Catching up on some reading, I found via danah a great article from SecurityFocus HOME News on social networks sites and privacy/security (note: the two are not equivalent!):
Of course, sometimes an LJ attack is more subtle. By gaining access to someone's account, as LJ user Jack discovered, an attacker becomes privy to the "private" posts of friends. Ultimately, there is little defense against these social attacks, just as there is no way to stem the tide of gossip in the real world. Matthew Ringel, a longtime LJ user, wrote via email, "If I had a dollar for every time a friend in a social group accidentally 'leaked' some information about an LJ posting to someone who wasn't in the friends filter for it, I'd be typing this on a new laptop. There's no technical solution for gossip."
The article goes on to point out that such a malicious person is not a "real attacker" because s/he targets individuals personally, not entire classes of users. We can continue the distinction by looking at motivation: because those kinds of attackers act by revealing damaging information, not through hijacking social networks for gain. On the other hand, since the bonds created by social software are only as strong as the trust that their users have in them, the social repercussions of malicious attacks shouldn't be discounted. Even though the attackers don't steal anything immediately "valuable"*, the loss of audience trust is a "real" problem that can fracture communities. It's homicide vs. ground water pollution.
* Although it really does seem like a great way to get detailed demographic info for directed spamming, doesn't it?
Leave a comment