This will make you rethink posting photographs via social media sites: Check out Creepy, a website that, "allows you to gather geolocation-related information about users from social networking platforms and image hosting services."
Yeah. That's right. Think you've got your account on lock down because you're not Tweeting your location? Wrong.
Here's the site's FAQs:
1) Dude, this app is disturbing , what were you thinking ?
Well, I don't think that the fact that your geolocation information can be gathered and aggregated is disturbing. The fact that you were publishing it in the first place , is , on the other hand. Just to be clear, the intention behind creating creepy was not to help stalkers or promote/endorse stalking. It was to show exactly how easy it is to aggregate geolocation information and make you think twice next time you opt-in for geolocation features in twitter, or hitting "allow" in the "this application wants to use your current location" dialog on your iphone.
2) Any other uses for creepy ?
In fact, yes. I believe it can be a valuable tool for information gathering when social engineering is allowed during a penetration test.
3) It takes forever to get some results ! Why is that ?
The most time consuming part of the process is not the extraction process , it's the retrieval. The target's tweets have to be retrieved with the use of twitter's API and then for the tweets that include photos, the photos have to be downloaded from the image hosting service in order to analyze the meta-data for GPS information. Twitter occasionally has some issues and it might not work with the first try, or fail to get all tweets at once. Just hit the "geolocate target" again, the previously retrieved tweets have been cached and creepy will try to get the rest for you.
4) Where is the Mac OS version ?
It's coming . Slowly. GTK+ doesn't play well with Mac OS and I don't own a mac. Plus I don't have much free time :)
5) What about google latitude , picasa web albums e.t.c. ?
I'm working on that . In the mean time , please fork creepy and write modules for services that are not included :) There are enough services to be included before we hit a stable release (1.0) I can't offer a time-frame though.