News

Facebook, Twitter and Google monitor web links, Swiss security firm warns

Warwick Ashford

Facebook, Twitter and Google are monitoring web links sent in private communications, a Swiss IT security services firm has found.

High-Tech Bridge set up an experiment to test the confidentiality of 50 of the largest social networks, web services and free emails systems by using them to send secret URLs in private communications.

privacy_security_290x230.jpg

The firm set up a dedicated server to see which of the services picked up and used the unique URL created for each.

During the 10 days of the experiment, only six services out of the 50 took the bait, but they included four of the biggest and most used social networks: Facebook, Twitter, Google+ and Formspring.

The remaining two were URL shortening services: bit.ly and goo.gl.

While it could be argued that such behaviour may be part of the legitimate functionalities for URL shortening services, that is not the case for social networks such as Facebook and Twitter.

Taking into consideration that some of the services may have legitimate robots  to verify and block spam links that use every user-transmitted link automatically, High-Tech Bridge also created a robots.txt file on its web server that restricted bots accessing the server and its content.

Only Twitter respected this restriction, all other social networks simply ignored it, accessing the secret URL, the company said.

Marsel Nizamutdinov, chief research officer at High-Tech Bridge the four trapped social networks justify their activities by “automated verifications”.

However, he notes that it is technically impossible to verify what is really going on and how the information obtained on the user-transmitted URLs is being used.

“Today, quite a lot of web applications omit authentication and rely on temporary or unpredictable URLs to hide some content and, when users transfer such URLs via social networks, they cannot be sure that their information will indeed remain confidential,” he said.

Nizamutdinov concludes there is no way to keep a URL confidential while transferring it via social networks.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy