Web

Social networking security scare

Your private details are not as private as you think

September 28th 2007 | Tell us what you think [ 0 comments ]

Facebook: A great way to stay in touch with friends or a government plan to keep an eye on us?

Zoom

The US government's plans for its Total Information Awareness programme terrified privacy activists everywhere in 2002.

TIA's remit was to keep detailed information and know everything about everyone on the planet - all in the name of anti-terrorism. The programme was closed down in 2003, but many people believe it still exists - and its name is Facebook.

The idea of Facebook as a US government project makes a good conspiracy theory, but you don't need a tinfoil hat to realise that its 30-plus million users are storing huge amounts of personal data such as their address and interests on the service.

Share and share alike

If you use it to its full potential, you can share details not just of your interests, but your employment, educational history, sexual orientation, friends and family and even day-to-day activities. If you don't change the default privacy settings, you could be sharing that information not just with people you know but with entire cities or even countries that have made their own groups.

For example, if you join the UK's largest group, the London network, your profile information is visible to a massive 924,921 people at the time of writing.

The easiest way to prevent that data from being shared is to make it friends-only, but that only works if you're selective about the people you accept as Facebook friends, and far too many people aren't.

In August, security firm Sophos set up a fake profile featuring Freddi the Frog, and sent friend requests to 200 randomly selected users. 41 per cent of those approached then made the frog their friend and leaked their personal profile information.

Carole Theriault, senior security consultant with Sophos, explained the reasoning behind Freddi. "People were jumping on the Facebook bandwagon but we were concerned that they weren't thinking about the security aspect," she says. "People often think of making information available to the people they want to show it to, but don't think about those they might want to hide it from."

Fiddling with Facebook

Facebook has improved some of its privacy features but the default settings emphasise sharing rather than privacy. Sophos has published a guide to Facebook's privacy settings, and while much of it seems obvious, that's only because many users don't take even the simplest precautions.