A real world example of the privacy risks behind social apps October 20, 2009Posted by jonathanpenn in identity, privacy.
For the past few months I had become an accidental crusader against the site myspaceprofiles.org (I’m not linking to it for a long list of reasons, as you’ll no doubt intuit from this post). First off, let’s clearly state that myspaceprofiles.org is not affiliated with the social site MySpace – and therein lies one of the problems. It appears to be a dating site, but the people on its site are not willing “members”: they are MySpace users whose personal information, posts, pictures (including copyrighted material) have been sucked out of MySpace by an application on that social network and posted to a site that looks like a dating service.
The privacy risks of applications on social networks like MySpace or Facebook have been known and written about for a while now (eg, here and here and here), but I’ve never seen such hard evidence of the abuse before. For some of the MySpace victims, these results show up pretty high on the list when they’re Googled, and that can be a big embarrassment, if not a problem, or at least an embarrassment.
I’m not even sure this is that huge a deal in the scheme of things. But when I hear from an effected twenty-something “I’ll never put up any data on the Web again”, I gotta think this is an issue worth looking at.
Serendipitously, I learned about all this right as I was getting briefed by the Public Internet Registry (who runs .ORG top level domain) about their efforts “advocating for a safer global Internet community.” After an initial briefing, and fantastically responsive and helpful follow up by PIR’s Sr. Marketing Communications Manager Thuy LeDinh , I learned that there are limits to how safe, secure, and trusted .ORG can be – and the other TLDs are a lot worse of course.
But the short of it was that despite this being a scummy site, a violation of the developer’s agreement with MySpace, uncountable copyright violations, general misrepresentation of the people on the dating site, ignoring opt-out requests that it had set up on those pages, and even popping up pornography ads (adding insult to the victims’ injury!) — there’s nothing .ORG can seemingly do about this because the site isn’t engaged in illegal activity.
I consider myself a big believer that the Internet should be a place for free speech and free expression. But the fact that these poor people have no recourse seems somehow to fly in the face of other ideals I have about what’s just and giving people practical avenues through which their grievances can be addressed.
So I’m left with a few questions:
- Many people have discussed the folly of putting up embarrassing information. But now it seems like simply using these sites and posting innocuous information can still lead to embarrassment. Given that social networks are becoming such an ingrained fact of life – will we all come to regret it?
- Can anyone police the Internet at all? Or is that a fool’s errand?
- And why doesn’t MySpace go after a site like this?