Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The dangers of posting sensitive personal information on social-networking sites are well known, but a researcher has now revealed how data mining these sites can dig up undisclosed personal information.

On Wednesday, in a presentation at the Black Hat computer-security conference in Las Vegas, Nitesh Dhanjani detailed how the information posted on social websites like Facebook and Twitter can be mined to find out a person’s whereabouts and activities.

Dhanjani showed data-collection programs that can be created using the programming tools released by such sites. For instance, he showed how to track the movements of politicians and celebrities using Twitter, by mining the service for relevant geographical information. Earlier this year, Republican congressman Pete Hoekstra was criticized for posting information on Twitter that revealed his location while traveling in Iraq.

Dhanjani also showed how to work out what software a person uses to post to Twitter; this information could help an attacker hack into that person’s account, he said.

Sensitive business information can also be revealed by mining social-network connections, Dhanjani said. For example, if there’s a rumor that two companies are in talks for a merger, an interested party could watch the business-networking site LinkedIn for connections between company employees. If a higher-than-average number of connections start forming, this might help to confirm the rumors.

With some social sites, a snooper needs to befriend someone in order to view her personal connections. But last year, two computer-security consultants–Nathan Hamiel of Hexagon Security Group and Shawn Moyer of Agura Digital Security–showed how this can be done by finding a friend of the target who doesn’t yet have a profile and creating a fake one. At that point, the target’s friends will often initiate a social connection themselves.

“The more powerful you are, the more the secrecy of your address book is important,” Dhanjani said, since an attacker can build up significant information about a target just by gaining access to the network.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, Twitter, privacy, social networks, location tracking

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me