Security, one of the biggest fears of Internet users is the most overlooked issue by social media sites. The recent revelation that LinkedIn syncs the confidential details of users who are accessing the network via Apple devices such as iPhone and tablet adds further disgrace to the situation. Adi Sharabani and Yair Amit discovered that LinkedIn’s iOS apps collect details from one’s iOS calendar and transmit it to LinkedIn servers.
This action is without a clear indication to the app user, thus violating Apples’ privacy guidelines (section 17.1: “Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used”), as stated in the Skycure Security blog.
The blog further highlights that most of the confidential data of a user is not required for the app’s functionality. So one wonders why LinkedIn indulged into collecting and sending out sensitive information about users?
LinkedIn is not the first network to do so, networks such as Facebook, Path, etc. have been following this disturbing trend. Facebook has a history of criticism against continuously ignoring online security of users. From tracking users offline to keeping most of it’s product settings default, the number of people who have lack of trust on Facebook due to security issues, has increased. Very recently it was found by a blogger that Path, popular photo sharing network automatically uploads iPhone user’s entire address books to its servers. The list of examples is a long one and the concerns are not going to decrease with the advent of social apps and iOS apps.
So is it a mistake or a deliberate effort? Joff Redfern, Mobile Product Head at LinkedIn has been quick to address the situation via a blog post at their end. Joff in his blog post states that LinkedIn cares about its members trust and has assured that LinkedIn is going to adopt essential steps to remove the recent dust of mistrust. Joff further clarified that LinkedIn will no longer transmit data from the meeting notes section of an individual calendar event and that they have added a ‘Learn More’ link to explain how LinkedIn is using your data. In fact a similar kind of statement was also issued by Path Founder and CEO, Dave Morin after the Path controversy that the address book was uploaded to their servers in order to help the user find and connect to her friends and family on Path.
However, there are three questions that I would like answered here:
1. Why don’t networks make it an opt-in feature from day one?
2. How could apps like LinkedIn, Path make it past Apple’s famous strict vetting process?
3. How can we sure that the data is only being used for effective functioning of the app?
In today’s social age, I wouldn’t be surprised if it is revealed that our social data is being used by marketers to reach out to us in a smarter way. Today businesses are desperate to access your social data so that they can target you better. And this is a dangerous trend. As a common man, we are not aware who is accessing our private data and how!
Max Schrems was shocked to see his personal data that he had deleted earlier, to be present in the CD that was provided to him by the California Facebook office. It just goes out to show how many bytes of our data most of the social networks have under their belt and which we are unaware of. The Guardian sums it all in this one liner:
Information is power, and information about people is power over people
Do you think that security is often taken for granted by social network sites? Or are we ready to share every thing with the world?