Feeds

Avoid Friendster and its clones, warns security expert

Privacy grab

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation.

"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University.

Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either.

Clarke describes the opt-in data harvesting as "disturbing" - a self-evident observation to anyone outside the self-referential Silicon Valley bubble from which many of these services have arisen - but not a concern to the creators.

The 'social network' sites present opportunities for ruthless marketroids and stalkers. Plaxo, the most notorious example Clarke cites, encouraged users to upload their entire address books to the servers.

"Every IP-address, every email, and every social-network relationship that arises appears to be entirely free of any express contractual constraints."

But Plaxo goes further by offering a weasel-worded privacy'guarantee'. Plaxo states: 'We respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information.' But Clarke notes, "the emphasised words appear to exclude the data that is provided by the user when they upload their address-book, and hence the undertaking does not apply to the data about other people that users gift to the company. This assurance falls desperately far short of real privacy protection."

The faddish websites also offer opportunities to be wrongly accused of nefarious activity.

"Social networks are a primary way in which suspicion is generated about individuals. Acquaintances of terrorists, terrorism suspects, terrorism financiers, terrorist supporters and terrorist sympathisers are at risk of being allocated into a grey zone of terrorist associates. A tag of that kind is potentially as harmful to a person as have been negative categorisations made in previous contexts, such as 'etranger', 'subversive' and 'unamerican'," Clarke notes.

Google's own social networking site Orkut has an innocuous looking privacy page, but as we reported last week, its 'Terms of Service' allow the company to take ideas users express there such as neat algorithms or business plans and use them for its own purposes, royalty free. (Microsoft implemented similar conditions but was forced to drop them after public protest).

But there's another factor just as important as data flows, that almost everyone has over-looked. Social networking profiles flatten the rich diversity of human characteristics into a depressingly flat taxonomy. For example Orkut invites you to express a political inclination from one of ten predictable choices from authoratarian to libertarian.

Since when was political orientation a two-dimensional scale? Aren't values multi-dimensional?

And are there only seven^2 varieties of humor? You can tick as many, but no more options, from a list containing: "campy/cheesy", "goofy/slapstick", "dry/sarcastic", "clever/quick-witted", "friendly", "obscure" (the vast steppes of the surreal are apparently unmappable in this taxonomy), or "raunchy".

What would Borges' say? ®

Related Link

'Little Black Books' - Roger Clarke

Related Stories

Google revives discredited Microsoft privacy policy for Friendster clone

Business security measures using SSL

More from The Register

next story
Obama HURLS FCC under train, GUTPUNCHES ISPs in net neut battle
US President: 'I want Title II' ... Verizon: 'We want a LAWYER!'
Data protection laws come to the rescue of poor, underpaid UK MPs
Shredding of expenses paperwork sparks cover-up accusations
Brit cops nab six in Silk Road 2.0 drugs sting
Suspects seized across Blighty as police crack down on dark web souk
HP's pet lizard is FERAL PERIL says wildlife group
Calls for boy-and-his-lizard tear-jerker to point out iguanas are illegal in Oz
I am POLICE SERGEANT L. TORVALDS! Stop or I'll SHOOT
Aussie TV show puts Linux founder in new light
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Security management 2.0
It’s time to slay the sacred cow of your substantial SIEM investment, and figure out objectively what offers you the best fit moving forward.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mobile, multilingual, and content authoring
The major changes in Drupal 8 for end users, site builders, designers and front-end developers, and for back-end developers - part 1.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.