Security and Privacy in Social Networks


The popularity of social networking sites has increased at astonishing levels. Social Networking websites such as Facebook, Twitter, MySpace and LinkedIn have been growing rapidly within the past few years with now over two billions users. Almost every computer literate person has at least one social network account, and they spend a large amount of their time on social networks each day.
Social networks can be described as web applications. People may use social networking services for different reasons: to network with new contacts, reconnect with former friends, maintain current relationships, build or promote a business or project, participate in discussions about a certain topic, or just have fun meeting and interacting with other users. Some services, such as Facebook and Twitter, have a broad range of users, while others cater to specific interests. For example, LinkedIn has positioned itself as a professional networking site—profiles include resume information, and groups are created to share questions and ideas with peers in similar fields. On the other hand, MySpace is known for its emphasis on music and other entertainment. There are also social networking services that have been designed specifically to reconnect former classmates.
With these social network characteristics and the more aggressiveness of attacker’s methods, privacy and security issues in social networks has become a critical issue in the cyber world. Therefore, this paper will present a survey on privacy and security issues that occur in online social networks. The next section of the paper will present different privacy and security issues in online social networks. The issues include privacy issues, identity theft issues, spam issues, malware issues, and physical threats issues.

What Information is Public? 
There are two kinds of information that can be gathered about a user from a social network: information that is shared and information gathered through electronic tracking.

  • Information a User Shares

    Information a user shares may include:
  • Photos and other media.
  • Age and gender.
  • Biographical information (education, employment history, hometown, etc.).
  • Status updates (also known as posts).
  • Contacts.
  • Interests.
  • Geographical location.
This information becomes public in a variety of ways:
  • A user may choose to post information as “public” (without restricting access via available privacy settings).
  • Certain information may be publicly visible by default.  In some situations, a user may be able to change the privacy settings to make the information “private” -- so that only approved users can view it. Other information must remain public; the user does not have an option to restrict access to it. 
  • A social network can change its privacy policy at any time without a user’s permission. Content that was posted with restrictive privacy settings may become visible when a privacy policy is altered.
  • Approved contacts may copy and repost information – including photos – without a user’s permission, potentially bypassing privacy settings.  
  • Third-party applications that have been granted access may be able to view information that a user or a user’s contacts post privately.  
Social networks themselves do not necessarily guarantee the security of the information that has been uploaded to a profile, even when those posts are set to be private. This was demonstrated in one May 2010 incident during which unauthorized users were able to see the private chat logs of their contacts on Facebook. While this and other similar bugs are usually quickly fixed, there is great potential for taking advantage of leaked information.

  • Information Gathered Through Electronic Tracking

Information may also be gathered from a user’s actions online using “cookies” (short strings of text stored on one’s hard drive).   Some of the purposes of cookies may include:
    • Tracking which websites a user has viewed.
    • Storing information associated with specific websites (such as items in a shopping cart).
    • Tracking movement from one website to another.
    • Building a profile around a user.In fact, a 2009 study conducted by AT&T Labs and Worcester Polytechnic Institute found that the unique identifying code assigned to users by social networks can be matched with behavior tracked by cookies. This means that advertisers and others are able to use information gleaned from social networks to build a profile of a user’s life, including linking browsing habits to one’s true identity. 
Some fraud techniques to watch out for include:
  • Illegitimate third-party applications. These rogue applications may appear similar to other third-party applications but are designed specifically to gather information. This information may be sold to marketers but could also be useful in committing identity theft.   These applications may appear as games, quizzes or questionnaires in the format of “What Kind of Famous Person Are You?”
  • False connection requests. Scammers may create fake accounts on social networks and then solicit others to connect with them.  These fake accounts may use the names of real people, including acquaintances, or may be entirely imaginary.  Once the connection request is accepted, a scammer may be able to see restricted and private information on a user’s profile.

Malware

Malware (malicious software) is a term that describes a wide range of programs that install on a user’s computer often through the use of trickery. Malware can spread quickly on a social network, infecting the computer of a user and then spreading to his or her contacts.  This is because the malware may appear to come from a trusted contact, and thus users are more likely to click on links and/or download malicious programs.  

Some common techniques used in spreading malware include:
  • Shortened URLs, particularly on status update networks or newsfeeds.  These may lead the user to download a virus or visit a website that will attempt to load malware on a user’s computer.
  • Messages that appear to be from trusted contacts that encourage a user to click on a link, view a video or download a file.
  • An email appearing to be from the social network itself, asking for information or requesting a user click on a link. 
  • Third-party applications that infect computers with malicious software and spread it to contacts.  
  • Fake security alerts – applications that pose as virus protection software and inform the user that his or her security software is out-of-date or a threat has been detected.  

Anonymity on Social Networks

Many users of social networks choose to mask their real identities.  This may be done via anonymity (providing no name at all) or pseudonymity (providing a false name).Some people who may prefer an anonymous or pseudonymous persona include, but are not limited to:
  • Individuals with medical conditions who want to discuss symptoms and treatment without creating a public record of their condition
  • Bloggers and activists engaging in political discourse, especially on controversial issues
  • Teachers and childcare workers
  • Medical professionals, including mental health professionals
  • Law enforcement agents, prosecutors, parole and probation officers,  judges, and other court employees
  • Victims of stalking, sexual assault, and domestic violence
  • Children and youth
  • Jobseekers

General Tips for Using Social Networks


§     Delete cookies, including flash cookies, every time you leave a social networking site.
§     Don’t publicize vacation plans, especially the dates you’ll be traveling. Burglars can use this information to rob your house while you are out of town.
§     Be aware that your full birth date, especially the year, may be useful to identity thieves.  Don’t post it, or at a minimum restrict who has access to it.
§     Don’t post your address, phone number or email address on a social network.  Remember scam artists as well as marketing companies may be looking for this kind of information. If you do choose to post any portion of this, use privacy settings to restrict it to approved contacts. 
§     Use caution when using third-party applications.  For the highest level of safety and privacy, avoid them completely.  If you consider using one, review the privacy policy and terms of service for the application. 
§     Take additional precautions if you are the victim of stalking, harassment or domestic violence.
§     In the event that your social networking account is compromised, report it to the site immediately and alert your contacts.  You will need to change passwords, but proceed with caution because your computer security may have been 
§     If you are using a social networking site that offers video chatting, pay attention to the light on your computer that indicates whether or not your webcam is in use. This will help you avoid being "caught on camera" by accident.
§     Be sure to log off from social networking sites when you no longer need to be connected.  This may reduce the amount of tracking of your web surfing and will help prevent strangers from infiltrating your account.
§     Remember that nothing that you post online is temporary.  Anything you post can be cached, stored, or copied and can follow you forever.
§     Check your privacy settings often.  Privacy policies and default settings may change, particularly on Facebook.

Post a comment

0 Comments