In recent months there have been several breaches of individual privacy by social media applications such as Path ( who was stealing your entire address book, including the notes field1). I’ve recently been researching and reading about graph theory of networks and realising just how deep the implications of the data collection goes.
In simple terms, with enough data points of even seemingly irrelevant information, it’s possible to derive a very accurate profile of where you live, what you do, who you are, your personality, personal preferences, and who you interact with. Correlate some more data from a different source, such as Facebook or Twitter, which analyses your sentiment, mood and attitude from keywords in your. The net outcome is that the profile that is built from that data probably knows more about you that you realise about yourself.
Now I don’t have a problem with public information. Ultimately, anyone can see me leave my house in the morning, watch me while I’m shopping, check which newspaper I buy and even what websites I visit if they are close to me. But is quite difficult to gather that information unless you are following me around. Importantly, what happens out of sight remains unknown to outside parties.
When companies like Facebook and Google get more data, they can very accurately profile almost everything about you. In far more detail than you, likely, would be comfortable with.
That’s why I’m opting out of most Social Media. I’ve deleted Facebook, Path, Klout and Pinterest accounts – even though I don’t use them.
Why ? Because they still track you through third party cookies. See those sharing buttons at the bottom of this page ? They track you on this page and continue to track you no matter where you go.
Since I do a lot of security consulting, data leakage is a major concern as part of any operational security plan. If a social media website gets hacked/pwned or an employee steals data, then a lot of my personal data is available. A malicious party could use this data to compromise me or my systems and then escalate into a customer site. That’s not a good thing™ at all.
There is one other side to this, and that’s the network effect. That is, my network connections leak data about everyone I connect to, and everyone who connects to me. Even if I don’t use the services, they can still join other peoples data to make linkages in the network graph. Scary.
From what I understand, the only way to minimise this is to opt out of most services. It’s simply not possible to use services without be breached.
The EtherealMind View
A lot of these online tools are valuable and useful. I probably can’t stop using them but I can minimise how much I’m sharing. So I’m deleting and cancelling everything that isn’t useful so I can limit the attack vectors. Do you really need your ego stoked by Klout ? What’s the point of Pinterest when a private bookmarking site like Pinboard does the same thing. Use Instapaper instead of something else (again, a private service that doesn’t share data). I use Twitter because it’s open (more or less) and Google Plus (unwillingly).
That’s all I’m doing. I’m avoiding the free services that will monetize by selling my profile/data and choosing to pay for my services where I need to and avoiding everything else.
I’d like to encourage you to do the same. I’m running scared from the impact this might have, especially those things that I cannot forsee.
Delete your Klout account here
Delete your Pinterest account by going into settings
I emailed firstname.lastname@example.org and they have promptly deleted my account and claim to have deleted all related data.
You will have to search to work out how to delete your Facebook and Path accounts. Facebook is especially risky because of the sheer scale of their data gathering. You might want to consider researching alternatives to Google services and minimising the use where possible. For example, I regularly (quarterly) delete my web search history in my Google profile.
- In discussions, many people have put confidential information into the notes field like birth dates, passwords and much more. ↩