Social sites dent privacy efforts

Eugen Leitl eugen at leitl.org
Sun Mar 29 16:13:13 UTC 2009


http://news.bbc.co.uk/2/hi/technology/7967648.stm

Social sites dent privacy efforts

Greater use of social sites makes it harder to hide

Greater use of social network sites is making it harder to maintain true
anonymity, suggests research.

By analysing links between users of social sites, researchers were able to
identify many people in supposedly anonymous data sets.

The anonymised data is produced by social sites who sell it to marketing
firms to generate cash.

The results suggest web firms should do more to protect users' privacy, said
the researchers.

Circle of friends

Computer scientists Arvind Narayanan and Dr Vitaly Shmatikov, from the
University of Texas at Austin, developed the algorithm which turned the
anonymous data back into names and addresses.

The data sets are usually stripped of personally identifiable information,
such as names, before it is sold to marketing companies or researchers keen
to plumb it for useful information.

Before now, it was thought sufficient to remove this data to make sure that
the true identities of subjects could not be reconstructed.

The algorithm developed by the pair looks at relationships between all the
members of a social network - not just the immediate friends that members of
these sites connect to.

Social graphs from Twitter, Flickr and Live Journal were used in the
research.

The pair found that one third of those who are on both Flickr and Twitter can
be identified from the completely anonymous Twitter graph. This is despite
the fact that the overlap of members between the two services is thought to
be about 15%.

The researchers suggest that as social network sites become more heavily
used, then people will find it increasingly difficult to maintain a veil of
anonymity.

The results also had implications for the social sites themselves, wrote the
researchers.

"Social-network operators should stop relying on anonymisation as the 'get
out of jail' card, insofar as user privacy is concerned," they said.

"They should inform users when their information is disclosed to third
parties, even if this information has been anonymised, and give them the
opportunity to opt out," they added.

Writing about their work, the two researchers said many different
organisations might be interested in reconstructing the true identities.

They suggest that the information might be useful to governments interested
in large scale monitoring or unscrupulous marketing firms keen to reach
certain individuals. Even phishing gangs might be interested, they speculate,
to make their messages look more convincing.

The pair will present a paper about their work to the IEEE Symposium on
Security and Privacy taking place in California from 17-20 May. 



More information about the tor-talk mailing list