the location of every person in the grounds of Hogwarts School.

But the new Marauder’s Map is real, not fictional.

Initially released by Harvard College computer science student Aran Khanna as a Chrome browser extension, Marauder’s Map makes it child’s play for anybody to become a stalker – finding out a contact’s place of work, where they live, or favourite bars and hang-outs.

Marauder’s Map scrapes the location data from your Facebook Messenger page, and plots it on a map.

Marauder's Map

In a blog post, Khanna describes Marauder’s Map as having “creepy potential”:

“The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.”

In one example, Khanna describes how he was able to use Marauder’s Map to determine where a casual acquaintance slept at night:

“I am in a pretty active group chat with some of my brother’s friends (who I am friends with on Facebook but don’t know too well). They are all fairly active on the chat, posting once a day or more.”

“Let’s pick on the one who goes to Stanford. By simply looking at the cluster of messages sent late at night you can tell exactly where his dorm is, and in fact approximately where his room is located in that dorm.”

Location data of Stanford student

Deeper analysis of data collected in this way begins to draw up a clear picture of people’s schedule: where they work, where they drink coffee, where they go the gym, where they sleep…

You may not have even realised that your friends’ location information was being shared in the conversations you had via Facebook Messenger, as there is no visual sign.

It’s only when you click on their speech bubble that you discover that embedded into the chat is location data, which reveals where the sender was with creepy accuracy.

Facebook Messenger map info

One issue is that you may think it’s harmless to attach your location to a single message, but – unless you remember to disable location sharing afterwards – it’s all too easy for an archive of your past locations to build up.

And, as far as I can tell, there is no way to delete the location data from past messages you have sent.

Such creepy collection and examination of location data has clear implications for not just consumers, but also businesses.

If your company is being targeted by criminals, they may attempt to learn the schedules of your workers – hoping to launch man-in-the-middle attacks over unsecured WiFi in coffee shops, or determine the home addresses of senior executives. All they would need to do to begin to collect the data is start an online chat with you, perhaps posing as a potential customer or romantic interest.

The potential for abuse, whether it be by organised criminal gangs targeting an enterprise, or jealous former partners and obsessive stalkers, should be clear. Which means that consumers and businesses alike should consider disabling Facebook Messenger’s ability to track and share your location.


How to disable location sharing on Facebook Messenger
Although it’s possible to manually deselect location sharing on individual messages, it’s clearly all too easy to forget to do that and Facebook’s own help page admits that turning off location sharing only works for the current message, and will be re-enabled when you start a fresh chat.

Therefore, my advice would be to stop Facebook Messenger from accessing your location entirely.

Instructions for iPhone/iPad users:

  1. Go to Settings > Privacy > Location Services, where you find a list of all of your location-aware apps.
  2. Scroll to “Facebook Messenger”, and ensure that its location services are set to “Never”.
  3. While you’re at it, review what other iOS apps you’re allowing to access your location data. If you are uncomfortable with why an app would need your location information, disable the feature. Note that it’s probably a good idea *not* to disable location tracking for “Find my iPhone” (if you have it enabled) as you might err.. find it hard to find your iPhone!

Location access setting

Instructions for Android users:

Although there have been reports that Google will introduce greater app-specific granularity to its privacy controls in the future, at the moment location privacy settings in the operating system are very much an “on or off” affair.

So, you need to place your trust in the apps themselves, and use their options when it comes to location sharing:

  1. Open the Facebook Messenger app
  2. Click the settings icon (shaped like a gear) in the upper-right corner.
  3. Scroll to “New messages include your location by default” and uncheck it.

The release of Marauder’s Map as a Chrome extension certainly caused a stir, and saw many people embracing the easy way in which they could keep track on their Facebook Messenger contacts.

Marauder's Map user tweets his approval

At the time of writing the Chrome extension no longer works properly – its popularity means that it quickly smashed through the API calls limit that its mapping service provided – but programmer Aran Khanna has made the code available on Github for more technically-minded users to roll their own version.

Khanna, who starts working as an intern at Facebook next month, says that the company is working on fixing the issue – although no details have been provided yet as to how it will do this or a timescale as to when.

My advice? Don’t wait. Check that the phones you own, or the ones you’re responsible for protecting in your business, aren’t sharing any information which they don’t need to – which includes, of course, their location.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Tripwire CCM Express Free Trial
  • djcarr

    For Windows Phone Users
    Open the Messenger app
    Click the … at the bottom right and go to Settings
    If Location is on a black bar will be on the right. Slide the bar to left and it will turn gray. Location is now off.
    Exit Settings and you will no longer be tracked using Facebook Messenger on your Windows Phone.

  • Coyote

    "Marauder’s Map is named after a magical chart from the Harry Potter novels that shows the location of every person in the grounds of Hogwarts School."

    Don't forget it shows invisible people (and also people who are in another form e.g. animal) and as their real name, too (would this work on people who have fake names ? If it does one wonders when facebook will make their own…)! Is the non-fantasy version of invisible something like those who aren't there, so for example would it show those like me that don't use facebook ? I suppose it could be possible, what with the way people behave on there (and what they post)… although maybe not in real time (does this one ? It seems like it is mapping where someone was rather than is). On the other hand, this map would likely have better support for people that have the same first and last name so that's something too. Also, certain areas can't be mapped (either because of unplottability and/or they never found the place – one is definitely unplottable, the other known example in Hogwarts is likely unplottable too) which I suppose is possible in remote areas ? If it can track everywhere it is more magical than the Marauder's of HP which is quite impressive indeed.

    Yes, I admit that I'm something ('something' he cries…) of a lunatic that lives in a partial fantasy world… but what to say other than 'Mischief managed' ? I suppose there's a lot of things including pointing out the irony that I'm most like (very much like, even) Severus Snape, the one that would be insulted by the map should I – that is, he – tries to use it. In any case, I'm not sure what is more scary – facebook ideals or how much they expose in the process of being plotted across the map of the world. This version of the map is rather interesting though, at least in the actual technical implementation (especially because technology will not work at Hogwarts and so this is the most magical like version that isn't actually magical); anything else does indeed have serious implications (both in computer/network/phone security as well as physical safety – not just of those mapped but others they interact with).

  • Great research, thanks! I knew about this earlier, but didn't know how to put it in easy way. Well, it seems that Facebook is getting used to know absolutely everything about us. That's pretty disturbing!

  • And after the acquisition of WhatsApp, Facebook is now a inch closer to our personal life. I think now they have the World's biggest database of information regarding people and they can use it in their advertising strategies.

  • Martin Altria

    facebook will still know this information….. it just won’t be so easy for others to get it

  • Nemo Reinhardt

    Its amazing how you can be controlled by the new technologies, but remember the best defense ins’t stop using it, quiet the contrary, the only way to be invisible in a digital age is by Overflowing, don´t buy a smartphone, buy tow, or buy five or six, if possible, leave one at your work, other at home, at the gym, carry one with you, swamp them regularly, lend one to a friend or girlfriend, create a lot of Facebook identities, more than one real, post from many places, use free Wifi and so on.

    • Eric

      Does it work if I use safari and don’t have messenger?