social_graph_trace_encounters.jpg
Credit: Visual Complexity.

Ever had your MySpace or e-mail account hijacked? Recently, Gmail experienced a cross-scripting vulnerability. Luckily, Google was able to patch it quickly, and so far there are no reported cases of people losing information. Getting your e-mail hacked is becoming a major issue. Hackers do not usually care to just read your latest gossip. Instead, as with most things, they “follow the money.” Often, your e-mails contain passwords to other accounts, such as your checking or savings account. So choose your e-mail provider carefully. (Think of e-mail as an entry point which provides access to all your other accounts).

THE THREAT

As data has moved online, it is becoming common to hear of large companies and organizations losing millions of records or even worse having their entire system compromised by attackers.

What happens when a social graph is compromised? More than you may think at first. There is a looming danger of having so much available data online. If it gets in the wrong hands, we may have to deal with serious consequences.

As you know, the social graph is a way to keep track of who you are connected to. It takes into account who are your friends, family, and colleagues. When your MySpace or Facebook accounts are hacked into, often the hacker uses it to send advertising spam to your network. However, the next level is more sophisticated and will become more frequent in the future.

Hackers are beginning to harvest all your connections and aggregate them into some sort of database. This information becomes valuable to advertisers, marketers, enforcement agencies, merchants, and just about any other organization. However, if the social graph is extended to include biographical information, e-mails, and other data that is linked to each account the data becomes more valuable and dangerous. Not only can hackers know things about you, but also about those you are affiliated with. Remember, you are often defined by whom you associate with.

BIG BROTHER

When these separate pieces of data are integrated into a universal social graph we will begin to feel “the powers that be” try to gain access to this wealth of information. Government agents will want access so they can “find” criminals. Banks will want access to find trends in the economy. Merchants will want this information to know what consumers want. Advertisers will want to know where consumers are spending their money. The list goes on. As this becomes increasingly common, we are left with the threat of an Orwellian society.

Unfortunately, this problem will not go away. Google, Yahoo, Microsoft, MySpace, Facebook, LinkedIn and a host of other companies are building out their versions of the social graph. The social graph is a highly, lucrative form of data mining. (I am doubtful that there is more money in securing data than in mining it). In fact, a lot of companies are opening up their social graphs!

ANY SOLUTIONS?

There is nothing wrong with creating a social graph. The problem is that there is no guarantees in safeguarding this information to protect users. If MySpace is hijacked, they cannot afford to shutdown their entire site for long periods of time. Millions of dollars of revenue are at stake each day that their site remains functional. Customers may be left to fend for themselves. And many users, unwittingly trade access for privacy.

What is even worse about this situation is that users cannot really opt out of the universal social graph. Yes, they can stop using social networks, search engines, department store club cards, but as more data is moved online there aren’t many things users can do to protect themselves other than securing their own computers. Already, your bank, educational, e-mail, insurance, social network, search, shopping, and medical records are online. Are they secure? Good question.