We already know that if you use an
online social network, you give up a serious slice of your privacy
thanks to the omnivorous way companies like Google and Facebook gather
your personal data. But new academic research offers a glimpse of what
these companies may be learning about people who don’t use their massive web services. And it’s a bit scary.
Because they couldn’t get their hands on data from the likes of
Facebook or LinkedIn, the researchers studied publicly available data archived
from an older social network, Friendster. They found that if Friendster
had used certain state-of-the-art prediction algorithms, it could have
divined sensitive information about non-members, including their sexual
orientation. “At the time, it was possible for Friendster to predict the
sexual orientation of people who did not have an account on
Friendster,” says David Garcia, a postdoctoral researcher with
Switzerland’s ETH Zurich university, who co-authored the study.
Garcia’s findings showed that for people in minority
classes—homosexual men or women, for example—his profiling techniques
were 60 percent accurate. That’s a pretty high accuracy, he says, “since
a random, uniformed classification would have a precision of less than 5
percent.”
The paper only examines sexual orientation, but Garcia thinks this
type of analysis could model things such as age, relationship status,
occupation, even political affiliation. “Basically, anything that is
already shared by the users inside the social network could be
predicted,” he says.
It’s yet another reason to be wary of Facebook in particular, as the
social network’s growing size, massive user database, and increasing
emphasis on advertising revenue continues to worry users. Last week, a
two-month-old Facebook alternative called Ello
was generating 50,000 new member requests per hour—not only because it
was ad-free but because it provided a safe haven for members of the
lesbian, gay, bisexual, and transgender community unhappy that Facebook
forced them to use their real names. But even if they flee Facebook, it
seems, the social network may still have ways to betray their privacy.
A Major Problem
That doesn’t sit well with everyone. “The fact that I have no control
over additional email addresses and phone numbers added to their data
store on me is frightening,” Packetstorm wrote in a blog post last year.
The man who wrote this post, Packetstorm Partner Todd Jarvis, says that
he believes that Facebook still collects this data, despite his
company’s recommendation that they delete it. “As long as it exists, it
is a liability in my opinion,” he says.
These types of practices worry Garcia, too, because they could be
used to infer private information on existing users. Or worse, they
could be used to build dossiers on people who aren’t even on the social
network. Facebook may not have shadow profiles today, but it could build
them. And so could other social networks. Technically, it can be done;
and there’s no clear way to stop this. “This is a major problem in
privacy,” he says. “These people who are getting their privacy lost have
never agreed to [the social network's] terms of use.”
He thinks that because it’s such a tricky technical and ethical
issue, that the only way to really protect the data of people outside of
the network is through legislation. “It is not enough to get a
statement from Facebook saying we promise not to build those profiles,”
he says.
Shadow Profiles
The problem Garcia identifies lies in something called “shadow
profiles,” and as a consequence, we all could be intimately profiled by
the Facebooks and Googles and LinkedIns of the world—whether we agree to
it or not.
Garcia says this kind of statistical analysis—essentially using
machine learning to study the known tastes and relationships of one
person’s contacts, and making a guess about who they are likely to
be—could be used to build disturbingly detailed profiles of people who
do not even use the social network. Although the Friendster data dates
to the last decade, Garcia believes that Facebook could make the same
type of predictions with its data—and probably do this better because it
has so many more users than Friendster ever did.
We learned about shadow profiles last year when security researchers at a company called Packetstorm discovered
Facebook was maintaining its own files on users’ contacts. For example,
if Facebook found two users were connected to a non-member—say,
bob@wired.com—it would pool other information—different phone numbers,
for example—into one master dossier.
A Facebook spokesman says the company “doesn’t have shadow accounts
or profiles – hidden or otherwise – for people who haven’t signed up for
our service,” and a 2011 audit
by Ireland’s Data Protection Commissioner confirmed this. But the
company does store information on non-users when Facebook members import
their contact lists.
No comments:
Post a Comment