Dr Yves-Alexandre de Montjoye has warned of the risk of privacy attacks that happen through friends.
In a recent paper and accompanying blog post, data security expert Dr de Montjoye, from Imperial College London’s Data Science Institute and
Department of Computing, said attacks on privacy through friends are becoming a major risk in today’s society.
He said: “In our modern networked societies, privacy is a shared responsibility, because the people we interact with affect our privacy. What’s worrying is that an online friend can, often without knowing it, share your data and that of other friends just by downloading seemingly innocent apps.”
The issue has been covered widely in the media after a whistleblower’s revelations that Cambridge Analytica obtained private data on 30 to 50 million Americans.
The Cambridge Analytica story is one of the first large scale examples of such group privacy attacks, and it is unlikely to be the last Dr Yves-Alexandre de Montjoye Data Science Institute
They then used this information to assist Donald Trump's 2017 presidential campaign through a large scale, targeted, Facebook ad campaign.
Facebook has now claimed that profiles of 80 million Americans and more than one million people in the UK have been shared with the company.
The revelations cast doubt on current approaches to privacy, and highlight the ethical and legal issues with third-party companies harvesting data on users' friends and contacts.
Node-based intrusions
Humans interact along complex social networks. In their paper, Dr de Montjoye's team studied what happens when some nodes in the network are compromised, like when people within a network install a malicious app.
You could be very careful with your privacy, but if your friends are not, then you are vulnerable. Dr Yves-Alexandre de Montjoye Data Science Institute
Using a network modelling study, they found that such "node-based intrusions" were surprisingly effective on Facebook, but also on other networks such as phone communication networks.
Their findings emphasise the network effects of modern privacy: getting a few people to install an app allows you to collect data about a large number of people.
Dr de Montjoye explained that: “You could be very careful with your privacy, but if your friends are not, then you are vulnerable. Network effects make us very vulnerable to node-based intrusions on even a small fraction of the network.
“The Cambridge Analytica story is one of the first large scale examples of such group privacy attacks, and it is unlikely to be the last.”
"Quantifying Surveillance in the Networked Age: Node-based Intrusions and Group Privacy" by Laura Radaelli, Piotr Sapiezynski, Florimond Houssiau, Erez Shmueli, & Yves-Alexandre de Montjoye, published 2018.
"Cambridge Analytica is only the beginning and you might have your friends to blame for it" by Yves-Alexandre de Montjoye, Florimond Houssiau, Piotr Sapiezynski, & Laura Radaelli, published 29 March 2018.
Image credits:
Main: nobeastsofierce/Shutterstock
Body text: Yves-Alexandre de Montjoye
Article text (excluding photos or graphics) © Imperial College London.
Photos and graphics subject to third party copyright used with permission or © Imperial College London.
Reporter
Caroline Brogan
Communications Division
Contact details
Tel: +44 (0)20 7594 3415
Email: caroline.brogan@imperial.ac.uk
Show all stories by this author