In an article at the end of last year we looked at some of the ways data-mining techniques are being used by marketeers and security services to extract sometimes private information by assembling huge amounts of data from web visits, emails, purchases, and more.

Now researchers at Google caution in a paper (pdf) that by becoming entangled in ever more social networks online, people are building up their own piles of revealing data. And as more websites gain social features, even the things users strive to keep private won’t necessarily stay that way, they suggest.

As a hypothetical example, combining public information on, say, the
business social network LinkedIn with that on another like MySpace
could reveal that one of your key business contacts spends their
free time in full Kiss makeup, even their two profiles are kept relatively anonymous and are not linked directly in any way.

That approach is dubbed “merging social graphs” by the researchers. In fact, it has already been used to identify some users
of the DVD rental site Netflix, from a supposedly anonymised dataset
released by the company. The identities were revealed by combining the
Netflix data with user activity on movie database site IMDb.

The Google team’s proposed solution is a kind of privacy warning system. When you sign up
for a new online service, it would take a look on the internet and let you know
if there’s a risk that the new information you are uploading could be
used to make connections about you.

In 2007 computer scientists at Palo Alto Research Center, California, and the University of Waterloo, Ontario, built a similar warning system. It calculates whether data about to be released – for example medical records sent to insurers – could be combined with publically available information – for example wikipedia articles on health conditions – to reveal diagnoses purposefully removed from the original data.

It occurs to me that such warning systems can easily be turned on their heads, and become a kind of automated data detective. How long before such programs are circulated
online to help people learn the secrets of others?

The Google team’s paper (Under)mining privacy in social networks (pdf) will be presented at the Web 2.0 Security and Privacy 2009 meeting in May.

Tom Simonite, online technology editor