http://blogs.forbes.com/chunkamui/2011/08/08/facebooks-privacy-issues-are-even-deeper-than-we-knew/?partner=yahootixQuestions about what social networks mean for personal privacy and security have been brought to a head by research at Carnegie Mellon University that shows that Facebook has essentially become a worldwide photo identification database. Paired with related research, we’re looking at the prospect where good, bad and ugly actors will be able identify a face in a crowd and know sensitive personal information about that person. These developments mean that we no longer have to worry just about what Facebook, Google+, LinkedIn and other social sites do with our data; we have to worry about what they enable others to do, too. And it now seems that others will be able to do a lot.
As reported in various privacy and security outlets like Kashmir Hill’s Forbes blog
http://blogs.forbes.com/kashmirhill/2011/08/01/how-face-recognition-can-be-used-to-get-your-social-security-number/ and Paul Roberts at ThreatPost,
http://threatpost.com/en_us/blogs/how-facebook-and-facial-recognition-are-creating-minority-report-style-privacy-meltdown-080511 and demonstrated at last week’s Black Hat conference,
http://www.blackhat.com/html/bh-us-11/bh-us-11-briefings.html#Acquisti the CMU researchers relied on just Facebook’s public profile information and off-the-shelf facial recognition software. Yet the CMU researchers were able to match Facebook users with their pictures on otherwise anonymous Match.com accounts. The researchers also had significant success taking pictures of experimental subjects and matching them to their Facebook profiles.Drawing upon previous research, they were also relatively successful at guessing individuals’ Social Security numbers. From there, of course, it is just an automated click to your Google profile, LinkedIn work history, credit report, and many other slices of private information. (See the FAQ to the research here.)
http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/(Note that this research is independent of the controversy around Facebook’s own facial recognition technology, which it recently unveiled to automatically tag users in pictures—and which authorities in Germany think might violate its privacy laws.
http://www.theregister.co.uk/2011/08/04/germany_no_to_facebook_facial_recognition/ The
CMU researchers didn’t even have to log into Facebook to get to the photos there; they accessed profile information through Facebook’s search engine APIs.)snip