Location-based services are becoming more common, and the features they add to mobile devices can be useful and even fun. But they also bring concerns about privacy and safety.

Several sites take a social networking approach, such as Foursquare.com, Gowalla.com and Yelp. All three offer options where a user shares their location with friends. For example, on Foursquare one can "check in" at a favorite restaurant and voice an opinion about the food.

But the downside is that everyone who reads the posting will know the user isn't home. On top of that, some services, such as Foursquare, can be linked to Twitter feeds.

Spokespeople for both Foursquare and Gowalla maintain that the data that identifies individuals is safe, and that their systems are set up in such a way that the user has to choose with whom to share their locations and feeds with.

But one concern is that it doesn't take a sophisticated hacker to track another person's location. Earlier this year, a trio of Dutch software developers put up a site called PleaseRobMe.com. The principle was simple: pull data from Twitter and Foursquare and post the username and (self-reported) locations. And many users weren't paying attention to their privacy settings.

The site stopped broadcasting locations after only a short while. But the developers wrote on their "why" page that the point was to make people aware of the fact that they may be broadcasting a bit too much.

It isn't just voluntary broadcasting that is an issue. AT&T, for example, has a "FamilyMap" feature, that allows someone with an AT&T phone to use either a computer or other smartphone to get exact location data for the phone of a family member.

AT&T sends a text message to the person being tracked, and the company's privacy policy says the history of locations is only kept for seven days. Foursquare says it deletes data from customers after 30 days once the account is deleted, and Gowalla deletes the information immediately when the account is closed. But not every privacy policy is explicit about how long the data is kept.

Also, on some smartphone platforms, such as on the iPhone 3 OS, location data is broadcast continually, says Alissa Cooper of the Center for Democracy and Technology.

"If you want to turn it off you have to reset all the preferences," she said. That isn't something many people will remember to do. Cooper added that Apple has changed this on the new iPhone platform, which asks the user if they want to broadcast location information. Google has also addressed this on Android, which has a small icon that flashes if the mobile device is being tracked via global positioning system.

While some might not care that their location is broadcast, there are cases where it has been used by stalkers. Recently in Somersworth, N.H., a woman was tracked by her abusive husband via AT&T's FamilyMap.

Peter Eckersley, senior staff technologist, says there are many situations in which the location data that is kept could be misused. Many of the providers of services say in their privacy policies they will give up the data in cases where it is subpoenaed. That isn't always from law enforcement; as sometimes the data can be used in civil lawsuits such as divorce cases. "For the most part it doesn't matter - until they get hacked or a subpoena comes through the door," he said.

In addition, unless the company providing the service states specifically how long the data is kept, chances are it is forever, Eckersley says.

There's also the potential for more serious misuse. Cooper noted that writing an application that continuously broadcasts one's location from an iPhone isn't difficult to do -- especially when it is designed not to tell you that it is doing just that.

Eckersley agreed that writing the applications is not hard to do. "There's a wide range of methods. You could pick up your girlfriend's phone, install the app, which secretly posts to Foursquare," he said. Another way is to set up a false account on a social networking service, get "friended" by someone, and get the feeds they meant only to broadcast to the people listed as friends. (Often, he notes, a "friend" on Facebook or Twitter has little resemblance to the off-line meaning of the term).

"Privacy is hard to figure out," he said. "It's hard to anticipate in advance the kind of privacy you're going to need." The solution, he says, is to design applications and platforms where the maximum amount of privacy is the default. Currently most systems are designed assuming that the user wants to broadcast more, not less.