Google Warns of Privacy Issues on the Social Web
In a recent paper about social privacy Google researchers caution that the expansion of the social Web and our growing involvement with it is compromising our privacy while offering the false sense of security that we act in the privacy of our own social circle.
Specifically, the paper suggests three areas where the social Web compromises user privacy.
1. Lack of control over activity streams
According to the paper, there are two primary ways in which lack of control over activity streams may compromise our privacy; the lack of control we have over events going into our activity streams (examples given are Facebook Beacon and coComment), and the lack of control we have when it comes to who can see our activity stream as is possible with Google Reader.
2. Unwelcome linkage
The authors define unwelcome linkage as occurring when links on the Internet reveal information about you that you had not intended to reveal, for instance trackbacks and accidental linkage.
3. De-anonymization through merging of social graphs
Given social networking sites extract a fair amount of personally identifiable information; the authors suggest it may be possible to uncover personal information by comparing data across social networking sites. In fact, this method of merging social graphs has already been used when researchers identified Netflix users by combining Netflix data with data from IMDb (PDF).
The Google paper suggests various solutions:
- Applications should be explicit about which user activities automatically generate events for their activity stream
- Users should be given control over which events make it into their activity stream and be able to remove events from the stream after they have been added by an application
- Users should be explicitly told who the audience is for their activity stream; users should also have control over who the audience is for their activity stream
- Application developers should build their applications such that the creation of activity stream events is more likely to be in sync with user expectation
The paper also proposes the building of tools that describe what information is available about you on the Internet; a warning system of sorts that includes an automatic link discovery tool which will quickly show you whether there is any privacy risks involved, so you can be better informed before creating new content.
As reported in New Scientist the Google paper, (Under)mining privacy in social networks (PDF), will be presented at the Web 2.0 Security and Privacy 2009 workshop in May.
Image credit: Darwin Bell
Share
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
http://www.freshlap.com/
That is kind of weird...
Sadly enough this is something I'd consider rather true. I wrote about this last week on our blog (http://short.ie/twitter-privacy)
In that example I used Twitter and the "Allowed-CSRF" that gives every website on the web the ability to retrieve your Twitter profile. This is a great lack of user privacy considering that some big names are on Twitter now and anyone other website could implement a simple profile retriever and associate those important people to their website (I will let your readers imagine the types of website that could be associated to different celebrities, personalities, etc).
Good article, and I have to say that I have to agree with you in the way that as the social web opens more and more, privacy becomes less and less a priority.
Reminds me of dooce.com, where Heather Armstrong lost her job for blogging about work.
Is this reverse psychology?
Pot... kettle... black, does this ring any bells to Google, who is deeper into our own private lives than the federal government!
Social Networks dont know where I bank - Google does, along with the account numbers they index.
Facebook does not have a clue as to the last 100 websites I visited, the amount of time I spent, whether I am a porn addict or look at pictures of classic cars in my spare time. Google Does!
MySpace doesnt read all my email... Google does.
This list could go on forever or at least 18 months, when my current Google cookie expires and they stop following my trail on the web.
Mark
I don't think Google is as Orwellian as some like to believe. But they are a bit reckless with the radical transparency and hyper pluralistic free information for all. This is actually a positive sign that they are taking an outside perspective on social sites. Or are they worried that social interaction on the internet will make Google unnecessary?
The future is going to be more transparent, it's just a fact and a fact that scares anyone over the age of 25!
This is why Open ID that lets me have several IDs for my different roles as a human, and only share some basic info, is to prefer over using my Facebook ID or my Google ID as login at other sites.
By the way, this is also why I don't get a MyBlog account to be included among the RWW readers :-)
"The future is going to be more transparent, it's just a fact and a fact that scares anyone over the age of 25!"
I would agree, seems the anyone in the world can find out just about anything that's in a database somewhere. I think our "tech progress" has progressed way faster than privacy and security measures. Maybe creating an online alias is not a bad idea. that's my 2c.
About eight months ago, I went a couple of (quick) rounds with the webmaster (and likely owner) of a generic, non-interactable website that had posted both my marriage history and birthdate without my expressed permission.. When it comes to personally identifiable, that's getting right up there with social security numbers and suchly..
With respect to David Coallier's comment (#3), I approached a now fairly high profile (albeit seemingly still functionally struggling) RSS-to-email provider about this very thing.. The service, at least at that time as I've not checked lately, let anyone claim anyone else's website feed(s) as their own..
My emailed concerns that people could claim and run strangers' feeds willy-nilly unchallenged through that site's service *INCLUDING DEVELOP AND GARNER AN EMAIL LIST UNDER FALSE PRETENSES* were met with a very cold, "Well, no one else has complained about that.."
Hm. :raises brow:
PS.. The aforementioned birth date webmaster did ultimately remove the information.. Likely didn't hurt that I openly CC'd EFF and a local civil rights entity.. Removal was near immediate *BUT* not without his first attempting a na-na-na that I was elsewhere identifiable all over the Net..
He was missing the point.. Every single one of those other elaborations were by my *informed, expressed CHOICE* and were as basically unidentifiable as the sites in question allowed, not to mention being the only person bearing this name online can be..
I know. Not so much.
Bottom line:
*_MY INFORMED CHOICE_*
Not his to make.
:grin:
The title gives a warning signal. But the content is what i would expect. Nice man.. :-)