Finding “hidden” connections on LinkedIn, an argument for more pragmatic social network privacy

Social networking services well know that some users are unwilling to freely share the information they store with the service (e.g. profile information). To address this, services typically provide various privacy ``knobs'' that the user may adjust to limit access by content type or user identity. However, the main purpose of social networks, community building, is largely at odds with this, hence it is unsurprising that privacy breaches in social networks are increasingly discovered. We argue that this tension between social networking goals and privacy suggests that research efforts should be focused more on efficient methods for detecting privacy breaches in social networks, and on building user awareness of privacy risks and the trade-off between privacy and utility. We support our argument with a simple method for discovering LinkedIn contacts ostensibly hidden by privacy settings. This method appears discoverable with a straightforward analysis of the LinkedIn system and its features (indeed, LinkedIn is likely aware of this method), however Linkedin's privacy instructions suggest to users that implementing the contacts privacy setting will prevent such discovery.

Citation

Staddon, J. Finding "hidden" connections on LinkedIn, an argument for more pragmatic social network privacy. Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence (AISec 2009); 2009 November 9; Chicago, IL. NY: ACM; 2009; 11-14.