Deleting Social Media Accounts. Running Scared.

In recent months there have been several breaches of individual privacy by social media applications such as Path ( who was stealing your entire address book, including the notes field1). I’ve recently been researching and reading about graph theory of networks and realising just how deep the implications of the data collection goes.

Shredded image 580 wide

In simple terms, with enough data points of even seemingly irrelevant information, it’s possible to derive a very accurate profile of where you live, what you do, who you are, your personality, personal preferences,  and who you interact with. Correlate some more data from a different source, such as Facebook or Twitter, which analyses your sentiment, mood and attitude from keywords in your. The net outcome is that the profile that is built from that data probably knows more about you that you realise about yourself.

Now I don’t have a problem with public information. Ultimately, anyone can see me leave my house in the morning, watch me while I’m shopping, check which newspaper I buy and even what websites I visit if they are close to me. But is quite difficult to gather that information unless you are following me around. Importantly, what happens out of sight remains unknown to outside parties.

Amplification

When companies like Facebook and Google get more data, they can very accurately profile almost everything about you. In far more detail than you, likely, would be comfortable with.

That’s why I’m opting out of most Social Media. I’ve deleted Facebook, Path, Klout and Pinterest accounts – even though I don’t use them.

Why ? Because they still track you through third party cookies. See those sharing buttons at the bottom of this page ? They track you on this page and continue to track you no matter where you go.

Security

Since I do a lot of security consulting, data leakage is a major concern as part of any operational security plan. If a social media website gets hacked/pwned or an employee steals data, then a lot of my personal data is available. A malicious party could use this data to compromise me or my systems and then escalate into a customer site. That’s not a good thing™ at all.

Paranoid ?

Yes, and No. Until I understood what Graph Theory could do for Social Network Analysis I was pretty okay with it. Now ? I’m horrified and more than a little concerned.

There is one other side to this, and that’s the network effect. That is, my network connections leak data about everyone I connect to, and everyone who connects to me. Even if I don’t use the services, they can still join other peoples data to make linkages in the network graph. Scary.

From what I understand, the only way to minimise this is to opt out of most services. It’s simply not possible to use services without be breached.

The EtherealMind View

A lot of these online tools are valuable and useful. I probably can’t stop using them but I can minimise how much I’m sharing. So I’m deleting and cancelling everything that isn’t useful so I can limit the attack vectors. Do you really need your ego stoked by Klout ? What’s the point of Pinterest when a private bookmarking site like Pinboard does the same thing. Use Instapaper instead of something else (again, a private service that doesn’t share data). I use Twitter because it’s open (more or less) and Google Plus (unwillingly).

That’s all I’m doing. I’m avoiding the free services that will monetize by selling my profile/data and choosing to pay for my services where I need to and avoiding everything else.

I’d like to encourage you to do the same. I’m running scared from the impact this might have, especially those things that I cannot forsee.

Postscript

Delete your Klout account here

Delete your Pinterest account by going into settings

I emailed [email protected] and they have promptly deleted my account and claim to have deleted all related data.

You will have to search to work out how to delete your Facebook and Path accounts. Facebook is especially risky because of the sheer scale of their data gathering. You might want to consider researching alternatives to Google services and minimising the use where possible. For example, I regularly (quarterly) delete my web search history in my Google profile.


  1. In discussions, many people have put confidential information into the notes field like birth dates, passwords and much more.  ↩
  • Romans Fomicevs

    oh man, if you consult in security in the same spirits like you wrote this post….
    where is your cold mind? Yep, you can read a lot out there about conspiracy theories… or you can even remember famous film with Terminator-man: “you are erased!” :) but that doesn’t mean you have to be scared! Fear is the tool of control also :) 
    But yes, not overexposing all the info about yourself if a good idea :)

  • Apc

    BTW, deleting accounts from social networks (after you had them) leaves your friends & colleagues open to impersonation attacks. This may backfire and damage your reputation as well. Keeping cookies at bay is much easier, most proper browsers (Chrome, Firefox, Opera) have options/extensions that allow a very fine degree of control on your Internet traces, with FF being, probably, the king because of things like NoScript, etc..

  • Apc

    In fact, the best thing you could probably do is to build an alternate online persona with just enough data to allow people you care for still verify your identity/authenticity, but with rest of the data leading into some kind of honeypot. Home address and phone number pointing to a max security prison is a good one to start with :)