Social Networks Leak Personal Information - InformationWeek
IoT
IoT
Software // Social
News
8/24/2009
05:13 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Social Networks Leak Personal Information

Internet users are revealing information that identifies them through the use of social networking sites, a research study claims.

Online social networking sites leak personal information, a new study has found, raising the possibility that users of such sites can be tracked everywhere they go online.

The study, "On the Leakage of Personally Identifiable Information Via Online Social Networks," was co-authored by Balachander Krishnamurthy, a researcher at AT&T Labs and Craig E. Wills, a professor of computer science at the Worcester Polytechnic Institute in Massachusetts, and presented last week at the Second ACM SIGCOMM Workshop on Online Social Networks in Barcelona, Spain.

The researchers say that social networks leak information through a combination of HTTP header information -- the Referer header and the Request-URI -- and cookies sent to third-party aggregators such as Google's DoubleClick, Google Analytics, and Omniture, among others.

As a consequence of this leakage, third-party aggregators can potentially link social network identifiers to past and future Web site visits, thereby identifying a person and his or her online activities.

"The ability to link information across traversals on the Internet coupled with the wide range of daily actions performed by hundreds of millions of user on the Internet raises privacy issues, particularly to the extent users may not understand the consequences of having their PII [personally identifiable information] available to aggregators," the study states.

The study notes that while the privacy policies of the third-party aggregators typically declare the sharing of non-indentifying information, they don't make it clear that an identity can often be derived from supposedly non-identifying information.

"What we are clearly trying to establish with this work is that these third party companies are receiving information about us from online social networks," said Wills in a phone interview. "When you or I create an account on an online social network, there's a unique identifier that's always associated with your account. That account number is being passed along to these third party aggregators. And along with the cookies these aggregators are already maintaining, they now can link that cookie to a social network identifier."

The study looked at twelve social networking sites: Bebo, Digg, Facebook, Friendster, Hi5, Imeem, LinkedIn, LiveJournal, MySpace, Orkut, Twitter, and Xanga.

"Not only do they know where I'm visiting, they know who I am," said Wills. "And that's disconcerting."

Many social networking sites provide privacy controls to limit information disclosure, but the report found that between 55% and 90% of users -- Wills suggests it's closer to 70% on the lower end -- of social networking services keep the default privacy settings for allowing strangers to view profile information and 80% to 97% keep the default privacy settings for viewing friends.

The report does not suggest that there's misuse of this information by third party aggregators and notes that contracts between social networking sites and third party aggregators may require aggregators not to use identifying information.

Facebook did not respond to a request for comment.

InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll