We already know that if you use an online social network,
you give up a serious slice of your privacy thanks to the omnivorous way
companies like Google and Facebook gather your personal data. But new academic
research offers a glimpse of what these companies may be learning about people
who don’t use their
massive web services. And it’s a bit scary.
Because they couldn’t get their
hands on data from the likes of Facebook or LinkedIn, the researchers studied
publicly available data archived from
an older social network, Friendster.
They found that if Friendster had used
certain state-of-the-art prediction algorithms, it could have divined sensitive
information about non-members, including their sexual orientation. “At the
time, it was possible for Friendster to predict the sexual orientation of
people who did not have an account on Friendster,” says David Garcia, a
postdoctoral researcher with Switzerland’s ETH Zurich university, who co-authored the study.
Garcia’s findings showed that for people in minority
classes—homosexual men or women, for example—his profiling techniques were 60
percent accurate. That’s a pretty high accuracy, he says, “since a random,
uniformed classification would have a precision of less than 5 percent.”
The paper only examines sexual orientation, but Garcia
thinks this type of analysis could model things such as age, relationship
status, occupation, even political affiliation. “Basically, anything that is
already shared by the users inside the social network could be predicted,” he
says.
It’s yet another reason to be
wary of Facebook in particular, as the social network’s growing size, massive
user database, and increasing emphasis on advertising revenue continues to
worry users. Last week, a two-month-old Facebook alternative called Ello was
generating 50,000 new member requests per hour—not only because it was ad-free
but because it provided a safe haven for members of the lesbian, gay, bisexual,
and transgender community unhappy that Facebook forced them to use their real
names. But even if they flee Facebook, it seems, the social network may still
have ways to betray their privacy.
Shadow
Profiles
The problem Garcia identifies lies in something called
“shadow profiles,” and as a consequence, we all could be intimately profiled by
the Facebooks and Googles and LinkedIns of the world—whether we agree to it or
not.
Garcia says this kind of statistical analysis—essentially
using machine learning to study the known tastes and relationships of one
person’s contacts, and making a guess about who they are likely to be—could be
used to build disturbingly detailed profiles of people who do not even use the
social network. Although the Friendster data dates to the last decade, Garcia
believes that Facebook could make the same type of predictions with its
data—and probably do this better because it has so many more users than
Friendster ever did.
We learned about shadow profiles
last year when security researchers at a company called Packetstorm discovered Facebook
was maintaining its own files on users’ contacts. For example, if Facebook
found two users were connected to a non-member—say, bob@wired.com—it would pool
other information—different phone numbers, for example—into one master dossier.
A Facebook spokesman says the
company “doesn’t have shadow accounts or profiles – hidden or otherwise – for
people who haven’t signed up for our service,” and a 2011 audit by
Ireland’s Data Protection Commissioner confirmed this. But the company does
store information on non-users when Facebook members import their contact
lists.
‘A
Major Problem’
That doesn’t sit well with
everyone. “The fact that I have no control over additional email addresses and
phone numbers added to their data store on me is frightening,” Packetstorm
wrote in a blog post last year. The
man who wrote this post, Packetstorm Partner Todd Jarvis, says that he believes
that Facebook still collects this data, despite his company’s recommendation
that they delete it. “As long as it exists, it is a liability in my opinion,”
he says.
These types of practices worry Garcia, too, because they
could be used to infer private information on existing users. Or worse, they
could be used to build dossiers on people who aren’t even on the social
network. Facebook may not have shadow profiles today, but it could build them.
And so could other social networks. Technically, it can be done; and there’s no
clear way to stop this. “This is a major problem in privacy,” he says. “These
people who are getting their privacy lost have never agreed to [the social
network's] terms of use.”
He thinks that because it’s such a tricky technical and
ethical issue, that the only way to really protect the data of people outside
of the network is through legislation. “It is not enough to get a statement
from Facebook saying we promise not to build those profiles,” he says.
Source: wired.com
No comments:
Post a Comment