Thursday, February 16, 2012

Social Media Sites Take More Than We Bargain For

Social media sites have been blasted for uploading data without user data, particularly, address book contents, without requesting user consent. The social network Path has received the most flak, uploading sensitive user contact information in plain text. Their CEO has apologized via twitter, and has also stated that they will consider transforming the information by hashing. However, it's interesting to note that this solution was not considered in the first place, seeing as how it's pretty much an industry standard to hash and salt potentially sensitive information. Seeing as how the company uses the addresses simply to find the user's friends who also use the application, storing the data in plain text is completely unnecessary, as you only need to verify that addresses are the same - you don't need to see the text itself.
On top of mere privacy concerns, having access to address books can be a potential safety threat. In particular, the immediate contacts of state officials are very important and private information. In the worst case, acquiring this could be a matter of national security.
Regardless, using address books to find buddies is an innovative idea to better connect app users. Moreover, though most company servers are reported to not store users' contacts, Twitter was found to have stored the contact information on their servers for up to 18 months. This could be very useful in simulating contact networks and seeing how they matched the social networks created by social networking sites like facebook. Obviously, the graph would be much sparser because you have much fewer phone contacts than, say, facebook friends. At the same time, this is probably more reflective of how people are actually connected since their phone contacts are much more likely to be people they talk to on a day-to-day basis. Thus, it's very plausible that this sort of information will be on high demand in the future.
On the other hand, this information is more sensitive than social network information. So, when apps start to notify people that they are mining data from their contact lists, the users are more likely to refuse to send that information, which would produce a less complete and less useful graph. In that respect, it is easy to see the motivation of some companies to not inform the users that they were mining potentially sensitive data from them. However, now that this issue has been brought to light, with all the public outrage and possible legal reprecautions, there's no way that this practice can be continued in secret.


No comments:

Post a Comment