What Site Leaked Your Data?
21 May 2011
The Internet is notoriously bad when it comes to privacy, which is a fact that has unfortunately been accepted - and even embraced - by most avid surfers. Facebook has leaked various pieces of user information to various places (including Google search), Google has taken to reading emails and contact lists, and people search sites have disturbingly recent and accurate information open to the public. Recent news from around the Internet seems to show that as much as sites explain how secure they are, they still have their shortcomings and secrets.
Google made no secret of the fact that it was changing how it serves ads to its GMail users; it announced it publicly on the Google Blog and notified all GMail users. To sum it up, Google stated that they were going to take notice of email content in order to show relevant advertisements; essentially, their ad crawler was going to read emails. Rumour has it that they will also be taking this a step further in the near future by looking at attachments, and displaying non-animated graphical ads as well when images are included in an email. Considering that GMail is funded entirely by advertising (as is Google as a whole), the move is understandable, but not any less creepy when it’s all said and done. However, Google introduced something behind the scenes as well that has gone mostly unnoticed and completely unannounced.
Google now crawls (optionally, I might add) contact lists, then searches competing sites for users with the same contacts, aka you, and offers to “connect” the account with Google as part of the public profile. I find that this explains my experience with Google finding me on every site I happen to be on. On Google’s end, this is part of a business technique to compete with Facebook, but as far as I’m concerned, at least, it’s really very creepy, especially with the amount of information I have for most of my contacts. I consider my contact list somewhat private and I take the security of my friends’ data pretty seriously so as such I don’t approve of Google crawling my contact list. I was able to shut off the option on this page: https://profiles.google.com/u/0/connectedaccounts (bottom checkbox), a somewhat hidden preference panel.
Of a much more serious concern, Facebook recently fixed a huge security issue with the way applications interact with user data. I won’t post the technical details, but essentially, Facebook applications accidentally leaked user information to advertisers and other third parties. According to the Symantec blog, “[third parties and advertisers] have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.” Symantec also states that most probably didn’t realize the flaw, but when it comes to hackers, I’m sure the flaw was known and exploited at some point. Facebook has supposedly fixed the problem, but if you are of the more careful type, changing your password resets Application access and fixes the problem.