Skip to main content
USA Network
Final Season
Coming 2019
  • EPISODES
  • VIDEOS
  • Articles
  • PHOTOS
  • CAST & INFO
  • Extras
  • Email

    By submitting your information, you agree to our Privacy Policy and Terms and Conditions.

  • SHOP
  • After Show
  • Whoismrrobot
#MrRobot

By submitting your information, you agree to our Privacy Policy and Terms and Conditions.

Meal-Ordering App Ritual Exposes Government Employees’ Office Locations

Featured From The Verge
By Ashley Carman
Originally posted on March 16, 2018
Tags: The Verge

Share

A couple months after Strava unintentionally exposed military base locations, another app named Ritual is exposing government agencies’ locations and workers’ restaurant routines. Ritual promises to streamline takeout by letting co-workers piggyback off each others’ orders. Users get a notification when their colleagues are ordering from somewhere, and they can then tack their own order onto that one. The app doesn't use location tracking to determine where users work. Instead, users can type the name of a business and then choose an address from those listed or manually add an address.

I typed in the US Department of Homeland Security, for example, and saw a list of the agency’s locations around the country. I picked one at random and then saw a list of floors where my “colleagues” worked. I could see their names, as well as their profile photos. I could also do this for any other business, like Palantir or Booz Allen Hamilton.

National security agencies’ locations might not be entirely private, but oftentimes, the floors on which they operate are unlisted. When I visited DHS in Washington, DC a couple years ago, the security guard wouldn’t confirm whether the agency had an office in the building and definitely wouldn’t disclose the floor.

Listed locations for the Department of Homeland Security.

I signed up using my personal email account and didn't need to verify my employer in any way. Users don't have to broadcast their orders to the whole office, but that’s the entire point of the app, and they likely aren't assuming that people other than their co-workers could be lurking. Piggyback, as Ritual calls it, is also turned on by default. The app has to approve employer changes, but users can pick a different outpost address at any time.

Bad data privacy: On the "social [meal] ordering app" Ritual, you can join any company without email verification and see which office floor users work on at places like @DHSgov, @LockheedMartin, @PalantirTech, and the Pentagon. pic.twitter.com/fZrwPCGJaw

— Caitlin Tran (@caitlinsays_) March 16, 2018

If I were a spy hoping to figure out where people worked, Ritual might be able to give me a clue. If I wanted to poison employees, well, I also now know where they tend to order from and when. It’s a little conspiratorial, I know, but Russian agents just openly poisoned an ex-spy in Britain. Government agencies and their employees need to watch how, where, and to whom locations are being broadcasted.

Another app, Strava, just dealt with similar privacy issues. The company lets users share their workouts with others through a public heat map. Government employees unintentionally mapped the perimeters of military bases around the world. Since the locations were exposed, Strava made it easier for employees to hide their location data and to make public data private.

We’ve reached out to Ritual and will update when we hear back.

Previous post Next post

Latest Articles

  • What's In a Name? The Handles, Names and Passwords of Mr. Robot, Analyzed
  • Rami Malek Reacts to His Oscar Nomination for Bohemian Rhapsody: He's 'On Cloud Nine'
  • Every Mr. Robot Episode Title, Explained
  • See Rami Malek at the World Premiere of 'Bohemian Rhapsody'
  • Here's Where You Can Watch Every Episode of Mr. Robot
  • Sam Esmail Named One of Hollywood's 50 Most Powerful TV Showrunners
  • Chrome’s New Password Manager Stops You Using the Same Password for Every Website
  • US, UK, and Other Governments Asks Tech Companies to Build Backdoors into Encrypted Devices
  • Firefox Will Soon Block Ad-Tracking Software By Default
  • Mr. Robot Will Return for Its Fourth and Final Season in 2019
View all Articles

Related content

  • Article
    The Handles, Names and Passwords of Mr. Robot, Analyzed
  • Article
    Rami Malek Reacts to His Oscar Nomination
  • Article
    Every Mr. Robot Episode Title, Explained
  • Article
    See Rami Malek at the World Premiere of Bohemian Rhapsody
  • Article
    Here's Where You Can Watch Every Episode of Mr. Robot
  • Article
    Sam Esmail Named One of Hollywood's 50 Most Powerful TV Showrunners
Load more
  • NBCU Research Panel
  • Terms of Service
  • Privacy Policy
  • Closed Captioning
  • Accessibility
  • Help
  • AdChoices
  • Site map
©2019 NBCUniversal, Inc. All Rights Reserved. A Division of NBC Universal