Even for the most privacy-conscious individual, contacts are a liability and may give away your location
YOU'VE set your Facebook account to "friends only", your Tweets are protected and you wouldn't dream of setting a virtual foot near location-sharing services like Foursquare - in other words, you can feel pretty safe online, right? Wrong. We all unwittingly leak vital information through friends.
"You can actually infer a lot of things about people, even though they are pretty careful about how they manage their online behaviour," says Adam Sadilek of the University of Rochester in New York. He has developed a system for predicting a Twitter user's location by looking at where their friends are. The tool can correctly place a user within a 100-metre radius with up to 85 per cent accuracy.
Sadilek and colleagues turn their target's social network into a predictive model called a dynamic Bayesian network. At each point in time, the nodes in the target person's network consist of their friends' locations, day of the week and the time, and information from these nodes determines the target's most likely location. Sadilek can also feed in any existing information about the person's whereabouts to help improve the model's accuracy.
The team tested their model on over 4 million tweets from users in Los Angeles and New York City, who had location data enabled. They found a couple of weeks of location data on an individual, combined with location data from their two most sharing friends, is enough to place that person within a 100-metre radius with 77 per cent accuracy. That rises to nearly 85 per cent when you combine information from nine friends. Even someone who has never shared their location can be pinpointed with 47 per cent accuracy from information available from two friends, rising to 57 per cent with nine.
Once the model has a good idea of where some people are, it can use this data to predict who their friends are, and then use that social network to pinpoint the whereabouts of even more people.
"You can imagine looping this process over and over," says Sadilek, potentially allowing the model to make predictions about every user on Twitter. Privacy advocates may recoil in horror, but Sadilek claims this knowledge could have benefits. It could help identify people who might spread infectious diseases or contact friends nearby to prevent suicide attempts. He will present the work at the Web Search and Data Mining conference in Seattle next month.
It is not just Twitter contacts who compromise your privacy. Facebook friends who share too much could help someone access your account. Last year Facebook rolled out a new "social authentication" system designed to block suspicious logins, but computer scientist Hyoungshick Kim and colleagues at the University of Cambridge have discovered some flaws.
Suppose you normally access Facebook in London, but one day Facebook sees a login from Australia. You might be on holiday, but it is also possible a hacker has got hold of your password, so Facebook's social authentication system blocks these logins unless you can identify photos of your friends.
It seems secure, but Kim points out it only protects you against strangers - a jealous spouse would easily be able to identify mutual friends, for example. Kim's research shows that using photos from non-overlapping communities could prevent this, but that is no good if your friends share their photos publicly, as many people on Facebook do. A determined person could easily gather such photos to create a database of your friend's faces, then use facial recognition software to identify the social authentication photos.
Kim suggests that indiscrete friends should be removed from the social authentication system, but even that wouldn't help a specific group of social networkers: celebrities, whose friends are likely to be recognisable. Kim will present the work at the Financial Cryptography and Data Security conference on the island of Bonaire in the Caribbean next month.
Even with your friends under control, a software bug could still expose your private data - as Facebook CEO Mark Zuckerberg himself found out recently when a glitch revealed his photos to the world. To solve this, researchers at the Massachusetts Institute of Technology have come up with a new programming language called Jeeves that automatically enforces privacy policies.
Programmers have to explicitly ensure data flowing through their software obeys necessary privacy policies, but it is easy to slip up and let information leak out. Jeeves solves that by substituting the value of variables within the software depending on who the user is. For example, say Alice posts a message but doesn't want anyone but herself to see who wrote it. The programmer can use the variable "author" without worrying what the user sees - when the software runs, Jeeves ensures Alice will see her own name, but everyone else logging in will see "Anonymous".
Jean Yang, who helped develop Jeeves, says the new language lets a programmer delegate privacy responsibilities and concentrate on the actual function of their code, much like a party host might entrust their butler with ensuring the needs of each guest are met so they can spend more time socialising.
Why the weakest links count most
Facebook is more than just an online "echo chamber" in which users just repeat views that match their own, according to a new study from the social network's own data team.
Facebook's Eytan Bakshy divided the friends of 253 million Facebook users into "strong" or "weak" ties. Cumulatively, the researchers found that most of the information shared comes predominately through a user's weak ties, simply because we have many more weak ties than strong ones. That's important, argues Bakshy, because friends with weaker ties are more likely to read and share material that you would not otherwise encounter: "The information they are sharing is more novel."
If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.
Have your say
Only subscribers may leave comments on this article. Please log in.
Only personal subscribers may leave comments on this article
Subscribe now to comment.
All comments should respect the New Scientist House Rules. If you think a particular comment breaks these rules then please use the "Report" link in that comment to report it to us.
If you are having a technical problem posting a comment, please contact technical support.
lee corso lee corso thanksgiving appetizers greg jennings thanksgiving recipes thanksgiving recipes mashed potato recipe
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.