More regulation only way to stop social networks learning more than we wish, says researcher

Social networks have no incentive to inform users how data is gathered on them, a privacy researcher says

By Loek Essers, IDG News Service |  Security

People can't know what data is inferred about them because they don't know what rules are used to build the extensive user profiles, he said. Moreover, the rule sets used by social networks evolve constantly. As users publicize new information and the provider gathers new data, new patterns emerge causing old patterns to change and it is impossible for a user to predict these changes, he said.

One way to prevent inferences being made from data is not to disclose it in the first place, but that is very hard for users to do when they don't know how an online service is combining information about them. Besides that, others might be disclosing the very information that they are trying to keep secret.

Because of these challenges it is obvious that profile building based on user behavior rather than the information that is disclosed by the user cannot be prevented, but it can be limited, said Zimmermann.

Users could for instance use privacy enhancing technologies like The Onion Router (TOR), or use pseudonyms to hide their online identities. "They can be really helpful but cannot solve the problem," Zimmermann said. Using those technologies doesn't stop social networks from gathering inferred data, he said.

Another possibility is to enhance transparency. Social networks could disclose what information about users is tracked, said Zimmermann. The main problem with transparency is that social networks lack the incentive to make inferred data available users, he said.

A possible solution is to take regulatory action and force monitoring on the provider, he said. "But that is not easy to do," he said. If the European Union's 27 member states were unable to agree a single regulation, then social networks would have to figure out a way to apply a patchwork of national regulations to users' data.

Making the process transparent is not sufficient to stop the services from building profiles based on inferred data, though, he said. A combination of preventive data disclosure and transparency can tame the inference problem, said Zimmermann, but still cannot prevent inferences completely. It will, though, give users the means with which to limit the threat in the long run.

Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness