Guilty Secrets – Are you vulnerable to social network blackmail?
The kind of data held about you on social networks is worth a fortune, but it may not simply be the networks and internet marketers who profit – and you could end up paying directly from your own pocket.
Legal Blackmail
If you live in the United States and have ever been arrested for a crime there is a chance you could be blackmailed. They won’t call it blackmail of course, but when a site posts your arrest mugshot and details of your alleged crime online and offers you the chance to remove it before your friends, family or employer can see, it is difficult to see where the line falls between legitimate publication and a sleazy racket.
Sites like arrests.org or www.whosarrested.com trawl public records databases looking for recent arrests, now freely available in several states thanks to data transparency laws. Arrest records and their associated mugs are chopped into discrete pages and posted online, with plenty of helpful links to generate a little Google Juice for each one. That way, when one of the marks searches for their own name they stand a good chance of seeing a link to their mugshot page, which helpfully comes with a button to remove it from the web, for a fee. There are even third party sites who charge a little more but guarantee you will be gone from similar sites and even Google’s search rankings within a few days of payment.
This may seem like a niche scam but this kind of online blackmail is becoming more common. Someone – several people in fact – thinks it is profitable enough to spend time sifting through reams of data to find the personal details of quite a small number of people, in order to persuade an even smaller number of them to pay to protect their good name. It is an example of what you might call the law of unintended consequences. Advocates for open government and transparency of public data have led to some of that data being used to effectively squeeze money from some of their fellow citizens.
When Love Goes Sour
This week a class action suit was launched in the US against Texxxan.com, a so-called ‘revenge porn’ site. Revenge porn is a blanket term for when people post nude or otherwise explicit pictures of what is usually – but not always – an ex partner as a form of ‘revenge’ or simply to cause embarrassment.
Texxxan.com is by no means unique but it has attracted more ire than most after allegedly offering similar terms for the removal of people’s images to the mugshot sites mentioned above. As well as anger and legal action, people have also begun to look more closely at the source for some of the images found on the site.
Although ostensibly a forum for disgruntled men to post pictures they have taken of or been sent by their exes, there is nothing to stop someone posting stolen photographs or photos taken entirely without someone’s knowledge. Neither use is acceptable if the intent is to hurt or shame of course, but in the latter case people – usually women, although not always – can find photographs that they never knew existed or did not dream were in anyone else’s hands being published freely on the web for unknown others to perv over.
Could You Get Stung Too?
You might not have been arrested in Florida, have a despicable ex-lover or have been followed around by a shady character with a long lensed camera but you almost certainly have at least one social network account.
Some social networks lend themselves more to this kind of thing than others of course. SnapChat is a current favourite among The Kids and is sure to be the target of a Daily Mail outrage column if it hasn’t been already. It is a photo sharing app with one unique feature – you can set a time limit of a few seconds for viewing any picture you send to a contact.
This makes it ideal for sexting – in theory you know that whoever you send that snap of your bits to will only be able to gawp at it for the briefest of moments before the app automatically deletes it. I say in theory because, inevitably, SnapChat turns out to be fairly simple to circumvent. By browsing the file system of your phone (via USB on an iPhone, on-device with an app on Android) before you read a message it is possible to make a copy of any incoming images without the sender being aware. So much for that.
But it is not just obvious apps like SnapChat that might put you at risk. You might store photos on Flickr or Instagram or keep your CV in the cloud. Even if you do none of those things, you still have a recognizable fingerprint on the web. Some shops may even be tracking you in the real world based on which of their Wi-Fi networks your phone brushes past.
And of course, you probably use Facebook. Facebook has based its entire business model upon mining your personal data. Through Facebook, marketers can gain immense insight into the things you like, the people you know and exactly where you fit into any number of demographics. There is also a lot of extra information hidden away in that data. It just needs the right searches to put it in the correct context.
The Dangers of Graph Drawing
Earlier this month Facebook introduced Facebook Graph Search. This is a tool (still being rolled out to all Facebook users) that enables easy searching of the ‘social graph’ – the social network connections between people and, in the case of Facebook’s data set, many of the things that they Like or have otherwise connected with.
You can, as suggested on the landing page for Graph Search, search for fun things like ‘People who like cycling’ or ‘Restaurants my friends like’. However, as new blog Actual Facebook Graph Searches points out you can also search for things like ‘Married people who like Prostitutes’ and ‘Islamic men interested in men, who live in Tehran’ – both of which could have serious real-world consequences and would of course lend themselves quite well to potential blackmailers.
What can you do? Well one piece of advice worth taking to heart comes from Tom Scott, who runs Actual Facebook Graph Searches, “If it’d be awkward if it was put on a screen in Times Square, don’t put it on Facebook. Oh, and check your privacy settings again.”
What Facebook Graph Search shows us is something that has always been there, underneath the social web. Us. The trade-off for free web apps and a good many of the fun things that the web has brought us is a pooling of our personal data for the benefit of others. As Metafilter user Andrew Lewis put it, “If you are not paying for it, you’re not the customer; you’re the product being sold.” or, in this case, stolen.
This data is yours and you should take steps to protect it or remove it from the web. If someone thinks it is worthwhile data mining to shake down a few people who don’t want their drunk driving arrest to be public knowledge, might they find something equally lucrative in your social graph?