Antisocial networks

Facebook has gotten some pushback for the same kind of outreach — last week the company agreed not to send unsolicited invitations to non-members in Germany. This is not the only example where users have been upset. Last month a new feature made it easy to unwittingly hand out one’s own address and cell phone number to advertisers. That bothered enough people that it was rescinded three days later. Since I don’t use Facebook either, I don’t have to worry about the effect of continually changing privacy policies and occasional bugs, like the one that let a hacker post to Mark Zuckerberg’s fan page last week.

I also received unsolicited mail from Twitter last month. Some misguided soul wanted to follow me; all I had to do was create an account and start tweeting. That’s unlikely to happen. I once heard someone characterized as “a person who puts the twit in Twitter,” and would rather not belong to that group. The aphorism “Better to remain silent and be thought a fool than to speak out and remove all doubt” is often attributed to Abraham Lincoln; whoever its author, he was perhaps paraphrasing Proverbs 17:28, “Even a fool, when he holdeth his peace, is counted wise: and he that shutteth his lips is esteemed a man of understanding.” My lips are sealed, at least on Twitter.

Whenever an invitation arrives it means that someone, however well-intentioned, has handed out information about me, vouched for its authenticity, and given the recipient carte blanche to use it. For example, LinkedIn’s privacy policy says “By providing email addresses or other information of non-Users to LinkedIn, you represent that you have authority to do so. All information that you enter or upload about your contacts will be covered by the User Agreement and this Privacy Policy and will enable us to provide customized services such as suggesting people to connect with on LinkedIn.” That seems to say that if your contact list includes me, you’ve told LinkedIn that it’s OK to spam me.

Social networking sites are useful, but their business model is to sell detailed information about their users. As a result, our personal data spreads far and wide, our privacy is eroded and our risks increase. In mid-December I received e-mail from my friend Charlie, sent to a small private mailing list. It said, “Apologies for having to reach out to you like this, but I made a quick trip to the UK and had my bag stolen from me with my passport and credit cards in it. The embassy has cooperated by issuing a temporary passport, I just have to pay for a ticket and settle hotel bills.” It went on to ask for a loan, and gave a UK phone number.

It was possible. Charlie is a frequent traveler and could have made a trip; I hadn’t seen him for a couple of weeks. I called the number in England, but it didn’t ring, which was odd. I replied to the mail and received a personal response: “Hi Brian. I am in a bit of trouble, please lend me $1,800. Western union will be OK, let me know if you need my details for the transfer. I will pay back once I return to the States.”

I asked for instructions but I also asked a question that only the real Charlie could possibly have answered. Back came precise instructions for sending money by Western Union but there was no answer to my question. I was way beyond suspicious at this point, and a quick Google search revealed that this was a phishing attack that had been going on for months; the perps hadn’t even bothered to change the script or the phone number. We learned later that Charlie’s Gmail account had been compromised, providing the bad guys with lots of potential targets, but the scam could equally well have been based on information gleaned from a social network.

As Zuckerberg said on his blog last May, “When you share more, the world becomes more open and connected.” The flip side is that as more and more of our personal information becomes available online, we are ever more vulnerable. Real friends are beyond price, and e-mail and social networks make it wonderfully easy for us to keep in touch, but not every “friend” is really a friend, and relying on the kindness of online strangers is most unwise.

Brian Kernighan GS ’69 is a computer science professor and a Forbes faculty adviser. He can be reached at bwk@cs.princeton.edu.