7/28/2019 Social Media the Privacy and Security Reper

1/3

Social Media: The Privacy and Security Repercussions

Johnny Widerlund, June 19, 20103 CommentsWhy Making Google+ Part of your Web Presence & SEO Strategy is a Good Idea by Krista LaRiviere, gShift Labs

More and more people are using social media sites to get the latest news and connect with others.

The more comfortable we become with these sites, the more apt we are to share personal details

about ourselves and let our guard down as we interact with others.

Are we sharing too much private information? Is what we share -- both deliberately and inadvertently

-- and what we click putting our privacy and security at risk?

Our Widespread -- And Growing -- Use of Social Networks

Growing numbers of people around the world are embracing social networks. Facebook has recently

taken the lead as the most visited website in the United States -- and is popular all over the globe,

with over 400 million users worldwide. On the same note, Twitter is said to have more than 100

million users worldwide, and -- a testament to its worldwide user base -- 60 percent of registered

accounts are from outside of the U.S.

Yet, looked at from a privacy and security angle, it's impossible not to also see the potential toll of

this widespread sharing and openness.

Just How Risky is Our Online Behavior?

The facts tell us that the majority of social media users post risky information online, without giving

due diligence to privacy and security concerns. At the same time, cyber criminals are targeting social

network sites with increasing amounts of malware and online scams, honing in on this growing user

base.

According toConsumer Reports' 2010 State of the Net analysismore than half of social network

users share private information about themselves online, opening themselves up to a variety of

online dangers. The key findings of the report include the following:

25 percent of households with a Facebook account don't use the site's privacy controls or

weren't aware of them.

40 percent of social network users posted their full date of birth online, opening themselves

up to identity theft.

9 percent of social network users dealt with a form of abuse within the past year (e.g.,

malware, online scams, identity theft or harassment).

Social Media: 'A Perfect Storm of Social Engineering and Bad Programming'

The values at the core of networking sites -- openess, connecting, and sharing with others --

unfortunately are the very aspects which allow cyber criminals to use these sites as a vector for for

various kinds of bad online behavior. In fact, reports of malware and spam rose an astounding 70

percent on social networks in 2009, according to anindustry reportfrom security firm Sophos.

http://searchenginewatch.com/author/1862/johnny-widerlundhttp://searchenginewatch.com/author/1862/johnny-widerlundhttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/author/1862/johnny-widerlund

7/28/2019 Social Media the Privacy and Security Reper

2/3

"Social networking sites are meant to get as many users in one place as possible on one platform,

and for attackers there's a lot of return-on-investment in going after them,"saidsecurity analyst

Shawn Moyer, aptly describing the climate as a perfect storm of social engineering and bad

programming.

The notoriety of Facebook and Twitter make these social media sites a focal point for privacy

discussions and a prime target for malicious activity. Let's take a more in-depth look at recent

leading privacy and security issues.

'Privacy Loophole' Due to Referrer Headers

Referrer headers, according to Lavasoft Malware Labs security analysts, are commonly used to

distribute malware inSEO poisoning campaigns. For example, when you search for a particular

piece of news being used in a SEO poisoning campaign -- let's call this a "malicious page" -- your

search engine -- let's say Google -- may return a booby-trapped page in the list of results. When you

click on the link for the malicious page, it may check the referrer header of the request to decide

whether to deliver its malicious payload.

In this case, you were referred to that page by Google. If the booby-trapped page is designed toactivate when you arrive at the page via a Google search, it will release its payload. However, if you

typed the URL directly into your browser, there would be no referrer and the malicious page's

payload wouldn't activate.

Lately, referrer headers have been making headlines for an entirely different reason: leaking private

information on social media sites. The Wall Street Journal, citing an AT&T Labs and Worcester

Polytechnic Institute paper, reported that a "privacy loophole" found on social networking sites,

including Facebook and MySpace, allowed for data to be shared with advertisers through referrer

headers sent by browser software -- data that could potentially be used to identify users in spite of

promises from the companies that user information isn't shared without specific consent.

"Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user

ID," explained security researcherBen Edelman. "With default privacy settings, the advertiser can

then see almost all of a user's activity on Facebook, including name, photos, friends, and more."

This information was leaked to the advertisers because Facebook embeds usernames and user IDs

in URLs which are transmitted to advertisers through HTTP referrer headers. Facebook responded

with a message on "Protecting Privacy with Referrers," saying it quickly fixed the issue, which it

called a "potential" problem.

Edelman contends, "I found that a user's username/ID is sent with each and every click in the

affected circumstances. So the problem was substantial, real, and immediate. Facebook errs insuggesting the contrary."

Facebook's Privacy Settings: Controversy and Criticism

You almost need a timeline to keep up with the ongoing critiques that Facebook has faced in recent

months due to its attitude towards users' privacy. In mid-April, criticism was prompted by changes to

the networking site's privacy settings; concern was so great that theFacebook privacydebate caught

the attention of legislators, government officials, as well as privacy groups -- who criticized Facebook

http://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://searchenginewatch.com/3640559http://searchenginewatch.com/3640559http://searchenginewatch.com/3640559http://www.benedelman.org/news/052010-1.html#leakhttp://www.benedelman.org/news/052010-1.html#leakhttp://www.benedelman.org/news/052010-1.html#leakhttp://www.facebook.com/note.php?note_id=392382738919http://www.facebook.com/note.php?note_id=392382738919http://www.facebook.com/note.php?note_id=392382738919http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://www.facebook.com/note.php?note_id=392382738919http://www.benedelman.org/news/052010-1.html#leakhttp://searchenginewatch.com/3640559http://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bn

7/28/2019 Social Media the Privacy and Security Reper

3/3

for not doing enough to protect the privacy of its users. Then, in the end of May, came Facebook

CEO Mark Zuckerberg'sresponseto the controversy, acknowledging that missteps had been made

and reaffirming that the site would simplify its privacy controls.

It still remains to be seen whether the new privacy controls that rolled out in late May will satisfy

privacy pundits and cautious users.

A Wave of 'Likejacking' -- And the Endless Malware Issues

Privacy issues aside, the world's favorite social media sites have also seen more than their fair share

of outright malicious activity, including the spread of viruses, phishing attempts, and other social

engineering ploys aimed at exploiting users' trust.

The latest major wave of attacks -- a form of clickjacking dubbed "likejacking" -- was seen

threatening Facebook users early on in June. According to security reports, hundreds of thousands

of Facebook users began falling for these attacks, where the victim is tricked into clicking a link that

then recommends the site on Facebook -- even when they didn't actively choose to "like" the site.

The ploy isn't part of an active malware or phishing attempt, but it certainly has the potential to beused by hackers to get into your system.

And, Facebook clearly isn't alone in the malware battle. Twitter has faced issues related to its

shortened URLs and the spread of viruses -- and we can be sure that both of these popular social

media sites will remain prime targets for cyber thieves.

Understand the Risks of Social Networks

With this plethora of privacy and security issues in mind -- and the strong likelihood that they will

continue to unfold and develop -- are we ready to give up on social networks? Not likely. Case in

point: "Quit Facebook Day," established by a backlash of privacy and security conscious Facebookusers, only garnered support from a mere 34,000 of the site's 400 million members.

While social networks like Facebook and Twitter may be too ingrained in our daily lives to give up,

we need to understand the risks and take steps to change the way we interact on the Web. After all,

our privacy and security on these sites -- in terms of how much we share with others and what we

consume -- is ultimately up to each of us.

Next Saturday, we'll look at nine ways to control your privacy on social network sites.

Join us forSES San FranciscoAugust 16-20, 2010 duringClickZ's Connected Marketing Week. Thefestival is packed with sessions covering PPC management, keyword research, search engine

optimization (SEO), social media, ad networks and exchanges, e-mail marketing, the real time web,

local search, mobile, duplicate content, multiple site issues, video optimization, site optimization and

usability, while offering high-level strategy, keynotes, an expo floor with 100+ companies, networking

events, parties and more!

http://blog.searchenginewatch.com/100524-112000http://blog.searchenginewatch.com/100524-112000http://blog.searchenginewatch.com/100524-112000http://www.searchenginestrategies.com/sanfrancisco/http://www.searchenginestrategies.com/sanfrancisco/http://www.searchenginestrategies.com/sanfrancisco/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.searchenginestrategies.com/sanfrancisco/http://blog.searchenginewatch.com/100524-112000