Thursday, June 12, 2008

Social Networking Site addons may pose hidden security problems with personal information dispersal


There is a new story that personal information stored on social networking sites, particularly Facebook, may be available to software developers if subscribers download various widgets, games or applications (like horoscopes) that use personal information.

Even though profiles may be marked private and theoretically have limited circulation, developers may see the information for a time after users download and execute the applications on the social networking pages. There is a maximum time that outside developers can keep the information, but on paper at least, there is a risk that it could be spread around without the subscriber’s knowledge.

Some of the information might include typical security questions and answers that subscribers have used on banking sites, adding to potential downstream risks.

Risks from social networking activity are synergistic. It’s not that the sites would be unsafe for computers (they seem to be well managed in keeping out viruses and malware). It is that the information shared becomes dangerous in a society, particularly school environments, filled with social and economic tensions already well in place.

The story, by Kim Hart, appeared on the front page of The Washington Post today, link here.

No comments: