As the Web Goes Social, Where Is Privacy?

Google, MySpace, and Facebook have recently announced initiatives to share social networking information with third party sites. Google’s announcement describes Google Friend Connect:

This new service, announced as a preview release tonight at Campfire One, lets non-technical site owners sprinkle social features throughout their websites, so visitors will easily be able to join with their AOL, Google, OpenID, and Yahoo! credentials. You’ll be able to see, invite, and interact with new friends or, using secure authorization APIs, with existing friends from social sites on the web like Facebook, Google Talk, hi5, LinkedIn, orkut, Plaxo, and others.

Facebook similarly describes its initiative:

Facebook Connect is the next iteration of Facebook Platform that allows users to “connect” their Facebook identity, friends and privacy to any site. This will now enable third party websites to implement and offer even more features of Facebook Platform off of Facebook – similar to features available to third party applications today on Facebook.

It adds that key features will be: “Trusted authentication; Real Identity; Friends Access; and Dynamic Privacy.” Myspace’s launch includes some partner sites already:

LOS ANGELES—May 8, 2008—MySpace, the world’s most popular social network, alongside Yahoo!, eBay, Photobucket, and Twitter, today announced the launch of the MySpace ‘Data Availability’ initiative, a ground-breaking offering to empower the global MySpace community to share their public profile data to websites of their choice throughout the Internet. Today’s announcement throws open the doors to traditionally closed networks by putting users in the driver’s seat of their data and Web identit

Data Portability

These are being referred to as advances in “data portability” (see here, and here, for example). Data portability is the name given to the idea that data a user has generated with one vendor can easily be moved to or manipulated by another vendor, without the need for any pre-existing relationships.

There was some promise that data portability might improve privacy. Timothy Lee at Techdirt blogged on how data portability could mitigate privacy issues. I previously blogged about a position paper from ENISA on social networking security recommendations. They noted (pdf):

Many of the threats . . . in particular those relating to data privacy, have arisen because SNSs [Social Network Sites] are extremely centralized (i.e., high numbers of users with few providers). Where users were previously protected by spreading tehr data over many mutually inaccessible repositories, its now collected in a single place. It is currently very difficult to transfer your social network from one provider to another, or to interact between provers. . . . While there are clear commercial reasons behind these trends, the security and usability implications of a centralized and closed data storage model should not be ignored. A possible solution to this problem is portable social networks, which allows users to control and syndicate their own ‘social graph’. . . . At a minimum, it should be possible to export the social graph and its preferences from one providers to another and, ideally, users would have the possibility of complete control over their own social data, syndicating it to providers which created added-value ‘mashup’ applications.

The Promise of Privacy?

So portability holds great promise — users are able to easily move between providers; no one provider is a central point of tracking; and users control where their data goes and presumably who has access to it.

But what is now being billed as “portability” looks quite far from that promise. These systems look like they will allow them to track you as you use several sites, rather than allow you leave existing social networks with your data. That’s not really allowing data to move around — thats just SNSs giving you a long leash. It looks like more, not less decentralization. Instead of you having the security and privacy of having different accounts, different persona, you’ll instead have on single logon for several web services. In fact Facebook seems to tout as an advantage that people will no longer be anonymous, that they’ll be coming in with their entire social graph to new ventures. When privacy activists are telling users to use pseudonyms, to use different logins, this new development is going in a different direction.

I suspect these companies want your entire web experience to be “social.” But more importantly, while logged into them, and while a captive audience to their ads, and all while building up their profiles of personal information so that they can market to you.

Posted: May 20, 2008 in:

Will the FTC Enforce MySpace’s Security Promises?

Recently, Wired revealed a bug in MySpace’s user account security:

A backdoor in MySpace’s architecture allows anyone who’s interested to see the photographs of some users with private profiles — including those under 16 — despite assurances from MySpace that those pictures can only be seen by people on a user’s friends list. Info about the backdoor has been circulating on message boards for months.

The flaw exposes MySpace users who set their profiles to “private” — the default setting for users under 16 — even though MySpace’s account settings page tells users, “Only the people you select will be able to view your full profile and photos.”

A specially constructed URL will display the images, even to those not logged in to MySpace.

In a followup article, it is noted that “MySpace Quietly Fixes Bug that Gave Voyeurs Access to Teens’ Private Photos“:

Barely 24 hours after my story hit the front door of Wired.com, MySpace has, without comment, closed the backdoor, and the websites that were exploiting it are no longer delivering private photos. That seems to leave just two possibilities:

1. MySpace didn’t know this was going on before.

2. MySpace knew about it, but didn’t take action until the press noticed.

From a privacy activist’s perspective though, the question is: what will the Federal Trade Commission do about it? What can they do?

The FTC has the power to prosecute “unfair and deceptive trade practices.” This doctrine has developed to mean they have a role in enforcing privacy promises:

Enforcing Privacy Promises: Section 5 of the FTC Act

A key part of the Commission’s privacy program is making sure companies keep the promises they make to consumers about privacy, including the precautions they take to secure consumers’ personal information. To respond to consumers’ concerns about privacy, many Web sites post privacy policies that describe how consumers’ personal information is collected, used, shared, and secured. Indeed, almost all the top 100 commercial sites now post privacy policies. Using its authority under Section 5 of the FTC Act, which prohibits unfair or deceptive practices, the Commission has brought a number of cases to enforce the promises in privacy statements, including promises about the security of consumers’ personal information.

It looks like MySpace was promising privacy. And it looks like that promise wasn’t being kept. The FTC has gone after poor security promises before. A listing of their privacy cases includes a few examples:

  • Company Failed to Use Reasonable Security Measures to Protect Consumers’ Data
  • Agency Says Company Failed to Protect Sensitive Customer Data
  • Tens of Millions of Consumer Credit and Debit Card Numbers Compromised
  • Agency Says Lax Security Compromised Thousands of Credit and Debit Cards
  • Security Flaws Allowed Hackers to Access Consumers’ Credit Card Information

But these cases all have harms that involve credit card or other such personal information of a financial type. MySpace involved pictures. Will the FTC recognize MySpace’s breach of image security as a harm?

FTC action in this case would send a clear message to social networking operators to respect security and protect the privacy of the data which users are entrusting to them. That data may not be “sensitive” in the financial sense. But it is “sensitive” in that it is deeply personal.

Posted: January 20, 2008 in: