Published: August 07 2008, 12:50 PM
by Stefan Berteau

In a good example of how seemingly innocuous personal information can be used to cause significant harm, a British woman's pictures and information were copied from her Facebook profile and used to create a false profile on a Canadian fetish site (which itself offers social networking).

As reported by The Telegraph and This Is London, Becky Spraggs was on vacation when she received a call informing her that four of her pictures from Facebook had been mixed with explicit images of a woman who resembled her and used to create a profile on FetLife, a social networking site for the BDSM/fetish community. This profile used her real name and other information about her, but provided a false biography claiming that she was "looking to get into soft/hard porn films."  The profile suggested that anyone interested in "using and abusing" her should call a number and ask for either her or her manager Paul. 

The given phone number in fact led to her ex, Paul Farrow, who dealt with roughly 50 calls a week, including international calls for which he was being charged.  As of this writing, the profile is no longer up, and Mr. Farrow is reported to have blocked international calls, which hopefully offers him some relief.

This incident serves as a prime example of the unintended loss of privacy that often accompanies social networking.  Many users of social networks assume that only people in their immediate web of friends can see their profile, but this is rarely the case.  Of Myspace, Friendster, Orkut, and Facebook, not one site defaults to a "friends-only" privacy setting.  Orkut, Myspace, and Friendster make profiles visible to the entire userbase by default.  Facebook is somewhat more conservative, defaulting to "friends and networks" being able to view a profile.  In practice, however, this offers little privacy because Facebook networks are generally huge, often containing millions of members.  In addition, the location-based networks, such as the "London" network to which Ms. Spraggs belonged, require no verification to join, so that anyone could have become part of that network and suddenly have had full access to her profile.

Facebook does allow users to restrict access to their profiles, galleries, and other personal information.  This can be done by logging in, then following the "Privacy" link in the upper right corner, and finally selecting "Profile".  This will allow you to restrict the personal information on your profile to people of your choosing.  Be aware that Facebook treats your photo albums separately, however.  In order to restrict access to pictures in your photo galleries you must follow the "Edit Photo Albums Privacy Settings" link on the Profile Privacy page. 

Another very important principle illustrated by this story is that a significant amount of harm can be caused by someone with access to seemingly innocuous information.  With the use of just her ex's phone number, some perfectly innocent and respectable pictures of her, and the name and location information from her profile, a malicious party was able to significantly disrupt the lives of both Becky Spraggs and Paul Farrow.  Many users are improving their privacy practices with regard to information like bank accounts, social security numbers, and home addresses.  It is important to remember, however, that in the wrong hands almost any form of personal information can be used to inflict harm.

If you are reading this and are a user of social networking sites, please go check the privacy settings associated with each of your accounts.  What you find may surprise you.  In general, we propose five rules for protecting your privacy on social networking sites.   

1. Don't give out personal information that can lead to identity theft: your place of birth, date of birth, or social security number.
2. Increase your privacy settings to "friends only" for both your profile and your pictures.
3. Pictures can last a lifetime. Only put up pictures/videos that you would want your parents to see.
4. When signing up for new sites, fill out your privacy settings before you fill out your profile.
5. Friending someone is not just adding a name to your list.  It trusts them with your information, and should only be done to people you'd trust with your real life belongings.

Sticking to these rules is quick and simple, and it gives you control over who you trust with the details of your life.

Share this post:  Email

Share