Maggie Fox doesn't care what "Suzie from Moncton" had for breakfast. Neither do her clients.
But if Suzie from Moncton were to start a Facebook group with a few dozen of her friends to talk about her favourite cereal or add a "widget" to her profile that shows everyone how much she loves that cereal, that's the kind of information Ms. Fox and her clients would love to see.
Ms. Fox isn't a hacker; she's the chief executive officer of Social Media Group, a Toronto-based consultancy firm that teaches companies such as Ford and Canadian Tire how to market their brands in the world of blogs, wikis and social networks such as Facebook and MySpace.
- Globe reporter Matt Hartley will take readers' questions about the pitfalls of putting your identity online, and how best to behave in a world where you are on display, from 1 p.m. to 2 p.m. ET tomorrow, Tuesday. Join the Conversation at that time or leave a question in advance.
With more than 100 million users each, MySpace and Facebook are entrusted with sensitive personal information that their members expect will be kept private. But how that information is stored and disseminated, as well as who gets to see it, has become one of the greatest headaches for social networks and one of the most contentious issues facing privacy watchdogs.
"I don't want to know who, I just want to know what. I don't need to take it down to the level of what Joe Blow says, I want to know what people are talking about generally. It is almost impossible to extract data from Facebook around who's talking about what and whether it's a favourable or negative conversation without doing it manually," Ms. Fox said.
The problem is that not everyone who wants information from these sites follows the rules.
In May, a U.S. federal judge awarded MySpace nearly $230-million (U.S.) in statutory damages after it sued Sanford Wallace and Walt Rines, two of the most notorious "spam kings" of the Internet, who allegedly sent more than 730,000 messages to MySpace users as part of a spamming and phishing operation.
In July, a California judge awarded Facebook $500,000 in damages in its lawsuit against a numbered Ontario company that operates under the name SlickCash. Facebook said that for two weeks in June of 2007, SlickCash had attempted to hack into Facebook's servers more than 200,000 times in an effort to gain access to the company's databases.
Sites such as Facebook and MySpace are constantly under siege from spammers, phishers and other malicious hackers.
One of the most common ways that spammers and hackers can glean information from a user's profile is through a "widget," which is essentially a piece of software such as a game or slideshow feature that is developed by engineers from outside of Facebook that users can install on their profiles.
These applications allow their developers access to the personal information of the Facebook user who installs them, but many also mine the personal information of the user's friends.
Alarmingly, it is relatively easy for a rogue developer to install a few lines of code into a seemingly innocuous widget that suddenly becomes a data-gathering virus, attacking the installer's profile and those of their friends.
The problem is that Facebook isn't doing enough to screen third-party developers to ensure they're not phishing for information or trying to commit identity fraud, according to one Canadian privacy group.
Earlier this year, the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa filed a complaint with the Office of the Privacy Commissioner of Canada. The complaint alleges that Facebook has engaged in 22 separate breaches of Canadian privacy law, some of which relate to the site's "third-party application" policies.
