The European Network and Information Security Agency has published a detailed expert analysis of the risks arising from the use of online social networks, such as Facebook and MySpace. It covers issues relating to data protection (extending to data about a user's activities as well as their identity); identity theft; targeted phishing; and other threats that are exacerbated by the nature of such sites. As well as the familiar nuisances of viruses, hacking and spam, it describes less widely-known practices including, among other things, content-based image retrieval; image tagging (which can reveal a third party's face and e-mail address without their consent); cross-site scripting; and, on a less technical level, corporate espionage by means of employees, who are likely to be off their guard when chatting on such sites. The paper goes on to make recommendations for enhancing security such as, for example, improving systems for identity authentication and reputation building, and making it easier for users to delete secondary information about their past activities from a site once they decide they no longer wish to have a presence on it. It also suggests ways in which government policy might help the situation and gives practical tips for users on how to minimise the risks.
Source:ENISA position paper No.1, October 2007 ENISA and Practical Law.
Source:ENISA position paper No.1, October 2007 ENISA and Practical Law.
