Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Test demonstrates how social networks could be snooping on users

04 September, 2013
Secret dedicated URL addresses tracked through free e-mail and social network sites to discover the degree of snooping taking place.

The tests were conducted by IT security experts at High-Tech Bridge on the back of media reports of privacy concerns surrounding social network sites. To test out these concerns, the company set up a range of secret, unique and dedicated URL addresses on its own server then used social networking messaging services and free e-mail sites to send the URLs before examining server logs to see which URLs had been accessed.

Of the 50 services analysed, six had accessed the URLs of which two were URL shortening services which arguably had a legitimate reason for doing so. The remaining four which made HTML calls to the dedicated server were Facebook, Twitter, Google and Formspring.

To further test whether these providers were using legitimate robots to crawl links for verification or spam testing, High-Tech Bridge created a robots.txt file to restrict bot access to server content. The result was that Twitter respected the block but the remaining three bypassed it which implies the existence of a real privacy issue.

According to High-Tech Bridge's Marsel Nizamutdinov, it's impossible to know exactly how the URLs are being used by the service providers despite their attempted justification as being an automated verification process that doesn't impact privacy.

So is this a real threat to privacy or paranoia?

We put this to High-Tech Bridge and asked if these services actually snooping or is it part of their mechanism of operating. They told me that in theory, the links should not be opened by anyone other than the sender or receiver of a private message. It is completely impossible to know how the information from the URL would be used by Facebook, Google+ or Twitter. It could be simply a check or it could be stored and used in some way.

Millions of people use Facebook's private messaging facilities to send each other photographs and other personal files. According to High-Tech Bridge, such attachments on private messages are a potential privacy concern, they are a URL, they have no authentication and Facebook will open the link and could save a copy of it for further usage.

So why would they do that? What are the potential benefits for the social networking sites? High-Tech Bridge explained that with the value placed on information in the current age, the more information you have on a person, the more it is worth. This kind of information can be used for marketing and online advertising services.

Bookmark and Share