Social Networking and Privacy: NOT An Oxymoron

Feb 17, 2008
By:
Nicole A. Ozer

Page Media

ACLU of Northern CA

A recent policy conference on Internet issues held in Washington, D.C. included the panel, "Social Networking and Privacy: An Oxymoron?" It shouldn't be, but some of the major platforms for social networking seem to be treating the two concepts as if they were mutually exclusive.

We have blogged about the controversy over Facebook's Beacon feature, a program launched during the holiday shopping season in which cookies tracking your activity on third-party affiliates were captured and displayed in Facebook's user feeds for friends to see.

Advertisers loved this feature, but users didn't – especially when they found out they had only a limited window of time to opt out of individual Beacon transactions and there was no way to opt-out of Beacon entirely. User and media criticism, including a petition forwarded by MoveOn.org with over 80,000 signatures, led to changes in how Beacon operates and notifies users. But there are still major privacy issues on the horizon for social networking.

Recently, the New York Times reported on the difficulties Facebook users have encountered in attempting to withdraw from the site - even deleting all of one's information may not be enough because the company continued to archive deactivated accounts. Facebook has responded to this latest privacy issue by adding instructions to its help pages telling users that accounts may be deleted (not merely deactivated) by contacting customer service via email with the deletion request.

In January, Wired News reported a significant security hole on MySpace that allowed anyone to see and download the photo galleries of Myspace users that had set their profiles to "private" (meaning only other Myspace users that had been designated as "friends" of a user could see that user's profile). According to Wired, the security hole was found as early as last fall. The hole was reportedly closed by MySpace by January 25th, but not before a pseudonymous hacker trawled the site and created a "17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles" which is now available via BitTorrent.

The story notes that this is a "significant breach that affects users under 16 — whose profiles are automatically set to private — more than older users who must opt-in to the privacy option."The flagrant display of the security hole occurred only a week after MySpace announced a deal with over 40 state attorneys general to take measures to crack down on online sexual predators using the Fox Corp.-owned site.

This is not the first time MySpace has had to deal with a security problem a similar hole was fixed in August 2006, after it was announced on the front page of Digg, even though the hole was discovered as early as May 2006. Will it be the last? Very unlikely.

And the privacy problems of both of these companies may run wide and deep due to their policies of exposing user information to a wide variety of people to enable independent developers.

Facebook allows access to this user information with only the promise that these developers discard or ignore unneeded and already-used data. Facebook provides user information to all developers, even though less than 10% of applications require private user data. And when your friends on Facebook load applications, that application (and the developer) can see your data along with theirs, even if you never use or install the applications. Many Facebook users have no idea that their information may be at risk due to their use of private applications.

Recently MySpace launched its own developers' platform for applications to be used on its site — developers will have access to all "public profile data" for users.

People shouldn't have to choose between interacting with their friends online and keeping their personal information secure. If you use Facebook, MySpace, or other social networking sites, let them know that you take your privacy seriously and they need to let you know clearly about any privacy costs to new applications.