Washington, Aug 25 (Inditop.com) Personal information, shared by half a billion people on social networking sites, might be leaked to companies wanting to take advantage of their browsing habits and even specific identities, says a new study.
“When you sign up with a social networking site, you are assigned a unique identifier,” said Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI), who conducted the study with an industry colleague.
“This is a string of numbers or characters that points to your profile. We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier.”
“So now a tracking site not only has a profile of your web browsing activities, it can link that profile to the personal information you post on the social networking site. Now your browsing profile is not just of somebody, it is of you,” added Wills.
Like most commercial web sites, online social networks use third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors.
Cookies are maintained by a web browser and contain information that enable tracking sites to build profiles of the web sites visited by a user.
Each time the user visits a new web site, the tracking site can review those cookies and serve up ads that might appeal to the user. For example, if the user frequently visits food sites, he or she might see an ad for a new cookbook.
Online networking sites have gone a step further by allowing for transmission of unique identifiers. It is a particularly troubling practice for two reasons, Wills said.
“First, users put a lot of information about themselves on social networking sites. Second, a lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don’t take advantage of them,” added Wills.
With a unique identifier, a tracking site could gain access to a user’s name, physical address, e-mail address, gender, birth date, educational and employment information, and much more.
With the “leakage” of this type of personal information, there is a significant risk of having one’s identity linked to an inaccurate or misleading browsing profile.
These results were presented in Barcelona at the Workshop on Online Social Networks, part of the annual conference of the Association for Computing Machinery’s Special Interest Group on Data Communications.