Online social networks leak personal information to tracking sites, new study shows

August 24, 2009,

More than a half billion people use online social networks, posting vast amounts of information about themselves to share with online friends and colleagues. A new study co-authored by a researcher at Worcester Polytechnic Institute (WPI) has found that the practices of many popular social networking sites typically make that personal information available to companies that track Web users' browsing habits and allow them to link anonymous browsing habits to specific people.

The study, presented recently in Barcelona at the Workshop on Online Social Networks, part of the annual conference of the Association for Computing Machinery's Special Interest Group on Data Communications, is the first to describe a mechanism that tracking sites could use to directly link browsing habits to specific individuals.

"When you sign up with a site, you are assigned a unique identifier," says Craig Wills, professor of computer science at WPI, who conducted the study with an industry colleague. "This is a string of numbers or characters that points to your profile. We found that when pass information to tracking sites about your activities, they often include this unique identifier. So now a tracking site not only has a profile of your Web browsing activities, it can link that profile to the personal information you post on the social networking site. Now your browsing profile is not just of somebody, it is of you."

Like most commercial websites, online social networks use third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors. Cookies are maintained by a and contain information that enable tracking sites to build profiles of the websites visited by a user. Each time the user visits a new website, the tracking site can review those cookies and serve up ads that might appeal to the user. For example, if the user frequently visits food sites, he or she might see an ad for a new cookbook.

Online networking sites have gone a step further by allowing for transmission of unique identifiers. It is a particularly troubling practice for two reasons, Wills says. "First," he notes. "users put a lot of information about themselves on social networking sites. Second, a lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don't take advantage of them." With a unique identifier, a tracking site could gain access to a user's name, physical address, email address, gender, birth date, educational and employment information, and much more.

With the "leakage" of this type personal information, there is a significant risk of having one's identity linked to an inaccurate or misleading browsing profile. Browsing profiles record the websites a particular computer has accessed, not who was using the computer at the time or why particular sites were chosen. According to Wills, this leaves room for inaccurate profiling by tracking sites, a situation that has the potential to lead to serious problems. When a computer is used by more than one person, or a person browses for curiosity rather than intent, it leaves room for misinterpretation, he notes. "Tracking sites don't have the ability to know if, for example, a site about cancer was visited out of curiosity, or because the user actually has cancer. Profiling is worrisome on its own, but inaccurate profiling could potentially lead to issues with employment, health care coverage, or other areas of our personal lives."

Wills says the researchers do not know what, if anything, tracking sites do with the unique identifiers that social networks transmit to them. They say they have communicated with all of the sites they studied to inform them about the privacy leakage, but have not heard back officially from any. "We are not saying that they are necessarily trying to leak private information," he says. "But once someone is in possession of your unique identifier, there is so much they can learn about you. And even if tracking sites do not use the information themselves, can they guarantee that it will never find its way into other hands? For these reasons, we feel this issue is something that we should to be concerned about."

The researchers also note that while users of social networking sites can protect themselves to some degree by limiting the amount of information they post and using the protections the sites make available to them to limit access to their information, the easiest way to prevent privacy leakage would be for social networking sites to stop making unique identifiers visible.

More information: View the full study here: … s/wosn/papers/p7.pdf

Source: Worcester Polytechnic Institute (news : web)

Explore further: Congress may clamp down on MySpace

Related Stories

Congress may clamp down on MySpace

May 11, 2006

New legislation from Congress would block access to social-networking sites like MySpace and Facebook in schools and libraries, including instant-messaging services.

Cookie Crunching May Be Pumping Up Web Traffic

April 17, 2007

Internet cookies might not be as reliable an indicator of distinct Web site visitors as previously thought, according to a Monday report from Internet research company comScore.

Report: Widespread data sharing, 'Web bugs'

June 2, 2009

( -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share data with their ...

Social networking sites still popular

May 12, 2006

MySpace led in first place of 10 popular social-networking sites that collectively grew 47 percent year-over-year, according to Nielson//NetRatings.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Aug 24, 2009
OF COURSE the stuff you write on this electronic soup is digested by "kids" who love to spread secrets! If you have a secret, keept it to yourself!
not rated yet Aug 24, 2009
The last thing social websites, as well as any other kind of website, will do is consider the safety and security of the people who use their sites. It is EXTREMELY tempting and profitable for any website to grab your info and then resell it to others. There just is no other option. In other words, resell or die. If a site tells you they will not share your info, don't believe it for one micro-second. Even the Papal website in Rome sells your browsing habits...Check it out and see for yourself.
not rated yet Aug 24, 2009
It's always best to assume that every key stroke you do is recorded and assorted somewhere, even if you've the software installed for all security on your computer. Two choices; go with the flow of big brother or don't ever use any computers. cell phones etc. Even if new laws and legislation came in to thwart spying activity and you buy it as a safeguard, well frankly you've been had !
Personally I'll continue as always, I don't care provided the bank account is safe. There's not much we can do about information share.
1 / 5 (1) Aug 25, 2009

It's one thing saying hypothetically anything you write online could be public. It's quite another that companies routinely pass everything you write about yourself to companies that seek to get money from you.

Social sites, like so many Internet companies, got big before the law could catch up them. After all, how many people would sign up for a site that said "By-the-way, we pass on everything you write to advertisers"? Zero. I.e., they became popular by fraud. Don't shrug it off. These companies broke laws. Invaded the privacy of millions of people. They belong behind bars. In jail, with the rest of the felons.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.