[LINK] RFC: Privacy-Intrusive Address-Book/SNS Services

Chirgwin, Richard Richard.Chirgwin at informa.com.au
Thu Feb 26 16:26:34 EST 2004 

Roger,

Sorry to be reviving such an old thread, but a recent incident has led me to
speculate: what's the "identity theft" risk of these services?

The stored data provides a single point at which a solid profile exists: the
user's name, e-mail address, employment data, interests - the services seem
to me be extremely high-risk in this regard.

Even worse, there is no way to find out if "your" data is in most networks,
unless you join. For the ones I've examined, only Spoke lets a non-user see
if they've been profiled by someone else. This is a haven for identity
theft; there is nothing, for example, to prevent me creating a user account
at Orkut as Roger Clarke and doing my level best to spoil his name by
expressing whatever opinions I consider would most offend those who know
him.

(I already know someone suffering an attack of this kind on an ordinary
e-mail list; someone's created an account imitiating her name, and then
posts offensive and thoughtless material from that account. But the damage
which could be caused by spoofing an individual in the presence of
thousands?)

When I first read your paper, Roger, I thought you were being harsh. Now, I
think you're not being harsh enough. 

Richard Chirgwin

> -----Original Message-----
> From: Roger Clarke [mailto:Roger.Clarke at xamax.com.au] 
> Sent: Monday, February 02, 2004 5:18 PM
> To: link at anu.edu.au
> Subject: [LINK] RFC: Privacy-Intrusive Address-Book/SNS Services
> 
> 
> 
> I expressed concerns a couple of days ago about Plaxo.  I've now 
> flung together a draft privacy analysis of address-book and social 
> networking services (SNS) generally, with particular reference to 
> Plaxo.
> 
> As always, I'd appreciate constructively negative criticism, 
> particularly if I'm being unfair to anyone.
> 
> If you know other people with background on the topic, or if you're 
> plugged into e-lists whose subscribers would be interested in the 
> paper, or could help improve the analysis, feel free to pass this 
> message onwards.
> 
> 
>                      Very Black Little Black Books
>        http://www.anu.edu.au/people/Roger.Clarke/DV/ContactPITs.html
> 
>                    First-Cut Draft of 2 February 2004
> 
>                                Abstract
> 
> Technology and human ingenuity continue to pose new privacy 
> challenges. During 2003, a new dot.com fashion arose from an odd 
> amalgam of Rolodex address-books, e-communities and dating. Users of 
> these services store personal data on a central server, which can be 
> accessed by other people, and, potentially at least, exploited by the 
> service-operator. There are privacy concerns, of a kind that has been 
> analysed many times before.
> 
> The new dimension that these services bring is that they entice users 
> to disclose personal data about their friends, business contacts or 
> acquaintances. That is a disturbing feature, and it requires careful 
> analysis.
> 
> -- 
> Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
> 			            
> Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
>                  Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au            http://www.xamax.com.au/
> 
> Visiting Professor in the eCommerce Program, University of Hong Kong
> Visiting Professor in the Baker Cyberspace Law & Policy 
> Centre, U.N.S.W
> Visiting Fellow in Computer Science, Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>

More information about the Link mailing list