
YOU鈥橵E set your Facebook account to 鈥渇riends only鈥, your Tweets are protected and you wouldn鈥檛 dream of setting a virtual foot near location-sharing services like Foursquare 鈥 in other words, you can feel pretty safe online, right? Wrong. We all unwittingly leak vital information through friends.
鈥淵ou can actually infer a lot of things about people, even though they are pretty careful about how they manage their online behaviour,鈥 says of the University of Rochester in New York. He has developed a system for predicting a Twitter user鈥檚 location by looking at where their friends are. The tool can correctly place a user within a 100-metre radius with up to 85 per cent accuracy.
Sadilek and colleagues turn their target鈥檚 social network into a predictive model called a dynamic Bayesian network. At each point in time, the nodes in the target person鈥檚 network consist of their friends鈥 locations, day of the week and the time, and information from these nodes determines the target鈥檚 most likely location. Sadilek can also feed in any existing information about the person鈥檚 whereabouts to help improve the model鈥檚 accuracy.
Advertisement
The team tested their model on over 4 million tweets from users in Los Angeles and New York City, who had location data enabled. They found a couple of weeks of location data on an individual, combined with location data from their two most sharing friends, is enough to place that person within a 100-metre radius with 77 per cent accuracy. That rises to nearly 85 per cent when you combine information from nine friends. Even someone who has never shared their location can be pinpointed with 47 per cent accuracy from information available from two friends, rising to 57 per cent with nine.
鈥淯sing just two friends you can place a person in a 100-metre radius with 77 per cent accuracy鈥
Once the model has a good idea of where some people are, it can use this data to predict who their friends are, and then use that social network to pinpoint the whereabouts of even more people.
鈥淵ou can imagine looping this process over and over,鈥 says Sadilek, potentially allowing the model to make predictions about every user on Twitter. Privacy advocates may recoil in horror, but Sadilek claims this knowledge could have benefits. It could help identify people who might spread infectious diseases or contact friends nearby to prevent suicide attempts. He will present the work at the conference in Seattle next month.
It is not just Twitter contacts who compromise your privacy. Facebook friends who share too much could help someone access your account. Last year Facebook rolled out a new 鈥渟ocial authentication鈥 system designed to block suspicious logins, but computer scientist and colleagues at the University of Cambridge have discovered some flaws.
Suppose you normally access Facebook in London, but one day Facebook sees a login from Australia. You might be on holiday, but it is also possible a hacker has got hold of your password, so Facebook鈥檚 social authentication system blocks these logins unless you can identify photos of your friends.
It seems secure, but Kim points out it only protects you against strangers 鈥 a jealous spouse would easily be able to identify mutual friends, for example. Kim鈥檚 research shows that using photos from non-overlapping communities could prevent this, but that is no good if your friends share their photos publicly, as many people on Facebook do. A determined person could easily gather such photos to create a database of your friend鈥檚 faces, then use facial recognition software to identify the social authentication photos.
Kim suggests that indiscreet friends should be removed from the social authentication system, but even that wouldn鈥檛 help a specific group of social networkers: celebrities, whose friends are likely to be recognisable. Kim will present the work at the conference on the island of Bonaire in the Caribbean next month.
Even with your friends under control, a software bug could still expose your private data 鈥 as Facebook CEO Mark Zuckerberg himself found out recently when a glitch . To solve this, researchers at the Massachusetts Institute of Technology have come up with a new programming language called that automatically enforces privacy policies.
Programmers have to explicitly ensure data flowing through their software obeys necessary privacy policies, but it is easy to slip up and let information leak out. Jeeves solves that by substituting the value of variables within the software depending on who the user is. For example, say Alice posts a message but doesn鈥檛 want anyone but herself to see who wrote it. The programmer can use the variable 鈥渁uthor鈥 without worrying what the user sees 鈥 when the software runs, Jeeves ensures Alice will see her own name, but everyone else logging in will see 鈥淎nonymous鈥.
, who helped develop Jeeves, says the new language lets a programmer delegate privacy responsibilities and concentrate on the actual function of their code, much like a party host might entrust their butler with ensuring the needs of each guest are met so they can spend more time socialising.
Why the weakest links count most
Facebook is more than just an online 鈥渆cho chamber鈥 in which users just repeat views that match their own, according to a new study from the social network鈥檚 own data team.
Facebook鈥檚 Eytan Bakshy divided the friends of 253 million Facebook users into 鈥渟trong鈥 or 鈥渨eak鈥 ties. Cumulatively, the researchers found that most of the information shared comes predominately through a user鈥檚 weak ties, simply because we have many more weak ties than strong ones. That鈥檚 important, argues Bakshy, because friends with weaker ties are more likely to read and share material that you would not otherwise encounter: 鈥淭he information they are sharing is more novel.鈥