Social Networks: Digital Voyeurism

The winter is approaching. Along come the coldness to the watershed of Navarre and the boring evenings at home. In such situations, it’s easy to start thinking about many things. In my case, I have been thinking about the social network boom. One can easily find today the perfect network for each type of person: alive or dead, beautiful or ugly, young or old, men or women, and so on. The main objective of these networks is to store a gigantic amount of personal information featuring varying degrees of quality and reliability, with the clear benefit of users feeding them for free. But what is the reason behind storing so much data? In my opinion, it is all about knowledge. We are living in a time where knowledge is a precious good. All raw data can be transformed into knowledge using, for example, data mining techniques. This knowledge tells us about, for example, the preferences of a certain group of people. I will focus in this post on the amount of truth in this data. For this purpose, I decided to test something first; I randomly changed most of my private personal data in my social network profiles, mixing true and false information in order to assess the impact on my cyber-friends.

The first changes were made in Tuenti and Facebook. In the former, the experiment was not so successful because all the changes I made on my profile were not posted on my friends’ main boards. For this reason, I decided to try again with Facebook. As a result, I have been receiving tons of comments throughout the past weeks; private messages, SMS, etc. With just a simple change I have caused an interesting reaction among my pals.

The information written on the walls and profiles of social networks has reached a high level of credibility, and many organizations benefit from it by filtering candidates in their HR departments. Some judges use them to exonerate citizens from a suspected crime, others use them to find their significant other or new friends; others to claim unfair actions… In my case, my friends didn’t believe the information I gave them face-to-face when it contradicted what was written on my profile!

It is true that today’s social networks are trying hard to counter the security breaches created by social engineering attacks, as is the case of Poken. Poken is a social network in which the only way to add friends is by physically hitting hand-shaped devices, in order to exchange personal data that’s later downloaded to the computer for validation. But what about the authenticity of the messages that can be read in these sites? Who is responsible for validating the information or confirming that it is correct?

On the other hand, social networks deal with a huge amount of personal data. If a private user like me has, with just a few changes, obtained ratings on profile changes free of charge, what could a company or an ill-intended individual armed with a fake profile do in Facebook?

Imagine for a moment that an application was created to reward those who most benefit the social network, for example in terms of volume of personal information. What would it cause? For me, it’s crystal clear: addiction to the network and anxiety for being the lucky winner. What if a module was added to the application, by means of which an SMS service tells you who’s the best? Well, apart from the above, I’d also earn money for each message sent to the advertising system. For what’s worth, not only people are careless when publishing their data; they are even willing to pay for what they‘ve published.

Aitor Corchero Rodríguez
S21sec labs

Deja un comentario