Privacy and Security Issues in Social Networking

7 October 2008

Fast Company has an article (by Brendan Collins) on Privacy and Security Issues in Social Networking.

The reason social network security and privacy lapses exist results simply from the astronomical amounts of information the sites process each and every day that end up making it that much easier to exploit a single flaw in the system. Features that invite user participation — messages, invitations, photos, open platform applications, etc. — are often the avenues used to gain access to private information, especially in the case of Facebook. Adrienne Felt, a Ph.D. candidate at Berkeley, made small headlines last year when she exposed a potentially devastating hole in the framework of Facebook’s third-party application API (application programming interface) which allows for easy theft of private information. Felt and her co-researchers found that third-party platform applications for Facebook gave developers access to far more information (addresses, pictures, interests, etc.) than needed to run the app.

Will there ever be a security breach-free social network? Probably not. “Any complex system has vulnerabilities in it. It’s just the nature of building something above a certain level of complexity,” says professor Evans. According to Felt, the best idea is a completely private social network. “It simply requires that there’s no gossip in the circle, by which I mean one person who sets their privacy settings so low that third parties can use them to get to their friends.”

“Social networks are great fun, and can be advantageous but people really need to understand that it’s complicated world and you need to step wisely,” Cluley says.