Social networking privacy – inviting your friends to sign up
This post on social networking sites’ data privacy follows on from three previous articles:
- Social networking privacy and data issues
- Social networking privacy issues – signing up
- Social networking privacy – where are your details stored?
Let’s say for argument’s sake that you think that all this privacy stuff is fair and you sign up for some of these sites. You have a great time posting your latest weekend exploits and personal interests (maybe you care to include your mother’s maiden name and your date of birth to live a little dangerously) and you think that your friends will all want to join in the fun. Well, as luck would have it, the jolly nice people at Facebook, MySpace, Bebo, YouTube, Flickr, Windows Live Spaces, Friends Reunited and LinkedIn have considered that and can kindly provide you with a link that you can send to your friends to let them know what they’re missing out on. Of course, it would be just as simple for you to email your friends yourself from your email account including the URL of the sites that you’re using, rather than using these invitation services provided by so many social networking sites. But if you did that, they wouldn’t get hold of your friends’ details, would they.
All of the sites that I investigated offered these ‘invite a friend’ services, but not one of them states how or where that information is stored. Facebook says that your friend can email them to remove their details from their database and LinkedIn says that the email addresses will only be used to send invitations, but it doesn’t say anything about data storage. So, potentially, you could not only be exposing yourself to identity theft, stalkers, account compromise and goodness knows what else, but you may also be potentially doing the same to your friends by providing their names and email addresses. Nice.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
It gets worse, depending on the service.
I recently blogged about rapleaf, which uses a combination of scare-spamming and address-book-crawling to build out its database:
Rapleaf Spams You Then Asks for More Addresses to Spam
The larger problem with rapleaf, in particular, is that it’s very aggressive about aggregating and normalizing the social networking data it gathers. Such that if a friend of yours innocently uploads address book information and happens to have two address book entries for you representing identities you try to keep separate, rapleaf would uncover that connection and possibly publicize it.
Mike, would be interesting to see if they mention this in their terms of service.
By the way, your blog looks great.
As far as individuals are concerned yes I agree we all need to be more careful about what info we put out there. Although we have privacy laws we should in theory be protected by I really think the social networking companies should be held accountable for what happens with our personal data.
If my info is “sold” (which I no doubt believe it has been many times over) I should at least receive a “cut” of the pie!
Sarah, first of all this is a great series of articles.
To me this is such a difficult question: How do you protect people’s personal data when they give it out freely? I think it requires the joint-responsibility of the social network service and the user.