Feeds

Avoid Friendster and its clones, warns security expert

Privacy grab

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation.

"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University.

Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either.

Clarke describes the opt-in data harvesting as "disturbing" - a self-evident observation to anyone outside the self-referential Silicon Valley bubble from which many of these services have arisen - but not a concern to the creators.

The 'social network' sites present opportunities for ruthless marketroids and stalkers. Plaxo, the most notorious example Clarke cites, encouraged users to upload their entire address books to the servers.

"Every IP-address, every email, and every social-network relationship that arises appears to be entirely free of any express contractual constraints."

But Plaxo goes further by offering a weasel-worded privacy'guarantee'. Plaxo states: 'We respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information.' But Clarke notes, "the emphasised words appear to exclude the data that is provided by the user when they upload their address-book, and hence the undertaking does not apply to the data about other people that users gift to the company. This assurance falls desperately far short of real privacy protection."

The faddish websites also offer opportunities to be wrongly accused of nefarious activity.

"Social networks are a primary way in which suspicion is generated about individuals. Acquaintances of terrorists, terrorism suspects, terrorism financiers, terrorist supporters and terrorist sympathisers are at risk of being allocated into a grey zone of terrorist associates. A tag of that kind is potentially as harmful to a person as have been negative categorisations made in previous contexts, such as 'etranger', 'subversive' and 'unamerican'," Clarke notes.

Google's own social networking site Orkut has an innocuous looking privacy page, but as we reported last week, its 'Terms of Service' allow the company to take ideas users express there such as neat algorithms or business plans and use them for its own purposes, royalty free. (Microsoft implemented similar conditions but was forced to drop them after public protest).

But there's another factor just as important as data flows, that almost everyone has over-looked. Social networking profiles flatten the rich diversity of human characteristics into a depressingly flat taxonomy. For example Orkut invites you to express a political inclination from one of ten predictable choices from authoratarian to libertarian.

Since when was political orientation a two-dimensional scale? Aren't values multi-dimensional?

And are there only seven^2 varieties of humor? You can tick as many, but no more options, from a list containing: "campy/cheesy", "goofy/slapstick", "dry/sarcastic", "clever/quick-witted", "friendly", "obscure" (the vast steppes of the surreal are apparently unmappable in this taxonomy), or "raunchy".

What would Borges' say? ®

Related Link

'Little Black Books' - Roger Clarke

Related Stories

Google revives discredited Microsoft privacy policy for Friendster clone

Internet Security Threat Report 2014

More from The Register

next story
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.