Bob McMillan writes:
We already know that if you use an online social network, you give up a serious slice of your privacy thanks to the omnivorous way companies like Google and Facebook gather your personal data. But new academic research offers a glimpse of what these companies may be learning about people who don’t use their massive web services. And it’s a bit scary.
Because they couldn’t get their hands on data from the likes of Facebook or LinkedIn, the researchers studied publicly available data archived from an older social network, Friendster. They found that if Friendster had used certain state-of-the-art prediction algorithms, it could have divined sensitive information about non-members, including their sexual orientation. “At the time, it was possible for Friendster to predict the sexual orientation of people who did not have an account on Friendster,” says David Garcia, a postdoctoral researcher with Switzerland’s ETH Zurich university, who co-authored the study.
This can be done through what are called “shadow profiles.” For example, if five of your friends invite you to join a new site called NeoSocial Company by punching your email address into a form on the site, the company could create a social graph based simply on your email address and who invited you, even if you don’t sign up for the service. They could even start to make some inferences about you based on what they know about your friends. Many sites also encourage you to upload your address book when you sign-up, so that i can help you connect with people you know who may already be using the service, or even to alert you if they sign-up later. If you do this, you could be helping these companies build shadow profiles of your contacts.
As Bob notes, an audit by Ireland’s Data Protection Commissioner confirmed that Facebook doesn’t keep shadow profiles. But the technical capability is always there, and we have no real idea what sites that haven’t been audited are doing. What’s more, law enforcement can build social network graphs based on seized address books and cell phones, or even metadata demanded from telephone companies.
So even if you don’t have a cell phone, if a friend called your landline, then traveled to your house, then to another location, and then back to your house, someone with access to that information could make an educated guess that you went with that friend to that particular location.