Social network data threatens privacy – study
Share
US-- Supposedly anonymous data sold by social network sites for research purposes can in fact be easily used to identify individuals, according to scientists from the University of Texas.
In a newly published study, Arvind Narayanan and Vitaly Shmatikov warn of the potential for “major privacy breaches”. Much of the information that ends up in the hands of researchers and marketers could put individuals at risk of being tracked by governments or targeted by unscrupulous salespeople and online scammers, they argue.
“Any potential solution would appear to necessitate a fundamental shift in business models and practices and clearer privacy laws on the subject of personally identifiable information,” they write.
Narayanan and Shmatikov looked at users who have accounts on both microblogging site Twitter and photo-sharing site Flickr, and found they were able to identify around a third of them in a data set where names and other personal information had been removed.
The researchers identified the individuals based purely on their connections with other users of the two sites, and predicted that their method would have been even more effective for sites that have more users in common than Twitter and Flickr, such as Facebook and MySpace.
The question of what constitutes personally identifiable information is a major point of contention between privacy advocates and organisations monitoring internet users. Leslie Harris, president of the Center for Democracy and Technology, told a recent Senate hearing that supposedly anonymous data gathered by behavioural targeting firms was “at best pseudonymous” because it could still be used to build up detailed profiles of individuals.
In response to such concerns, the Federal Trade Commission last month published revised self-regulation guidelines for ad targeting, stating that privacy protection should cover “any data that reasonably can be associated with a particular consumer or computer or other device” – a definition which could include IP addresses and profiles built up from clickstream data.
• RealAge, a website which offers a test to determine the ‘real age' of users based on information about their health, has come under fire for abusing people's privacy by using their test results to target them with marketing email on behalf of pharmaceutical companies, the New York Times reports.
Author: Robert Bain
