This article is more than 1 year old
Avoid Friendster and its clones, warns security expert
Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation.
"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University.
Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either.
Clarke describes the opt-in data harvesting as "disturbing" - a self-evident observation to anyone outside the self-referential Silicon Valley bubble from which many of these services have arisen - but not a concern to the creators.
The 'social network' sites present opportunities for ruthless marketroids and stalkers. Plaxo, the most notorious example Clarke cites, encouraged users to upload their entire address books to the servers.
"Every IP-address, every email, and every social-network relationship that arises appears to be entirely free of any express contractual constraints."
But Plaxo goes further by offering a weasel-worded privacy'guarantee'. Plaxo states: 'We respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information.' But Clarke notes, "the emphasised words appear to exclude the data that is provided by the user when they upload their address-book, and hence the undertaking does not apply to the data about other people that users gift to the company. This assurance falls desperately far short of real privacy protection."
The faddish websites also offer opportunities to be wrongly accused of nefarious activity.
"Social networks are a primary way in which suspicion is generated about individuals. Acquaintances of terrorists, terrorism suspects, terrorism financiers, terrorist supporters and terrorist sympathisers are at risk of being allocated into a grey zone of terrorist associates. A tag of that kind is potentially as harmful to a person as have been negative categorisations made in previous contexts, such as 'etranger', 'subversive' and 'unamerican'," Clarke notes.
Google's own social networking site Orkut has an innocuous looking privacy page, but as we reported last week, its 'Terms of Service' allow the company to take ideas users express there such as neat algorithms or business plans and use them for its own purposes, royalty free. (Microsoft implemented similar conditions but was forced to drop them after public protest).
But there's another factor just as important as data flows, that almost everyone has over-looked. Social networking profiles flatten the rich diversity of human characteristics into a depressingly flat taxonomy. For example Orkut invites you to express a political inclination from one of ten predictable choices from authoratarian to libertarian.
Since when was political orientation a two-dimensional scale? Aren't values multi-dimensional?
And are there only seven^2 varieties of humor? You can tick as many, but no more options, from a list containing: "campy/cheesy", "goofy/slapstick", "dry/sarcastic", "clever/quick-witted", "friendly", "obscure" (the vast steppes of the surreal are apparently unmappable in this taxonomy), or "raunchy".
What would Borges' say? ®