Foursquare badge spoofing


When an application sends an update to Twitter it can specify the ‘source’. The screenshot above shows an update where I used ‘foursquare’ as the source even though it wasn’t sent by Foursquare. No, I don’t think this is a security issue; it can be funny though.

Early this afternoon @BreakingNews posted “BULLETIN — OUSTED HONDURAN PRESIDENT ZELAYA RETURNS TO HONDURAS.” I found this humorous because when you become a mayor on Foursquare it announces to Twitter using the same style: It names a person, a location, a title, and uses the word ‘ousted’. Here’s an example of a mayor update. I constructed a fake update saying that I had ousted Zelaya as president of Honduras. Chris Nelson pointed out to me that I could specify the source as well, so I went for a slightly more involved joke.

Foursquare also announces to Twitter when you unlock a badge. Here’s is an example of me unlocking a badge. Clicking the bit.ly link takes you to a Foursquare page that describes the badge. I decided to make my own ‘Dictator’ badge. While New York has a number of Foursquare badges, Los Angeles has a limited number, so I wanted to surprise people with a new badge. I recreated the URL structure on my own domain (almost) and created a new badge image and text. I then updated Twitter using the same language as Foursquare and using ‘foursquare’ as the source. Here is the tweet and my fake badge (the design is from here).

Now to dream up useful ways to abuse this.


2 thoughts on “Foursquare badge spoofing

  1. I saw those updates this afternoon, and I thought, “Foursquare has a dictator badge? And Eliot is the dictator of LA?” I even specifically checked the source, since a lot of people post mock-foursquare updates, and on top of that, I didn’t notice that the “Dictator badge” page wasn’t hosted on foursquare.com. Consider me pwned.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.