May 11, 2009

Facebook: All your privacy belongs to the Internet

Privacy concerns in social networks are not something new. Take for instance Facebook's practice to keep user data after an account is deactivated or their new terms of service policy to name a few. However, even if these problem are resolved, Facebook users still face the risk of having their private content being exposed to the public.

Welcome to the content hopping approach.

Before I jump into describing this approach, let me provide a bit of information regarding Facebook's privacy model. By default the Facebook privacy controls allow a user to specify a predefined list of users that can access various parts of the user's content. The platform uses several such predefined lists:
- The user's friends
- Friend of the user's friends
- Any network which the user has joined
- Everyone

However, Facebook is flexible in defining these lists. Check here for more info.

Hopping through content.

Typically users will limit access to their profile as a whole, but not to individual content. This make sense to a certain extend since a user's profile is often thought as the entrance to the user's content. However, in an era where content is constantly tagged and referenced from various sources, it is hard to clearly define one such "entrance". Assume the scenario where John has posted a photo and has tagged Jane. Anyone who can see Jane's profile can also see John's photo. Furthermore, if John didn't set the privacy controls on his album properly, that anyone can also see John's entire photo album...

With Facebook being 175 million users... a lot of things could be dug up. :)

No comments: