[Infowarrior] - Social sites dent privacy efforts

Richard Forno rforno at infowarrior.org
Mon Mar 30 02:33:57 UTC 2009 

Friday, 27 March 2009
Social sites dent privacy efforts

http://news.bbc.co.uk/2/hi/technology/7967648.stm

Greater use of social network sites is making it harder to maintain  
true anonymity, suggests research.

By analysing links between users of social sites, researchers were  
able to identify many people in supposedly anonymous data sets.

The anonymised data is produced by social sites who sell it to  
marketing firms to generate cash.

The results suggest web firms should do more to protect users'  
privacy, said the researchers.

Circle of friends

Computer scientists Arvind Narayanan and Dr Vitaly Shmatikov, from the  
University of Texas at Austin, developed the algorithm which turned  
the anonymous data back into names and addresses.

The data sets are usually stripped of personally identifiable  
information, such as names, before it is sold to marketing companies  
or researchers keen to plumb it for useful information.

Before now, it was thought sufficient to remove this data to make sure  
that the true identities of subjects could not be reconstructed.

The algorithm developed by the pair looks at relationships between all  
the members of a social network - not just the immediate friends that  
members of these sites connect to.

Social graphs from Twitter, Flickr and Live Journal were used in the  
research.

The pair found that one third of those who are on both Flickr and  
Twitter can be identified from the completely anonymous Twitter graph.  
This is despite the fact that the overlap of members between the two  
services is thought to be about 15%.

The researchers suggest that as social network sites become more  
heavily used, then people will find it increasingly difficult to  
maintain a veil of anonymity.

The results also had implications for the social sites themselves,  
wrote the researchers.

"Social-network operators should stop relying on anonymisation as the  
'get out of jail' card, insofar as user privacy is concerned," they  
said.

"They should inform users when their information is disclosed to third  
parties, even if this information has been anonymised, and give them  
the opportunity to opt out," they added.

Writing about their work, the two researchers said many different  
organisations might be interested in reconstructing the true identities.

They suggest that the information might be useful to governments  
interested in large scale monitoring or unscrupulous marketing firms  
keen to reach certain individuals. Even phishing gangs might be  
interested, they speculate, to make their messages look more convincing.

The pair will present a paper about their work to the IEEE Symposium  
on Security and Privacy taking place in California from 17-20 May.

More information about the Infowarrior mailing list