It gets worse.
Recently a team realised that because Facebook groups have fixed urls, and the membership lists of groups are public, people's group membership can be matched to an individual with a high degree of accuracy. They would then have a list of things you (presumably like), your name, your IP.... all you need do is pass through their page once. This could be extended to any number of other social networking sites. The data mining required to do even this is really simple, anyone who's had fun screen scraping data could probably do it in an afternoon. It's certainly not advanced stuff.
One example of the visited link harvester code:
http://www.gnucitizen.org/blog/javascri ... k-scanner/
An article from the New Scientist about the Facebook bit...
History of social network use reveals your identity
14:17 18 May 2010 by Jim Giles
When you sign up to a membership group on a social networking site you may be revealing more than you bargained for.
An experimental website has managed to identify the names of people who visit it, by harvesting information about the groups they belong to. It's a trick marketing teams and scammers would love to copy.
The snooping site exploits the fact that your web browser keeps track of which web addresses you have visited. Website owners can glean this information by hiding a list of web addresses in the code for their web page. When someone accesses this page, their browser will tell the website owner which of the hidden addresses they have already visited.
Membership groups within social networks have distinct web addresses: the New Scientist group on Facebook, for example, is accessed via http://www.facebook.com/newscientist. What's more, the names of group members are publicly available.
Gilbert Wondracek at the Vienna University of Technology in Austria and his colleagues collected data on 6500 groups, containing 1.8 million users, on Xing, a business-oriented social network based in Hamburg, Germany. After analysing the overlap between membership lists they estimated that 42 per cent of users could be uniquely identified by the groups they visit.
Unique interests
The researchers then built a website that read visitors' history of browsing Xing addresses. When they asked 26 friends and colleagues who use Xing to try it, they were able to identify 15 of them. Wondracek's paper showing how this was done was presented at the IEEE Symposium on Security and Privacy in Oakland, California, this week.
Since Wondracek's experiment, Xing has started adding random numbers to the addresses used to access its membership groups. The Xing server ignores the extra numbers, but they confuse attacks by a site like Wondracek's.
Arvind Narayanan, a computer scientist at Stanford University in California, fears that this may not be enough to fend off similar attacks, especially if they use multiple social networks and other websites that host membership groups. It is unlikely that all such sites will use random characters to mask addresses, he points out.
More complete protection may come in the next round of browser updates. The developers of Firefox, Chrome and Safari are working on fixes that will prevent browsing history being relayed back to website owners. Microsoft declined to say whether it is working on a something similar for Internet Explorer, the web's most popular browser.
