What3Words: Startup under fire
Emergency responders and security researchers claim the service has fundamental flaws that could backfire in a critical situation
Location finding app What3Words has quickly established itself as one of the UK’s startup darlings. It has amassed deep partnerships with emergency service teams home and abroad, and has even been integrated into Apple and Google Maps.
But the buzz around the company is slowly turning sour, as there is a growing concern that the firm’s system - which simplifies longitude and latitude coordinates into three-word addresses - has some fundamental flaws that could potentially be fatal if they cropped up in a critical situation.
Its founders, Chris Sheldrick, Jack Waley-Cohen, Mohan Ganesalingam and Michael Dent, have built their service around the idea that the world can be segregated into 57 trillion 3-metre squares, each of which can be assigned a simple three-word address. So rather than trying to describe where you are, or finding the 16-digit code like sailors of old, you can use the app or the website to pinpoint your exact location and share it with others by saying something like ‘Fish/Bottle/Step’. Sheldrick, who is also the CEO, came up with the idea during his previous career in the music business trying to direct suppliers to events, often with little success.
“We were always looking for something like gate L42, at the back of a stadium, or some kind of villa halfway up the hill in Italy, and the address never pointed to the right place,” Sheldrick explains. “So we tried, or I tried, to get all of the London music business using latitude and longitude coordinates, but people were very against it. So the whole idea was, really, how can we make coordinates super simple for the everyday person to use? So anything from a child to a grandparent could do it? And that's how we came up with the idea.”
The end result may be simple, but the underlying technology is anything but. For it to work, the 57 trillion 3-metre squares include the oceans as well as land, and each needs a three-word combination that’s selected from a list of 40,000 words.
“It's something that you can use, not just if you're in an emergency, but if you want to get a delivery into the right place” Sheldrick explains. “I live in the countryside and delivery drivers never find our house. Even though there’s supposedly a lot of tech going into the sector, we still have the same problem. We’ve got a lot of awareness throughout the UK from the emergency services, over 85% of them use us. Once we got that awareness, we're now seeing so many other use cases.
“And of course last year, during the pandemic, we saw an e-commerce surge. So we had many, many times the number of checkout pages, actually adding a What3Words field on there, so people could specify their three-word address for their deliveries. We're also in cars, like Mercedes and Mitsubishi, which have just put this into their navigation system. So really, we want it to be something that people across the world just think of as they do an address.”
Now, there are stipulations the company uses for its pool of 40,000 words; it tries not to use plurals and homophones – words that have different meanings but the same pronunciation (like flew and flu). The firm uses the Fisher-Yates shuffle algorithm to select the words and says it has taken great care to keep similar sounding words far apart. Security experts and emergency service members, however, suggest this hasn’t quite worked out.
What3Words has been tested by Mountain and Rescue England and Wales, but it didn’t come out well, according to the BBC. The head of the organisation suggested that there were too many problems with similar sounding addresses, whereby the person needing rescue would either pronounce it incorrectly or they would misread one of the words in the address (local accents were also an issue). One address given to the teams in England and Wales, ‘Jump/Legend/Warblers’, was actually in Vietnam.
Security researcher Andrew Tierney has also questioned the company’s system, writing in a blog post: “Due to a series of design flaws in What3Words, I do not believe it is adequate for use in these safety critical applications”. Tierney began investigating the firm after a friend said he found two similar-sounding addresses less than ten miles apart.
During his own investigation, Tierney claimed to have found 32 words that have similar pronunciations, though some of the examples he lists in his blog are not like for like (‘picture’ and ‘pitcher’) and he also gives the example ‘incite’ and ‘insight’ twice in his list. However, he says there is a significant number of plurals in the 40,000 words list – 7,697 to be exact – and suggests that means 15,924 of the words (roughly 40%) can be confused by mireading, mishearing or mistyping a single letter. As an example of where this could be an issue for rescue teams, the addresses ‘likely/stages/sock’ and ‘likely/stage/sock’ are on either side of the River Clyde.
B2B under quarantine
Key B2C e-commerce features B2B need to adopt to surviveDownload now
"We launched the system with full understanding that whilst we had made trade-offs in our shuffling algorithm, it provided a huge communication benefit over the commonly-used location system alternatives,” What3Words said in a statement to the BBC. “We have good feedback from our partners and users supporting this view."
Although not ideal, these issues don’t seem to be much of a problem for companies like Capita, which have deep partnerships with UK response teams. It also doesn’t seem to be any trouble for emergency services in Australia, the US and Canada. This suggests that it’s unlikely to stop What3Words, as it continues to expand rapidly around the world.
“There's so much going on for us to keep up with but it's brilliant that so many countries are using what we're doing,” Sheldrick tells IT Pro.
2021 Thales access management index: Global edition
The challenges of trusted access in a cloud-first worldFree download
Transforming higher education for the digital era
The future is yoursFree download
Building a cloud-native, hybrid-multi cloud infrastructure
Get ready for hybrid-multi cloud databases, AI, and machine learning workloadsFree download
The next biggest shopping destination is the cloud
Know why retail businesses must move to the cloudFree Download