Electronic Frontier Foundation calls social networking privacy study alarming

By Robert Westervelt, News Editor 27 Aug 2009 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

The Electronic Frontier Foundation is calling for urgent action to reign in advertising and tracking companies in the wake of a recent study that found social networks leaking user identities to the firms.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The non-profit free speech and digital rights organization responded to research that found a dozen popular social networking websites, including Twitter, Facebook and LinkedIn, assigning a unique identifying code to an individual's account and sometimes passing the code on to third-party marketing and Web analytics firms, DoubleClick Inc., Google Analytics, Omniture Inc. and others. Those firms could then couple that identifying information with an individual's browser cookies to build a unique profile on a person.

The ability of third party tracking sites to collate extensive amounts of information on people has been an ongoing concern said Peter Eckersley, a staff technologist at the EFF.

Privacy study: Social network study finds identity link to cookies: Researchers raise privacy concerns as a person's browsing habits could be paired with their identity and passed to third-parties.

"This is especially troubling since most people have no idea that companies such as Omniture or AdBrite or dozens of others even exist, let alone that they have an extensive record of everyone's behavior," Eckersley said

The study, "On the Leakage of Personally Identifiable Information from Social Networks," was conducted by researchers at Worcester Polytechnic Institute (WPI) and AT&T Labs Inc. The study found that in some cases, social networks are passing on a unique identifying code to the third-party firms via a referring URL. People have no way to block the passing of the identifying information besides clearing their browsing cookies or not accepting cookies, which could cause problems with certain websites.

Corporations need to be prevented from building a database of a person's browsing history unless that person gives explicit and informed consent, Eckersley said. Default settings on most social networks enable the least privacy for users. A person could change the defaults to their account, but identifying information could still enable the third-party companies to link their name and general location to their browsing habits.

SearchSecurity radio:

"This new research shows that most of the major social networks are busy handing over strongly identifying information to these faceless advertising and tracking companies, letting them put names on the files they've been painstakingly collecting about us for years," Eckersley said. "In some cases this transfer of data looks deliberate; in other cases it's a neat side-effect of the way the social networks include advertisements and analytics code on their pages."

Third-party companies, which partner with social networks to provide them with analytics used to secure advertising, have said that they are not tracking an individual user, but an anonymous profile.Either way, little is known about what goes on behind the scenes, said Craig E. Wills, associate professor of computer science at WPI and co-author of the report with Balachander Krishnamurthy of AT&T Labs. The third-party firms have been a growing presence on social networking websites over the last five years, Wills said.

"It's possible that Facebook has been handing information about me to DoubleClick and nobody even knows about it," Wills said. "But now we have clearly identified that my identifier in Facebook is being sent to DoubleClick."

Tags: Web Application and Web 2.0 Threats,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application and Web 2.0 Threats Web security firm ranks Firefox, Safari browsers as flaw prone Web application vulnerability assessment shows patching progress Layoffs prompt insider threat fears, cybersecurity survey finds Botnet masters turn to Google, social networks to avoid detection Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Kaspersky system analyzes malicious URLs on Twitter for malware Pushdo botnet uses Facebook to spread malicious email attachment Do Facebook URL security concerns justify blocking social networks? Gumblar Trojan drive-by exploits spike following Adobe update Web Browser Security InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary