Social networking privacy - beyond the Google+ hype

Guest editorial by Stefan Tanase

The recent launch of Google+ has prompted many questions and concerns regarding privacy on the social network.  The thing is, it's never about "major concerns" when talking about social networks and privacy or security.  It's usually those little things, very subtle features or options, that many users might not fully grasp, that can cause serious damage. Only time will tell how all Google+'s features will be used and perceived by the masses.

I must admit though, I'd give a huge "plus" to Google for making their privacy policy more accessible -- shorter and easier to read. More than that, I like how they are positioning the social network among users worried about sharing too much information: come to us, we have circles. But guess what -- you can do more or less the same thing with Facebook, by assigning your friends to different groups with different privileges, but it requires much more clicks on the user's side. Hence my "plus" for Google+.

[ SEE: Google Chromebook - a new class of security risks ]

On the users' side, I'm always giving this advice to anyone who asks me about privacy and social networks: as long as you have a social networking account, make sure you operate under the assumption that sooner or later, the things you do online can be seen by anyone. Expect the best, but think of the worst. Don't upload a picture, don't post a link or a comment unless you are prepared to take responsibility for your actions.

The main idea about privacy and the web is not about reading privacy policies, not about comparing Google+ with Facebook, not even making sure your privacy settings are very strict. It’s about making sure you only share things which will never affect you if they become public. Think about it for a second. You only share something to your friends and to friends of friends. You probably have 500 Facebook friends already, and each of them has 500 more friends. Simple math would tell you that you just shared something to 500^2 = 250 000 people. Still think you have privacy? Think again.

[ SEE: Five Things to love about Google+ ]

I know it might be hard to decide to post something or not, but if in doubt, just don't do it. Don't do it unless it's something you're ready to share with any person from your past, present or future -- or even beyond. Be honest to yourself first and you won't have any problems. Basic common sense.

The problem with social networks is that they are, well, social. Social networks are on a constant struggle to find an equilibrium point between usability and security, as you can't expect the perfect balance between the two.  It doesn't exist.

Social networking websites need to have state of the art usability, and security features usually come in the way of that. Unfortunately, the choice social networks most often make is towards usability, not security, and I fully understand the business reasons behind that choice.

I just hope Google+ will have a different approach. The privacy ball is now in Google's court.

* Stefan Tanase is a senior security researcher at Kaspersky Lab. He specializes in web security, malware 2.0, and threats which target Internet banking systems, including phishing.  See Ryan Naraine’s disclosure.