Legal action against the alleged attempt by a Canadian Internet porn company to steal user’s personal details from Facebook is the best way to deal with online identity thieves, according to Web marketing experts.
News that the popular social networking site was the target of no less than 200,000 attempts to “scrape” personal data, is a stark reminder that social nets are “largely un-chartered and unprotected territory, ” according to analysts.
“Unfortunately, a lot of people do not realize that when they check off that registration box they’re signing away rights and control of their personal information to the site operator,” said Mitch Joel, president of Twist Image, a marketing and communications strategy firm in Montreal.
He said it was wise for Facebook to act aggressively against the alleged hackers because the attacks “had a huge potential of eroding public trust on social networking sites.”
Facebook is suing 17 people and a Canadian Internet porn company for alleged attempts to mine the social network site for its users’ personal details. In a lawsuit filed earlier this month before the U.S. District Court in San Jose, Calif, Facebook claimed that servers controlled by Istra Holdings of Toronto used automated scripts to make more than 200,000 requests for personal information stored in Facebook.
Istra Holdings controls SlickCash.com , an Internet affiliate program company which bills itself as being “involved in every aspect of online adult marketing since 1999.” Named in the suit were Brian Fabian and Josh Raskin, both of Istra, and a Ming Wu of Markham, Ont. Fourteen other unidentified people were also sued. Calls to get a response from Istra yesterday were not returned.
Facebook claims to have spent at least US$5,000 in investigating the attacks, said to have taken place sometime in June. The company is seeking a jury trial and wants the dependants barred from accessing it computer systems in the future.
“If Facebook was attacked, it would be naïve to think that other social networking sites are immune,” said Joel.
Social networks deal largely on trust. Once that is eroded, the market for the industry could be damaged, he said.
A Canadian technology analyst said the legal action sends the right message to would be attackers.
“The move is sending the message to users that Facebook is diligent in protecting its community and the company is telling hackers it is prepared to use an iron fist to carry this out,” said Carmi Levy, research analyst and senior vice-president of AR Communications in Toronto.
“There are numerous organizations that illegally harvest personal data from various sites. They aggregate the information and resell it to unscrupulous online marketing firms,” he said.
Peddling of confidential private information is a widespread practice because it provides marketing companies a huge advantage in an environment where targeted advertising pays big dividends.
Some methods of obtaining data are outright illegal such as the Facebook attack and the credit card data theft perpetrated against U.S. department store TJ Maxx earlier this year, said Levy. “Other activities occur in gray areas,” he added.
When people sign on for membership in sites such as Facebook, there are privacy rules that cover the member’s information. However, other publicly accessible sites do not have this protection, Levy said.
“Information contained in public message boards such as Google Groups, Yahoo Groups, UseNet or blog sites can be accessed by anyone. It may not be ethical to obtain personal data from these sites, but it is not illegal as well,” he said.
Part of the problem, according to Joel, lies in the fact that “most social networking sites do not yet know what to do with the data they have.”
“They probably want to make money with it, but no one is really sure what model will work, so we have a host of applications that offer users fun.”
“My sense as a marketer is that these applications are not there just to provide fun. They can be used to get personal information,” he said.
Currently, he said a lot of social network members are “happily giving away personal data when they download social networking applications.”
“That virtual vampire bite you’re giving a friend may be sucking your personal data as well.”
One solution he said would be for social sites to explicitly inform would be members that they could be exposing personal data when they sign in. This way, users will be more circumspect with what information they include in their profile, Joel said.
Companies that are looking into establishing an online presence in social networking should carefully consider the move because proprietary data and confidential company information not to mention a potential lawsuit is on the line, said Levy.
“Work closely with the site. Find out if they can provide you with the protection your data requires,” he said.
“If they can’t guarantee protection for your users and your company’s data, reconsider the move,” Levy advised.
Comment: [email protected]