- Category: March - April 2009
Living in the virtual world has become part of our everyday life. Many people cannot imagine a day going pass without checking their notifications on Facebook or finding new suitable business contacts on Xing. Why do so many of us spend so much of our free time surfing around social networks and contacting people whom we could see in person?
This is especially more puzzling since not only do we find out things about others, but at the same time, also release a lot of our own personal information such as private pictures and personal contacts. Most of the time we are not even really sure what will happen to these personal details of ours, who sees them and how they may be used without our knowledge let alone consent. A key question therefore arises: Just how are Social Networks?
The German Fraunhofer Institute for Secure Information Technology SIT, a leading expert for IT Security and a developer of solutions for immediate use, geared to customer’s needs, recently developed a study that aims to gain a deeper insight into the biggest, more popular social networks. To do this, the Institute examined the mechanisms that should assure users privacy, while at the same time, discovering which type of private data is saved and used by the networks.
One of the study’s main intentions was to give advice to users on how to use these platforms in a privacy-protecting manner. At the same time, the study also suggested methods in improving privacy protection in social networks.
It is important that the tests took place from the perspective of a normal internet user and that the criteria applied equally to every network. It’s also interesting that none of the tested networks convinced entirely but more importantly, the SIT has advised that there are networks that should be avoided.
During the study there was a separation into two categories: one examined private networks such as Facebook and Myspace and the other section observed the more business orientated ones including Xing and LinkedIn. The test-persons logged in as normal users, so that they were able to move around the platform as everybody else. Subsequently, they worked as attackers to hack their own profiles which were created beforehand, trying to get as much personal data as possible.
Here are some of the key takeaways of the study’s results:
None of the networks were able to convince entirely when it came to login security concerns. Also, SIT found out that a lot of data which is asked by the networks at the first sign-in such as zip codes, domicile or the birth date are really dispensable. On the other hand, it acknowledged that business platforms like Xing and LinkedIn need a more comprehensive dataset in order to fully utilize and meet their users’ needs.
To use a platform with a pseudonym is only possible with Myspace and LinkedIn. But only LinkedIn offers a really developed system which allows navigating without showing the real identity of users.
The encryption of users’ data is another area of concern. Only Xing is able to protect their users with a system of encryption. Facebook and LinkedIn only encrypt the sign-in procedure, which is not enough because this is easily hacked. Some other social network sites like Myspace simply do not offer any kind of encryption, in other words, protection for users at all.
External access to multimedia data
With knowledge of the URL, there is the possibility to gain access to all media data like pictures and videos. But the networks assume that the encrypted URLs are difficult to find out and therefore pose no danger. But the SIT has discovered that with the beta version of Polar Rose, a specialized software, there is the chance that confidential hyperlinks get revealed.
Xing offers an extensive search function, which has a negative impact on the user, because there is no access controlling mechanism. The same problem is also found in LinkedIn, but the problem here is not so bad due to the pseudonym function. Facebook did relatively well here since access control on this tool can be managed by the user himself.
Wanting to delete a profile is no problem with Myspace and LinkedIn as after some mouse clicks the once active profile is deleted. In contrast, deleting a profile is more complex on Xing while Facebook doesn’t eliminate the profile at all, only simply deactivates it. To get a permanent delete here, you have to search extensively to find out how through the “help” section.
Advice to social network users
Summing-up, the study has come up with some sound advice and results that should be mentioned. Firstly, it’s important to try to not use social networks while navigating through the internet in an open accessible wireless network. Also, users shouldn’t leave private information on business platforms. After the first login to a new network, everyone should reset the privacy settings to more restrictive conditions. This is especially so when it comes to which type of data is shown/revealed, and this has to be deactivated at the very beginning. To help increase their own privacy, every user should use only one identity for each network, this means e.g. not trying to be a student and an employee in the same network.
In conclusion, there has to be said, that the perfect, secure social network doesn’t exist. Like the study says, while Facebook and Xing had good results, this doesn’t mean that they fulfill every criterion that the study established. One should always be aware of the consequences that a lack of or lapse in security may cause and choose the best platform that fits best to their own needs.
By Laura Veronesi