Social Media: The Privacy and Security Repercussions

Johnny Widerlund, June 19, 20103 Comments
•Why Making Google+ Part of your Web Presence & SEO Strategy is a Good Idea by Krista LaRiviere, gShift Labs

More and more people are using social media sites to get the latest news and connect with others. The more comfortable we become with these sites, the more apt we are to share personal details about ourselves and let our guard down as we interact with others. Are we sharing too much private information? Is what we share -- both deliberately and inadvertently -- and what we click putting our privacy and security at risk? Our Widespread -- And Growing -- Use of Social Networks Growing numbers of people around the world are embracing social networks. Facebook has recently taken the lead as the most visited website in the United States -- and is popular all over the globe, with over 400 million users worldwide. On the same note, Twitter is said to have more than 100 million users worldwide, and -- a testament to its worldwide user base -- 60 percent of registered accounts are from outside of the U.S. Yet, looked at from a privacy and security angle, it's impossible not to also see the potential toll of this widespread sharing and openness. Just How Risky is Our Online Behavior? The facts tell us that the majority of social media users post risky information online, without giving due diligence to privacy and security concerns. At the same time, cyber criminals are targeting social network sites with increasing amounts of malware and online scams, honing in on this growing user base. According to Consumer Reports' 2010 State of the Net analysis more than half of social network users share private information about themselves online, opening themselves up to a variety of online dangers. The key findings of the report include the following:  25 percent of households with a Facebook account don't use the site's privacy controls or weren't aware of them.

40 percent of social network users posted their full date of birth online, opening themselves up to identity theft.

9 percent of social network users dealt with a form of abuse within the past year (e.g., malware, online scams, identity theft or harassment). Social Media: 'A Perfect Storm of Social Engineering and Bad Programming' The values at the core of networking sites -- openess, connecting, and sharing with others -unfortunately are the very aspects which allow cyber criminals to use these sites as a vector for for various kinds of bad online behavior. In fact, reports of malware and spam rose an astounding 70 percent on social networks in 2009, according to an industry report from security firm Sophos.

referrer headers have been making headlines for an entirely different reason: leaking private information on social media sites. In this case. when you search for a particular piece of news being used in a SEO poisoning campaign -. it may check the referrer header of the request to decide whether to deliver its malicious payload. if you typed the URL directly into your browser.let's call this a "malicious page" -. and immediate. "I found that a user's username/ID is sent with each and every click in the affected circumstances. Lately. So the problem was substantial. However.let's say Google -. photos. the advertiser can then see almost all of a user's activity on Facebook. and for attackers there's a lot of return-on-investment in going after them." Facebook's Privacy Settings: Controversy and Criticism You almost need a timeline to keep up with the ongoing critiques that Facebook has faced in recent months due to its attitude towards users' that could potentially be used to identify users in spite of promises from the companies that user information isn't shared without specific consent. allowed for data to be shared with advertisers through referrer headers sent by browser software -. and more." said security analyst Shawn Moyer.your search engine -." This information was leaked to the advertisers because Facebook embeds usernames and user IDs in URLs which are transmitted to advertisers through HTTP referrer headers. as well as privacy groups -. including name. If the booby-trapped page is designed to activate when you arrive at the page via a Google search. there would be no referrer and the malicious page's payload wouldn't activate. real.may return a booby-trapped page in the list of results. 'Privacy Loophole' Due to Referrer Headers Referrer headers. it will release its payload. "With default privacy settings. including Facebook and MySpace. When you click on the link for the malicious page. Facebook responded with a message on "Protecting Privacy with Referrers. you were referred to that page by Google."Social networking sites are meant to get as many users in one place as possible on one platform. which it called a "potential" problem. For example. Let's take a more in-depth look at recent leading privacy and security issues. reported that a "privacy loophole" found on social networking sites. citing an AT&T Labs and Worcester Polytechnic Institute paper. are commonly used to distribute malware in SEO poisoning campaigns. Facebook errs in suggesting the contrary. criticism was prompted by changes to the networking site's privacy settings. concern was so great that the Facebook privacydebate caught the attention of legislators. The Wall Street Journal. The notoriety of Facebook and Twitter make these social media sites a focal point for privacy discussions and a prime target for malicious activity. government officials. In mid-April. according to Lavasoft Malware Labs security analysts. Edelman contends. "Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. friends.who criticized Facebook ." explained security researcher Ben Edelman. aptly describing the climate as a perfect storm of social engineering and bad programming." saying it quickly fixed the issue.

According to security reports. Case in point: "Quit Facebook Day. Then.even when they didn't actively choose to "like" the site. The ploy isn't part of an active malware or phishing attempt.was seen threatening Facebook users early on in June. our privacy and security on these sites -. multiple site issues.and the strong likelihood that they will continue to unfold and develop -. mobile. The latest major wave of attacks -.for not doing enough to protect the privacy of its users. Next Saturday. keynotes. While social networks like Facebook and Twitter may be too ingrained in our daily lives to give up. in the end of May. 2010 during ClickZ's Connected Marketing Week. And. search engine optimization (SEO).in terms of how much we share with others and what we consume -. only garnered support from a mere 34. It still remains to be seen whether the new privacy controls that rolled out in late May will satisfy privacy pundits and cautious users. hundreds of thousands of Facebook users began falling for these attacks. ad networks and exchanges. duplicate content. Join us for SES San Francisco August 16-20. Facebook clearly isn't alone in the malware battle. the world's favorite social media sites have also seen more than their fair share of outright malicious activity. we'll look at nine ways to control your privacy on social network sites.000 of the site's 400 million members.are we ready to give up on social networks? Not likely. Understand the Risks of Social Networks With this plethora of privacy and security issues in mind ultimately up to each of us. keyword research. an expo floor with 100+ companies. e-mail marketing. came Facebook CEO Mark Zuckerberg's response to the controversy. local search. The festival is packed with sessions covering PPC management. networking events. the real time web. parties and more! .And the Endless Malware Issues Privacy issues aside.and we can be sure that both of these popular social media sites will remain prime targets for cyber thieves. After all. acknowledging that missteps had been made and reaffirming that the site would simplify its privacy controls. including the spread of viruses. where the victim is tricked into clicking a link that then recommends the site on Facebook -. phishing attempts. but it certainly has the potential to be used by hackers to get into your system.a form of clickjacking dubbed "likejacking" -. we need to understand the risks and take steps to change the way we interact on the Web." established by a backlash of privacy and security conscious Facebook users. while offering high-level strategy. site optimization and usability. Twitter has faced issues related to its shortened URLs and the spread of viruses -. A Wave of 'Likejacking' -. social media. and other social engineering ploys aimed at exploiting users' trust. video optimization.

Sign up to vote on this title
UsefulNot useful