Software // Social
News
8/24/2009
05:13 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Social Networks Leak Personal Information

Internet users are revealing information that identifies them through the use of social networking sites, a research study claims.

Online social networking sites leak personal information, a new study has found, raising the possibility that users of such sites can be tracked everywhere they go online.

The study, "On the Leakage of Personally Identifiable Information Via Online Social Networks," was co-authored by Balachander Krishnamurthy, a researcher at AT&T Labs and Craig E. Wills, a professor of computer science at the Worcester Polytechnic Institute in Massachusetts, and presented last week at the Second ACM SIGCOMM Workshop on Online Social Networks in Barcelona, Spain.

The researchers say that social networks leak information through a combination of HTTP header information -- the Referer header and the Request-URI -- and cookies sent to third-party aggregators such as Google's DoubleClick, Google Analytics, and Omniture, among others.

As a consequence of this leakage, third-party aggregators can potentially link social network identifiers to past and future Web site visits, thereby identifying a person and his or her online activities.

"The ability to link information across traversals on the Internet coupled with the wide range of daily actions performed by hundreds of millions of user on the Internet raises privacy issues, particularly to the extent users may not understand the consequences of having their PII [personally identifiable information] available to aggregators," the study states.

The study notes that while the privacy policies of the third-party aggregators typically declare the sharing of non-indentifying information, they don't make it clear that an identity can often be derived from supposedly non-identifying information.

"What we are clearly trying to establish with this work is that these third party companies are receiving information about us from online social networks," said Wills in a phone interview. "When you or I create an account on an online social network, there's a unique identifier that's always associated with your account. That account number is being passed along to these third party aggregators. And along with the cookies these aggregators are already maintaining, they now can link that cookie to a social network identifier."

The study looked at twelve social networking sites: Bebo, Digg, Facebook, Friendster, Hi5, Imeem, LinkedIn, LiveJournal, MySpace, Orkut, Twitter, and Xanga.

"Not only do they know where I'm visiting, they know who I am," said Wills. "And that's disconcerting."

Many social networking sites provide privacy controls to limit information disclosure, but the report found that between 55% and 90% of users -- Wills suggests it's closer to 70% on the lower end -- of social networking services keep the default privacy settings for allowing strangers to view profile information and 80% to 97% keep the default privacy settings for viewing friends.

The report does not suggest that there's misuse of this information by third party aggregators and notes that contracts between social networking sites and third party aggregators may require aggregators not to use identifying information.

Facebook did not respond to a request for comment.

InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of October 26, 2014 and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.