The Illusion of "Private" Web Content
Millions of Web 2.0 users share their personal information, photos, bookmarks, and lives online. And, of course, various concerns arise about the fact that so much (what was once considered) private information is being publicly shared with anyone with an Internet connection. To help users manage the flow of their personal information online, many services offer the ability to make certain content “private.” For example, Facebook has an extensive (and, as a result, somewhat complicated) interface to restrict access to various parts of a user’s profile, and photo sharing sites like Flickr typically allow restricted access to uploaded images.
The problem is that these technical features only offer the illusion of privacy with the content uploaded to the Web.
Many cases have emerged where holes (some small, some gaping) have been found in these “private” settings: “private” Facebook albums could be accessed simply with the right URL, the same with Google’s Picasa image sharing platform, just to name a few examples.
We can now add MySpace to this list: Wired reports that a backdoor in MySpace’s architecture allows anyone who’s interested to see the photographs of some users with private profiles — including those under 16 — despite assurances from MySpace that those pictures can only be seen by people on a user’s friends list. Not surprisingly, large datasets of these “private” images have been assembled and distributed online to anyone who would like to peek at the private images.
Fred Stutzman comments on the severity of this particular breach of illusory privacy:
The scope of this breach is staggering, especially when one considers the method of distribution. Like in other data breaches, once the data hits a torrent network, there’s simply no way to recover or erase the leakage. Individuals who had their data compromised can hope for security through obscurity, but they can never hope to reclaim their images from the hard drives they now inhabit.
This episode is frightening on a number of levels. As a system can’t be hacker-proof, there will always be individuals seeking to exploit and gain access to private information. In this attack, we see a basic crawling/caching – but what if it had been deployed as an open proxy, where individuals interested in seeing private pictures fed the system with id’s, and the proxy simply cached and shared everything? Social network sites seem especially vulnerable to the proxy attack, and I shudder to think what might have happened if this attack was the work of more than one determined individual.
This also reinforces the false, trivial nature of privacy on these sites (as Valleywag says, “your privacy is an illusion”). The only thing separating one’s private content from public content is an if/else loop, and if it fails once, that’s enough for a massive incident. Of course, this doesn’t apply only to social network sites – think of anywhere you’ve stored mass amounts of private information: your web-based email, your friends-only journal, your photo-sharing account. Any and all of it may be public one day, all it takes is a vulnerability and determined screen-scraper.
I’d like to repeat one of Stutzman’s observations: “The only thing separating one’s private content from public content is an if/else loop, and if it fails once, that’s enough for a massive incident.”
Indeed, unless we can compel the designers of these new information systems to truly and fully protect user privacy, we’ll have little more than the illusion of “private” Web content, and we’ll always be one “if/else loop” away from the continued erosion of the ability to manage the flow of our personal information online.
UPDATE: Terrell Russell has also reflected on this, providing a wise observation:
We sometimes forget we’re in uncharted territory. We are playing with the new shiny toys of the internet and not necessarily understanding the implications. These tools provide great power across the board. Users gain abilities to connect, find, sort, and publish in ways never before available. Conversely, companies gain abilities to monitor, gather, and sell more personal information than ever before. Additionally, third party observers gain the ability to observe at a distance and in numbers never possible in the physical world.
And we don’t yet know all the rules.
With all these new powers, our nuanced understanding of how we interact and the ramifications of our various ‘digital’ actions have not kept up with our abilities. We don’t know how these things “break” yet.