10
Maggie Fox doesn't care what "Suzie from Moncton" had for breakfast. Neither do her clients.
But if Suzie from Moncton were to start a Facebook group with a few dozen of her friends to talk about her favourite cereal or add a "widget" to her profile that shows everyone how much she loves that cereal, that's the kind of information Ms. Fox and her clients would love to see.
Ms. Fox isn't a hacker; she's the chief executive officer of Social Media Group, a Toronto-based consultancy firm that teaches companies such as Ford and Canadian Tire how to market their brands in the world of blogs, wikis and social networks such as Facebook and MySpace.
- Globe reporter Matt Hartley will take readers' questions about the pitfalls of putting your identity online, and how best to behave in a world where you are on display, from 1 p.m. to 2 p.m. ET tomorrow, Tuesday. Join the Conversation at that time or leave a question in advance.
Related Articles
With more than 100 million users each, MySpace and Facebook are entrusted with sensitive personal information that their members expect will be kept private. But how that information is stored and disseminated, as well as who gets to see it, has become one of the greatest headaches for social networks and one of the most contentious issues facing privacy watchdogs.
"I don't want to know who, I just want to know what. I don't need to take it down to the level of what Joe Blow says, I want to know what people are talking about generally. It is almost impossible to extract data from Facebook around who's talking about what and whether it's a favourable or negative conversation without doing it manually," Ms. Fox said.
The problem is that not everyone who wants information from these sites follows the rules.
In May, a U.S. federal judge awarded MySpace nearly $230-million (U.S.) in statutory damages after it sued Sanford Wallace and Walt Rines, two of the most notorious "spam kings" of the Internet, who allegedly sent more than 730,000 messages to MySpace users as part of a spamming and phishing operation.
In July, a California judge awarded Facebook $500,000 in damages in its lawsuit against a numbered Ontario company that operates under the name SlickCash. Facebook said that for two weeks in June of 2007, SlickCash had attempted to hack into Facebook's servers more than 200,000 times in an effort to gain access to the company's databases.
Sites such as Facebook and MySpace are constantly under siege from spammers, phishers and other malicious hackers.
One of the most common ways that spammers and hackers can glean information from a user's profile is through a "widget," which is essentially a piece of software such as a game or slideshow feature that is developed by engineers from outside of Facebook that users can install on their profiles.
These applications allow their developers access to the personal information of the Facebook user who installs them, but many also mine the personal information of the user's friends.
Alarmingly, it is relatively easy for a rogue developer to install a few lines of code into a seemingly innocuous widget that suddenly becomes a data-gathering virus, attacking the installer's profile and those of their friends.
The problem is that Facebook isn't doing enough to screen third-party developers to ensure they're not phishing for information or trying to commit identity fraud, according to one Canadian privacy group.
Earlier this year, the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa filed a complaint with the Office of the Privacy Commissioner of Canada. The complaint alleges that Facebook has engaged in 22 separate breaches of Canadian privacy law, some of which relate to the site's "third-party application" policies.
"I believe there is a buyer-beware or a use-at-you-own-risk mentality that Canadians need to keep in mind," said Harley Finkelstein, one of four law students who drafted the complaint. "You can't just put information online and hope for the best. Some of these [widget] developers are rogue developers with the sole intention of producing these applications for gaining information."
In Privacy Commissioner Jennifer Stoddart's office, that complaint has helped to make top priority the issue of whether social networking sites such as Facebook conform to the Personal Information Protection and Electronic Documents Act.
"If we were to find that there was a violation of PIPEDA, and there was a refusal to change it, we have the clear power to take things to Federal Court," Ms. Stoddart said. "We've done that several times."
Because of the speed with which the Internet and social networking sites change, Ms. Stoddart said, completing the investigation is a priority, and she hopes to have findings ready by the end of this year.
"Let's be frank: This is a billion-dollar business, and like any other business, if you operate in Canada, you operate by Canadian laws."
Even Facebook isn't sure how to effectively use their members' information.
In November, Facebook launched a controversial advertising program called Facebook Beacon, which could be used by online retailers to track the spending habits of Facebook users on their sites. When a Facebook users made a purchase, a message was sent to the news feeds of their friends, telling them what they bought.
The result was that the Facebook news feed told dozens of people what their friends had bought them for Christmas. Users were incensed that their personal information was being displayed in such a way without their consent. Facebook eventually altered the Beacon program to allow users to opt out.
Social networks employ teams of security experts that meet regularly with law enforcement officials from across North America to learn new ways to protect their users' information so that the only groups that can make use of that data are the ones approved of by the site.
"Facebook is actively involved in the arms race to give people better user experiences and protections," according to Mozelle Thompson, a policy consultant and former U.S. federal trade commissioner who has sat on Facebook's advisory board since March 2006.
"While there are instances of spam always — somebody trying to get in — Facebook does a remarkably good job about being ahead in that arms race."
With reports from Omar El Akkad in Ottawa and Matthew Trevisan in Toronto
Tomorrow: Part 3: David Hutton reports on the efforts that one Canadian-based social network is making to root out underage users, who, studies show, can be far more revealing than older social networkers.
Also Tomorrow: Join the Conversation at 1 p.m. ET with Matt Hartley to discuss privacy in the age of social networks.
