The company asked the white hat, Jesper Andersen, to give it nine days to deal with the problem that it was publishing all users’ location data to the entire web despite its privacy-policy promise to users that “You can opt out of such broadcasts through your privacy settings.”
So when the nine days were up, the company told Andersen in a private e-mail Tuesday morning that it had fixed the “privacy leak” (the company’s own words) by modifying how an existing privacy setting worked, and that it had no solution yet for two other privacy holes that Andersen also reported, saying it was trying to figure out how to balance usability with privacy.
As for its blog, the only thing the company disclosed Tuesday was that it had closed a monster round of financing: $20 million in venture capital from some of the hottest investors in the country. Nor did the company contact users to tell them that it had found and sort-of fixed a hole in its service that violated the promises it had made to users.
Foursquare Puts Money Before Privacy (Wired News)