We know where you are (Image: William Andrew/Getty)
Even for the most privacy-conscious individual, contacts are a liability and may give away your location
YOU'VE
set your Facebook account to "friends only", your Tweets are protected
and you wouldn't dream of setting a virtual foot near location-sharing
services like Foursquare - in other words, you can feel pretty safe
online, right? Wrong. We all unwittingly leak vital information through
friends.
"You
can actually infer a lot of things about people, even though they are
pretty careful about how they manage their online behaviour," says Adam Sadilek
of the University of Rochester in New York. He has developed a system
for predicting a Twitter user's location by looking at where their
friends are. The tool can correctly place a user within a 100-metre
radius with up to 85 per cent accuracy.
Sadilek
and colleagues turn their target's social network into a predictive
model called a dynamic Bayesian network. At each point in time, the
nodes in the target person's network consist of their friends'
locations, day of the week and the time, and information from these
nodes determines the target's most likely location. Sadilek can also
feed in any existing information about the person's whereabouts to help
improve the model's accuracy.
The
team tested their model on over 4 million tweets from users in Los
Angeles and New York City, who had location data enabled. They found a
couple of weeks of location data on an individual, combined with
location data from their two most sharing friends, is enough to place
that person within a 100-metre radius with 77 per cent accuracy. That
rises to nearly 85 per cent when you combine information from nine
friends. Even someone who has never shared their location can be
pinpointed with 47 per cent accuracy from information available from
two friends, rising to 57 per cent with nine.
Once
the model has a good idea of where some people are, it can use this
data to predict who their friends are, and then use that social network
to pinpoint the whereabouts of even more people.
"You
can imagine looping this process over and over," says Sadilek,
potentially allowing the model to make predictions about every user on
Twitter. Privacy advocates may recoil in horror, but Sadilek claims
this knowledge could have benefits. It could help identify people who
might spread infectious diseases or contact friends nearby to prevent
suicide attempts. He will present the work at the Web Search and Data Mining conference in Seattle next month.
It
is not just Twitter contacts who compromise your privacy. Facebook
friends who share too much could help someone access your account. Last
year Facebook rolled out a new "social authentication" system designed
to block suspicious logins, but computer scientist Hyoungshick Kim and colleagues at the University of Cambridge have discovered some flaws.
Suppose
you normally access Facebook in London, but one day Facebook sees a
login from Australia. You might be on holiday, but it is also possible
a hacker has got hold of your password, so Facebook's social
authentication system blocks these logins unless you can identify
photos of your friends.
It
seems secure, but Kim points out it only protects you against strangers
- a jealous spouse would easily be able to identify mutual friends, for
example. Kim's research shows that using photos from non-overlapping
communities could prevent this, but that is no good if your friends
share their photos publicly, as many people on Facebook do. A
determined person could easily gather such photos to create a database
of your friend's faces, then use facial recognition software to
identify the social authentication photos.
Kim
suggests that indiscrete friends should be removed from the social
authentication system, but even that wouldn't help a specific group of
social networkers: celebrities, whose friends are likely to be
recognisable. Kim will present the work at the Financial Cryptography and Data Security conference on the island of Bonaire in the Caribbean next month.
Even
with your friends under control, a software bug could still expose your
private data - as Facebook CEO Mark Zuckerberg himself found out
recently when a glitch revealed his photos to the world. To solve this, researchers at the Massachusetts Institute of Technology have come up with a new programming language called Jeeves that automatically enforces privacy policies.
Programmers
have to explicitly ensure data flowing through their software obeys
necessary privacy policies, but it is easy to slip up and let
information leak out. Jeeves solves that by substituting the value of
variables within the software depending on who the user is. For
example, say Alice posts a message but doesn't want anyone but herself
to see who wrote it. The programmer can use the variable "author"
without worrying what the user sees - when the software runs, Jeeves
ensures Alice will see her own name, but everyone else logging in will
see "Anonymous".
Jean Yang,
who helped develop Jeeves, says the new language lets a programmer
delegate privacy responsibilities and concentrate on the actual
function of their code, much like a party host might entrust their
butler with ensuring the needs of each guest are met so they can spend
more time socialising.
Why the weakest links count most
Facebook is more than just an online "echo chamber" in which users just repeat views that match their own, according to a new study from the social network's own data team.Facebook's Eytan Bakshy divided the friends of 253 million Facebook users into "strong" or "weak" ties. Cumulatively, the researchers found that most of the information shared comes predominately through a user's weak ties, simply because we have many more weak ties than strong ones. That's important, argues Bakshy, because friends with weaker ties are more likely to read and share material that you would not otherwise encounter: "The information they are sharing is more novel."
http://www.newscientist.com/
No comments:
Post a Comment