In a recent paper about social privacy Google researchers caution that the expansion of the social Web and our growing involvement with it is compromising our privacy while offering the false sense of security that we act in the privacy of our own social circle.
Specifically, the paper suggests three areas where the social Web compromises user privacy.
1. Lack of control over activity streams
According to the paper, there are two primary ways in which lack of control over activity streams may compromise our privacy; the lack of control we have over events going into our activity streams (examples given are Facebook Beacon and coComment), and the lack of control we have when it comes to who can see our activity stream as is possible with Google Reader.
2. Unwelcome linkage
The authors define unwelcome linkage as occurring when links on the Internet reveal information about you that you had not intended to reveal, for instance trackbacks and accidental linkage.
3. De-anonymization through merging of social graphs
Given social networking sites extract a fair amount of personally identifiable information; the authors suggest it may be possible to uncover personal information by comparing data across social networking sites. In fact, this method of merging social graphs has already been used when researchers identified Netflix users by combining Netflix data with data from IMDb (PDF).
The Google paper suggests various solutions:
- Applications should be explicit about which user activities automatically generate events for their activity stream
- Users should be given control over which events make it into their activity stream and be able to remove events from the stream after they have been added by an application
- Users should be explicitly told who the audience is for their activity stream; users should also have control over who the audience is for their activity stream
- Application developers should build their applications such that the creation of activity stream events is more likely to be in sync with user expectation
The paper also proposes the building of tools that describe what information is available about you on the Internet; a warning system of sorts that includes an automatic link discovery tool which will quickly show you whether there is any privacy risks involved, so you can be better informed before creating new content.
As reported in New Scientist the Google paper, (Under)mining privacy in social networks (PDF), will be presented at the Web 2.0 Security and Privacy 2009 workshop in May.
Image credit: Darwin Bell