Craig Wills, professor of computer science at WPI, participated in a Federal Trade Commission (FTC) panel on online privacy on Dec. 7 in Washington, D.C. He was selected because his research has demonstrated that more than half a billion social network users are at risk of having their personal information "leaked" to third-party sites that track their web browsing habits.
The panel was the first of a series of daylong public roundtable discussions the FTC is holding to explore the privacy challenges posed by technology and business practices, including social networking, cloud computing, and online behavioral advertising, that collect and use consumer data. The goal is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation.
The other participants on the online behavioral advertising panel were Jeff Chester, executive director of the Center for Digital Democracy; Amina Fazlullah, Counsel for U.S. PIRG; Dave Morgan, CEO of Simulmedia Inc.; Zoe Strickland, vice president and Chief Privacy Officer for Wal-Mart; Berin Szoka, director of the Center for Internet Freedom at the Progress & Freedom Foundation; Omar Tawakol, CEO of BlueKai; and Linda Woolley, executive vice president for government affairs for the Direct Marketing Association. The discussion will be moderated by Peder Magee and Michelle Rosenthal of the FTC's Division of Privacy and Identity Protection.
A recent study coauthored by Wills found that the practices of many popular social networking sites make the personal information that hundreds of millions of users post on the sites available to companies that track Web users' browsing habits, allowing them to link anonymous browsing habits to specific people. The study was the first to describe a mechanism that tracking sites could use to directly link browsing habits to specific individuals.
Specifically, the study showed that when social networking sites pass information to tracking sites about a user's activities, they often include the user's unique identifier--a string of numbers or characters that points to their online profile. With this unique identifier, the tracking site can link the personal information in that profile (such items as user's name, physical address, email address, gender, birth date, educational and employment information) to data it has already gathered on the Web sites that the user has visited. "Now your browsing profile is not just of somebody," Wills says. "It is of you."
Like most commercial websites, online social networks use third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors. The third-party sites track browsing behavior using Cookies. Cookies are maintained by a web browser and contain information that enable tracking sites to build profiles of the websites visited by a user. Each time the user visits a new website, the tracking site can review those cookies and serve up ads that might appeal to the user. For example, if the user frequently visits food sites, he or she might see an ad for a new cookbook.
Social networking sites have gone a step further by allowing for transmission of unique identifiers. It is a particularly troubling practice for two reasons, Wills says. "First," he notes, "users put a lot of information about themselves on social networking sites. Second, a lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don't take advantage of them."
Privacy "leakage" by social networking sites raises the possibility of a user's identity being linked to an inaccurate or misleading browsing profile (for example, when a computer is used by more than one person, or a person browses for curiosity rather than intent). "Tracking sites don't know, for example, if a site about cancer was visited out of curiosity, or because the user actually has cancer," Wills says. "Inaccurate profiling could potentially lead to issues with employment, health care coverage, or other areas of our personal lives."
Wills says the researchers do not know what, if anything, tracking sites do with the unique identifiers that social networks transmit to them. They informed all of the sites they studied about their findings, but have not heard back officially from any. "We are not saying that they are necessarily trying to leak private information," he says. "But once someone is in possession of your unique identifier, there is so much they can learn about you."
The researchers also note that while users of social networking sites can protect themselves to some degree by limiting the amount of information they post and using the protections the sites make available to them to limit access to their information, the easiest way to prevent privacy leakage would be for social networking sites to stop making unique identifiers visible.
View the full study here:
http://conferences.sigcomm.org/sigcomm/2009/workshops/wosn/papers/p7.pdf