Researchers raise privacy concerns about social-network data
Source: “De-Anonymizing Social Networks”
Arvind Narayanan and Vitaly Shmatikov
IEEE Symposium on Security and Privacy, May 17-20, 2009, Oakland, CA
Results: Researchers from the University of Texas at Austin designed an algorithm that can identify individuals using supposedly anonymous information that social-networking websites could provide to advertisers. In tests using Flickr and Twitter, they were able to assign names to a third of the users who maintained accounts on both sites, with only a 12 percent error rate.
Why it matters: Most social networks plan to make money by sharing data with advertisers. Although personally identifying information such as names and addresses is removed, the new study shows that individuals can still be identified.
Methods: The researchers developed an algorithm that compares publicly available information from one social-networking site–such as a person’s name and list of contacts–with the data that another site might supply to advertisers. The publicly available data is used to help create a map of connections between people. The advertisers’ data is used to create a similar map, with the names, addresses, and other personal information missing. The algorithm can identify features common to both that reveal a person’s identity, even when the maps overlap by as little as 14 percent. The researchers designed the algorithm to start with social-network users who can easily be identified–as few as 30 individuals in 100,000–and then use personal information about those users to fill in details about others.
Next steps: Having demonstrated that the relationship information that makes social-network data useful could also compromise user privacy, the researchers say the solution is to change the privacy laws and corporate practices that govern the sharing of “anonymous” information from such sites.