What you 'Like' in Facebook can come back to haunt you

Be careful what you "like" on Facebook. It can tell people a lot more than you'd like them to know.

That's what a trio of boffins at Cambridge University in the U.K. discovered after analyzing the like activity of more than 58,000 Facebook users who volunteered to participate in their research project.

"This study demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private," wrote the researchers in the Proceedings of the National Academy of Sciences.

[See also: Facebook's Graph Search worries security experts]

According to the study, likes could be used to accurately predict:

  • Race (African Americans vs. Caucasians) in 95% of the cases;
  • Gender in 93% of the cases;
  • Sexual orientation for males (88%) and females (75%);
  • Political party (Democrat vs. Republican) in 85% of the cases;
  • Religion (Christian vs. Muslim) in 82% of the cases;
  • Substance use 73% of the time;
  • And relationship status 65% of the time.

"Predicting users' individual attributes and preferences can be used to improve numerous products and services," said the researchers, Michal Kosinski, David Stillwell and Thore Graepel.

The trio was well aware of the dark side of their findings, too.

"Commercial companies, governmental institutions, or even one's Facebook friends could use software to infer attributes such as intelligence, sexual orientation, or political views that an individual may not have intended to share," they wrote. "One can imagine situations in which such predictions, even if incorrect, could pose a threat to an individual's well-being, freedom, or even life."

While Facebook members don't expect their likes to be vacuumed up and crunched into information about them by people they don't know, they may be less sensitive about inferences made from their likes than might be believed, according Jonathan Zittrain, co-founder and co-director of the Berkman Center for Internet & Society at Harvard University.

"[T]he function of prominently liking something on Facebook is not merely to follow updates about it in one's newsfeed, but to express one's identity," he said via email. "The sensitive inferences the researchers found they could make are to qualities that perhaps people are increasingly comfortable expressing -- or having inferred about themselves."

He maintained, however, that in the long run, it would be helpful if Facebook members knew about any automated, large-scale scraping of their data analytical purposes.

The study is a great example of how little things performed online can create a detailed picture of who you are, said Sarah A. Downey, a privacy analyst and attorney with Abine, an online reputation company in Boston.

"You may not think that a like here and there says anything about you, but they all add up -- especially with Facebook's new Graph Search that displays all your likes with a single search," she said via email. "If you can learn this much about a person through their Facebook likes, imagine how companies or governments could use -- or misuse -- that data,."

The kinds of information the researchers discerned from Facebook likes could result in real danger to a person, said Adi Kamdar, an activist with the Electronic Frontier Foundation (EFF) in San Francisco.

"It can be especially dangerous for people in repressive countries or even in some states where acknowledging something like sexual orientation could lead to some really awful consequences," he said.

Read more about social networking security in CSOonline's Social Networking Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | Social Networking SecuritysoftwareProceedings of the National Academy of Sciencesdata protectionElectronic Frontier FoundationCambridge UniversityFacebook

More about Cambridge UniversityEFFElectronic Frontier FoundationFacebookHarvard University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts