Social networking applications can pose security risks

April 28, 2008

Sarah Brown is unusually cautious when it comes to social networks. The second school does not have a MySpace page and, while she spends Facebook, which does all it can to maintain your page as private as possible.

“I do not want to worry about all the different scandals and problems online,” said Brown, an education major at St. Joseph College in Connecticut. She wants to control their personal information and keep it away from identity thieves snooping or future employers. “It’s just common sense.”

It appears that your information is locked and sealed. But is it?

It is even aware of privacy Sarah Browns of the world freely hand over personal information to perfect strangers. They do this every time you download and install what is known as an “application”, one of the thousands of mini-programs in a growing number of social networking sites that have been designed by third-party developers for everything from games and sports teams to trivia contests and virtual gifts.

Brown, for example, has installed applications on your page Facebook Boston Bruins fans and one that allows its position “bumper stickers” in its own page and those of their friends. It is a way to communicate in basic social networking sites, which allow friends to create pages about themselves and publish photos and details about their lives and interests.

People often think Facebook profiles and sometimes the pages of MySpace, whether they are established as private, are available only to friends or specific groups, such as a university, workplace, or even a city.

But that’s not true if they use applications. At Facebook, for example, applications can be downloaded only if a user checks a box that allows developers to its “know who I am and have access to my information,” which means everything on a profile, except for information contact. Given little thought, to accept the conditions has become a matter of routine for the nearly 70 million Facebook users worldwide who use the applications to spruce up their pages and flirting, playing with his friends and bonds in line.

News Corp. ’s MySpace, which has about 117 million unique visitors each month, has recently added a platform for applications, giving developers access to the profiles of anyone who downloads. Unlike Facebook, however, MySpace users are not required to include their names on their profiles.

So what do these third parties do with the information? Sometimes, what used to connect users with similar interests. Sometimes, they are using it to target ads based on demographic data such as gender and age (something Facebook and MySpace also do).

Facebook and MySpace say they have application developers to high standards - and boot them if they fail. They also point out that some information, such as email addresses and phone numbers, are unavailable.

But experts who track online security issues seems that there is too much personal information flying around out there, with little assurance that it is safe. They also think of social networks have little understanding that their information is used and how it arrives - and as a result, have a false sense of security.

“I suspect that there are a lot of clicking, without much thinking,” said Mary Madden, a specialist in high-level research in the Pew Internet & American Life Project that studies privacy issues. “So much of this exchange happens in a way that users do not see the consequences. It’s kind of a big black hole”.

Part of the risk derives from Facebook applications being created by anyone, some of them technology-related companies and others with expertise. And it could be anywhere in the world, as is Jayant Agarwalla, co-founder of the popular application Scrabulous Facebook, a takeoff on the game Scrabble.

He arrived via e-mail, said Scrabulous uses demographic information to target ads that are presented as a person who plays the game. But Agarwalla, based in India, emphasizes that such information is provided in “real time” and not stored. “In my humble opinion, users have nothing to worry about,” he says.

Some argue that is very similar to trust a seller in line with your credit card.

Even so, it is an honor system, said Adrienne Felt, a major computer science at the University of Virginia. A Facebook user herself, she decided to investigate the site of applications and even created her own order to see how it worked.

Most of the developers polled said Felt either that there was no need or use the information available to them and, if they did, which is accessed only for advertising purposes.

But in the end, Felt said that there was really nothing to stop information on the profile matched with public records. It could also be sold or stolen. And all this could lead to serious matters such as identity theft.

“People seem to have the idea that, when you put something on the Internet, there must be some privacy model out there - that there is someone out there that the application of morality. But that’s not true,” says Felt.

Last year, Facebook users revolted when the company started using a tool called Beacon, that its monitoring of users buying and actions to dozens of websites, and then disseminated data on pages of Users of friends.

Beacon has since been reduced.

By comparison, the issue of personal information is going to application developers, both MySpace and Facebook now, has remained relatively calm.

Jonathan Gaugler, 26-year-old New Yorker, is one that is targeted ads on its Web Facebook a little invasive.

“Get Married? Make your registration here!” read a recent announcement that appeared. Another is in his fiancee page advertising of donor eggs for fertility clinics.

“Creepy,” Gaugler said.

The Facebook maintains its activity to a minimum as a result - and rarely download an application because he does not want to be more specific.

But many others are much less cautious, seeing the risk of social networks “at the lowest level and the reward so high,” says Patricia Sanchez April, assistant professor at the University of Miami School of Business who studies the law of privacy.

“It is chosen mode of communication throughout the world who know. Therefore, if you’re not there, you’re not alone in the loop,” he says. “There is a lot of peer pressure.”

What they do not realize, she adds, is that there is little legal backup if your information is used in a way that it did not intend.

“This is an area that is completely unregulated. Yes, there are contracts. But if the recipient does not fulfill the contract, which is still out of luck,” says April.

And applications, notes, are only one worry when it comes to Internet threats.

A social networker friends can, for example, providing access to personal information or pictures on a profile. That happened to the call girl involved in the recent sex scandal with former New York Governor Eliot Spitzer.

Researchers at Indiana University also published a study last year showing how they are “scraping” student information profiles social network. Pretending to be friends of the people, who then uses the information to mislead students in his university provide username and password in a fake external web site.

If the profile is private or not, users must limit the information since, said Tom Jagatic, one of the researchers and now a senior consultant of information technology at the Massachusetts Institute of Technology.

It is good advice, said Jeremy Miller, a fraud investigator based in Nashville, Tenn., but he wonders how many listen. The uses MySpace and believes that people usually list everything from their admission to the phone numbers on their profiles - and do not even bother to make your profile private.

“It’s a kind of status symbol, so that privacy takes a back seat,” said Miller, who works for Kroll Inc., a risk management consulting firm. “It’s very similar to people saying you should not carry your Social Security card around your wallet.

“But many people still do.”

Written by Admin · Filed Under Internet 

Comments

Got something to say?