![[ Back to EurekAlert! ]](http://www.eurekalert.org/images/back2e.gif){kind=small}
Public release date: 3-Dec-2009
Share
]
WORCESTER, Mass. – Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI), has been invited to participate in a Federal Trade Commission (FTC) panel on online privacy. Wills will take part in a panel on online behavioral advertising, which starts at 1:30 p.m. on Monday, Dec. 7, at the FTC Conference Center, 601 New Jersey Avenue, NW, Washington, D.C. He was selected to this panel because his research has demonstrated that more than half a billion social network users are at risk of having their personal information "leaked" to third-party sites that track their web browsing habits.
The panel is part of a series of daylong public roundtable discussions the FTC is holding to explore the privacy challenges posed by technology and business practices, including social networking, cloud computing, and online behavioral advertising, that collect and use consumer data. The goal is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation.
The other participants on the online behavioral advertising panel are Jeff Chester, executive director of the Center for Digital Democracy; Amina Fazlullah, Counsel for U.S. PIRG; Dave Morgan, CEO of Simulmedia Inc.; Zoë Strickland, vice president and Chief Privacy Officer for Wal-Mart; Berin Szoka, director of the Center for Internet Freedom at the Progress & Freedom Foundation; Omar Tawakol, CEO of BlueKai; and Linda Woolley, executive vice president for government affairs for the Direct Marketing Association. The discussion will be moderated by Peder Magee and Michelle Rosenthal of the FTC's Division of Privacy and Identity Protection. The panel will be webcast live at www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml.
A recent study coauthored by Wills found that the practices of many popular social networking sites make the personal information that hundreds of millions of users post on the sites available to companies that track Web users' browsing habits, allowing them to link anonymous browsing habits to specific people. The study was the first to describe a mechanism that tracking sites could use to directly link browsing habits to specific individuals.
Specifically, the study showed that when social networking sites pass information to tracking sites about a user's activities, they often include the user's unique identifier--a string of numbers or characters that points to their online profile. With this unique identifier, the tracking site can link the personal information in that profile (such items as user's name, physical address, email address, gender, birth date, educational and employment information) to data it has already gathered on the Web sites that the user has visited. "Now your browsing profile is not just of somebody," Wills says. "It is of you."
Like most commercial websites, online social networks use third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors. These third-party sites track browsing behavior using cookies. Cookies are maintained by a web browser and contain information that enable tracking sites to build profiles of the websites visited by a user. Each time the user visits a new website, the tracking site can review those cookies and serve up ads that might appeal to the user. For example, if the user frequently visits food sites, he or she might see an ad for a new cookbook.
Social networking sites have gone a step further by allowing for transmission of unique identifiers. It is a particularly troubling practice for two reasons, Wills says. "First," he notes, "users put a lot of information about themselves on social networking sites. Second, a lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don't take advantage of them."
Privacy "leakage" by social networking sites raises the possibility of a user's identity being linked to an inaccurate or misleading browsing profile (for example, when a computer is used by more than one person, or a person browses for curiosity rather than intent). "Tracking sites don't know, for example, if a site about cancer was visited out of curiosity, or because the user actually has cancer," Wills says. "Inaccurate profiling could potentially lead to issues with employment, health care coverage, or other areas of our personal lives."
Wills says the researchers do not know what, if anything, tracking sites do with the unique identifiers that social networks transmit to them. They informed all of the sites they studied about their findings, but have not heard back officially from any. "We are not saying that they are necessarily trying to leak private information," he says. "But once someone is in possession of your unique identifier, there is so much they can learn about you."
The researchers also note that while users of social networking sites can protect themselves to some degree by limiting the amount of information they post and using the protections the sites make available to them to limit access to their information, the easiest way to prevent privacy leakage would be for social networking sites to stop making unique identifiers visible.
View the full study here: http://conferences.sigcomm.org/sigcomm/2009/workshops/wosn/papers/p7.pdf
About Worcester Polytechnic Institute
Founded in 1865 in Worcester, Mass., WPI was one of the nation's first engineering and technology universities. WPI's14 academic departments offer more than 50 undergraduate and graduate degree programs in science, engineering, technology, management, the social sciences, and the humanities and arts, leading to bachelor's, master's and PhD degrees. WPI's world-class faculty work with students in a number of cutting-edge research areas, leading to breakthroughs and innovations in such fields as biotechnology, fuel cells, and information security, materials processing, and nanotechnology. Students also have the opportunity to make a difference to communities and organizations around the world through the university's innovative Global Perspective Program. There are 25 WPI project centers throughout North America and Central America, Africa, Australia, Asia, and Europe.
[
| E-mail
| Share
]
AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert! system.