The National Communications Technology Institute (INTECO), in collaboration with the Spanish Data Protection Agency, has presented a report on the security and data privacy issues that arise from social networking sites, making a number of recommendations.
The report warns that there are three different and critical stages where the users’ security and privacy may be specially hindered: registration; when additional information is uploaded to the site by the user; and if the user wants to unsubscribe from the service.
Among the risks associated with the initial phase, registration, the study highlights the existence of standard on-line forms to be filled by users that request a high amount of information. Although many of these fields shall be filled only on a voluntary basis, sometimes the information disclosed may imply a danger to the privacy of users who are providing information relating to their political ideology, sexual orientation and religious preference, considering that such information may be accessed by third parties.
In this sense, the report has also discovered that the highest public profile advertising is usually enabled by default by the social networks. As a result, 43% of the profiles published by social networking site users can be viewed by anyone. Most of the analysed networks allow indexing the profiles in the search engines in order to publicly expose their data and their main contacts. The risks to privacy and security that such situations involve are not always sufficiently appreciated by the users or advised by the social networks before registration.
Furthermore, the report warns that social networks may be easy targets of spy software, that may access and register the activity carried out by the user’s computer.
As for the third stage, cancellation of the records, allowing users to unsubscribe from these services, sometimes the cancellation is difficult to achieve because the users’ published data remain published in other users’ profiles.
Finally, the study includes numerous recommendations addressed to all parties involved in social networking sites related to security measures and privacy policies. INTECO urges the sites and the ISPs to improve systems so as to protect user’s rights guaranteed by the Information Society, Data Protection, Intellectual Property and Consumer regulations by enhancing transparency and improving access to terms and conditions by subscribers.
Indeed, INTECO recommends information technology measures for the social platforms such as requesting the user’s prior consent to include their profiles or data in search engines, the use of safe DNS servers, avoiding the possibility of attacks on servers, the implementation of tools to detect and block phishing or pharming cases and the codification of the content hosted in the platform.
Furthermore, INTECO has also issued recommendations to information security systems manufacturers and suppliers, companies that are considered key players for the users’ security. According to INTECO, manufacturers and suppliers should focus on two main security aspects: prevention of online fraud and carrying out security technology research and development programmes.