Skip to main content

Social networking security scare

Facebook: A great way to stay in touch with friends or a government plan to keep an eye on us?

The US government's plans for its Total Information Awareness programme terrified privacy activists everywhere in 2002.

TIA's remit was to keep detailed information and know everything about everyone on the planet - all in the name of anti-terrorism. The programme was closed down in 2003, but many people believe it still exists - and its name is Facebook.

The idea of Facebook as a US government project makes a good conspiracy theory, but you don't need a tinfoil hat to realise that its 30-plus million users are storing huge amounts of personal data such as their address and interests on the service.

Share and share alike

If you use it to its full potential, you can share details not just of your interests, but your employment, educational history, sexual orientation, friends and family and even day-to-day activities. If you don't change the default privacy settings, you could be sharing that information not just with people you know but with entire cities or even countries that have made their own groups.

For example, if you join the UK's largest group, the London network, your profile information is visible to a massive 924,921 people at the time of writing.

The easiest way to prevent that data from being shared is to make it friends-only, but that only works if you're selective about the people you accept as Facebook friends, and far too many people aren't.

In August, security firm Sophos set up a fake profile featuring Freddi the Frog, and sent friend requests to 200 randomly selected users. 41 per cent of those approached then made the frog their friend and leaked their personal profile information.

Carole Theriault, senior security consultant with Sophos, explained the reasoning behind Freddi. "People were jumping on the Facebook bandwagon but we were concerned that they weren't thinking about the security aspect," she says. "People often think of making information available to the people they want to show it to, but don't think about those they might want to hide it from."

Fiddling with Facebook

Facebook has improved some of its privacy features but the default settings emphasise sharing rather than privacy. Sophos has published a guide to Facebook's privacy settings, and while much of it seems obvious, that's only because many users don't take even the simplest precautions.

Users should also take a look at Facebook's privacy policy, which makes things crystal clear. "We cannot control the actions of other users with whom you may choose to share your pages and information," it says.

More importantly, the policy also notes that Facebook isn't responsible for any third-party applications that are built upon its platform, and can't control how such parties might use your personal information.

There's another clause that seems rather strange. "Facebook may also collect information about you from other sources, such as newspapers, blogs, instant messaging services, and other users of the Facebook service through the operation of the service... in order to provide you with more useful information and a more personalised experience," it says.

Newspapers? When it was a college-only network, Facebook monitored campus newspapers for interesting information and tracked instant messaging services' away messages, but things have changed since then. We attempted to contact Facebook's press office for clarification, but they didn't respond.

Social site search engines

Aggregating data from multiple sources is a particular threat to privacy. People share photos on Flickr, post on MySpace, publish lists on Amazon, comment on blogs, network on LinkedIn and so on - and a new generation of search engines hope to collate and aggregate that data.

Both and search the 'deep web' and present the results in a single page. If you're listed on multiple sites, the amount of information could be alarming.