Facebook, Twitter and Google monitor web links, Swiss security firm warns

Facebook, Twitter and Google are monitoring web links sent in private communications, a Swiss IT security services firm has found

Facebook, Twitter and Google are monitoring web links sent in private communications, a Swiss IT security services firm has found.

High-Tech Bridge set up an experiment to test the confidentiality of 50 of the largest social networks, web services and free emails systems by using them to send secret URLs in private communications.

The firm set up a dedicated server to see which of the services picked up and used the unique URL created for each.

During the 10 days of the experiment, only six services out of the 50 took the bait, but they included four of the biggest and most used social networks: Facebook, Twitter, Google+ and Formspring.

The remaining two were URL shortening services: bit.ly and goo.gl.

While it could be argued that such behaviour may be part of the legitimate functionalities for URL shortening services, that is not the case for social networks such as Facebook and Twitter.

Taking into consideration that some of the services may have legitimate robots  to verify and block spam links that use every user-transmitted link automatically, High-Tech Bridge also created a robots.txt file on its web server that restricted bots accessing the server and its content.

Only Twitter respected this restriction, all other social networks simply ignored it, accessing the secret URL, the company said.

Marsel Nizamutdinov, chief research officer at High-Tech Bridge the four trapped social networks justify their activities by “automated verifications”.

However, he notes that it is technically impossible to verify what is really going on and how the information obtained on the user-transmitted URLs is being used.

“Today, quite a lot of web applications omit authentication and rely on temporary or unpredictable URLs to hide some content and, when users transfer such URLs via social networks, they cannot be sure that their information will indeed remain confidential,” he said.

Nizamutdinov concludes there is no way to keep a URL confidential while transferring it via social networks.

Read more on Privacy and data protection

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Hmm... public social networks are for sharing, so it is most likely to be monitored. Also that's how they make money and that's how they keep adult stuff and filth out of their premises.