Social Networks Leak Personal Information - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Social
News
8/24/2009
05:13 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Social Networks Leak Personal Information

Internet users are revealing information that identifies them through the use of social networking sites, a research study claims.

Online social networking sites leak personal information, a new study has found, raising the possibility that users of such sites can be tracked everywhere they go online.

The study, "On the Leakage of Personally Identifiable Information Via Online Social Networks," was co-authored by Balachander Krishnamurthy, a researcher at AT&T Labs and Craig E. Wills, a professor of computer science at the Worcester Polytechnic Institute in Massachusetts, and presented last week at the Second ACM SIGCOMM Workshop on Online Social Networks in Barcelona, Spain.

The researchers say that social networks leak information through a combination of HTTP header information -- the Referer header and the Request-URI -- and cookies sent to third-party aggregators such as Google's DoubleClick, Google Analytics, and Omniture, among others.

As a consequence of this leakage, third-party aggregators can potentially link social network identifiers to past and future Web site visits, thereby identifying a person and his or her online activities.

"The ability to link information across traversals on the Internet coupled with the wide range of daily actions performed by hundreds of millions of user on the Internet raises privacy issues, particularly to the extent users may not understand the consequences of having their PII [personally identifiable information] available to aggregators," the study states.

The study notes that while the privacy policies of the third-party aggregators typically declare the sharing of non-indentifying information, they don't make it clear that an identity can often be derived from supposedly non-identifying information.

"What we are clearly trying to establish with this work is that these third party companies are receiving information about us from online social networks," said Wills in a phone interview. "When you or I create an account on an online social network, there's a unique identifier that's always associated with your account. That account number is being passed along to these third party aggregators. And along with the cookies these aggregators are already maintaining, they now can link that cookie to a social network identifier."

The study looked at twelve social networking sites: Bebo, Digg, Facebook, Friendster, Hi5, Imeem, LinkedIn, LiveJournal, MySpace, Orkut, Twitter, and Xanga.

"Not only do they know where I'm visiting, they know who I am," said Wills. "And that's disconcerting."

Many social networking sites provide privacy controls to limit information disclosure, but the report found that between 55% and 90% of users -- Wills suggests it's closer to 70% on the lower end -- of social networking services keep the default privacy settings for allowing strangers to view profile information and 80% to 97% keep the default privacy settings for viewing friends.

The report does not suggest that there's misuse of this information by third party aggregators and notes that contracts between social networking sites and third party aggregators may require aggregators not to use identifying information.

Facebook did not respond to a request for comment.

InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll