£15bn for Government snoop network? Just use Facebook
By Stuart Turton
Posted on 3 Apr 2009 at 11:04
Cambridge University researchers have revealed how the profile information Facebook releases to search engines could be exploited by spammers or even governments.
Public listings allow search engines to crawl a limited version of your Facebook profile, displaying your name, photo, and eight people you're friends with. A limited selection of fan listings and affiliations are also displayed.
In a paper entitled Eight Friends Are Enough the team from Cambridge's Computer Security Group, reveal how they developed a programme capable of sifting through thousands of these public profiles.
This information was then used to map out a person's network of friends. The paper's authors claim this is valuable information that could be easily exploited by spammers and governments.
"In our own experiments, we were able to download over 250,000 public listings per day using a desktop PC and a fairly crude Python script," says Joseph Bonneau on the Light Blue Touchpaper blog. "For a serious data aggregator getting every user's listing is no sweat."
Fellow author Ross Anderson draws comparisons to the proposed Cental Communications Database, noting that security services really want knowledge of who is contacting who, not necessarily what is said. Here that data is available for free and with relatively effort.
"The Government wants to spend £15 billion on the IMP (Intercept Modernisation Programme) database of all traffic data - email headers, itemised phone bills, and the like - so that they can track the UK social graph. This paper shows that you don't need to spend all that money - you can get the social graph just by scraping the public data from Facebook," says Anderson.
Facebook wasn't available for comment at the time of publication.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Coping with Facebook changes
advertisement
