Government Technology

Online Social Networks May Leak Personal Information to Tracking Sites


Kids Social Netowrking
Kids Social Netowrking

August 24, 2009 By

Photo: Many youngsters make use of social networking sites.

Social networking and blogging have become more popular than sending email, according to a report from Nielsen. More than two-thirds (67%) of the global online population now goes online to visit social networks and blogs according to Nielsen, one company that monitors and measures more than 90% of global Internet activity to provide clients with "insights about the online universe."

"In recent years the Internet has changed dramatically as people seek more personalized relationships online, explained Charles Buchwalter, SVP, Research and Analytics, Nielsen Online, in a recent analysis "In particular, time spent on social networks and video sites has increased astronomically."

However, there are growing privacy concerns connected with such usage. A new study co-authored by Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI) has found that the practices of many popular social networking sites typically make that personal information available to companies that track Web users' browsing habits and allow them to link anonymous browsing habits to specific people.

This study may be the first to describe a mechanism that tracking sites could use to directly link browsing habits to specific individuals.

"When you sign up with a social networking site, you are assigned a unique identifier," said Wills in a prepared statement. "This is a string of numbers or characters that points to your profile. We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier. So now a tracking site not only has a profile of your Web browsing activities, it can link that profile to the personal information you post on the social networking site. Now your browsing profile is not just of somebody, it is of you."

Like most commercial websites, online social networks use third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors. Cookies are maintained by a Web browser and contain information that enable tracking sites to build profiles of the websites visited by a user. Each time the user visits a new website, the tracking site can review those cookies and serve up ads that might appeal to the user. For example, if the user frequently visits food sites, he or she might see an ad for a new cookbook.

Online networking sites have gone a step further by allowing for transmission of unique identifiers. It is a particularly troubling practice for two reasons, Wills says. "First," he notes. "users put a lot of information about themselves on social networking sites. Second, a lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don't take advantage of them." With a unique identifier, a tracking site could gain access to a user's name, physical address, email address, gender, birth date, educational and employment information, and much more.

With the "leakage" of this type personal information, there is a significant risk of having one's identity linked to an inaccurate or misleading browsing profile. Browsing profiles record the websites a particular computer has accessed, not who was using the computer at the time or why particular sites were chosen.

According to Wills, this leaves room for inaccurate profiling by tracking sites, a situation that has the potential to lead to serious problems. When a computer is used by more than one person, or a person browses for curiosity rather than intent, it leaves room for misinterpretation, he notes. "Tracking sites don't have the ability to know if, for example, a site about cancer was visited out of curiosity, or because the user actually has cancer. Profiling is worrisome on its own, but inaccurate profiling could potentially


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
View All

Featured Papers