Network Security News

The more a human being is implicated in a network activity, the easier is to disclose one's personal data. However, when the data is exposed when it's been guaranteed to be safe, is the obvious and critical problem. Tech Republic elaborates on that in How social networks wreck your online anonymity.

The story goes, one promise of the Internet is the ability to access boundless information with relative anonymity. Those seeking a higher level of privacy can achieve that via open proxies, or specialized services designed for conducting anonymous online activities such as Tor.

A new study by Balachander Krishnamurthy, a researcher at AT&T Labs, and Craig E. Wills, a professor of computer science at the Worcester Polytechnic Institute in Massachusetts, painted a different picture. Indeed, the rise of social networking sites appears to be changing the dynamics of online privacy as we understand it.

Their paper “On the Leakage of Personally Identifiable Information via Online Social Networks” can be accessed online here (PDF). Alternatively, I have summed up the technical root of the issue as well as highlighted some potential repercussions below.
Personally identifiable information

Essentially, the study looked at a total of 12 popular social networking sites: Bebo, Digg, Facebook, Friendster, Hi5, Imeem, LiveJournal, MySpace, Orkut, Twitter, Xanga, and LinkedIn. As you are no doubt already aware, each of these sites contains varying degrees of personally identifiable information (PII) that can be accessible by friends or the general public.

The heart of the issue is how online anonymity will be wrecked should these usernames or IDs ever get leaked to third-party aggregate sites. What are some of these aggregate sites, you ask? Well, how about ad networks like DoubleClick, Google Adsense, Omniture, or analytics services like Google Analytics, WebTrends, and Statcounter.
Leakage via HTTP

The problem here has to do with how the HTTP protocol leaks information via several variables found in the HTTP header, specifically, the information contained within the referral header, request-URI, as well as cookies.

Popular sites such as MySpace or Facebook, for example, will contain advertisements from ad networks. When loading the page, the typical Web browser will also load the ads that appear. When a user is logged in, it will result in his or her ID or username being transmitted in the HTTP request to the unrelated site.

The same goes for when you click a link that takes you outside the site or use any third-party applications (Facebook games) that access external resources via HTTP. Once a user is identified, it is a simple matter to link them with any number of tracking cookies and establish an overview of the sites that they have visited.

Of a slightly lower concern are some sites that have unwisely opted to store identifiable information via cookies.

Looks like there is the only piece of advice: be extremely careful when visiting social networks. All the net threats are available there, and the security means do not differ from those in other areas of the Net. In short: do not open material, if there's at least small suspicion that it can be dangerous. And do not provide personal data in case you aren't obliged to.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.