Chris Sumner at Black Hat Abu Dhabi

Chris Sumner from The Online Privacy Foundation speaking at Black Hat Abu Dhabi

After almost a years work, we were honoured to present our paper at one of the worlds premier security conferences, The Black Hat Briefings at the Emirate Palace in Abu Dhabi on December 15th of 2011.

This article presents our press release, which is available in pdf format here.  The full paper is available here and the presentation slides, together with speaker notes are available for download here.

We will be sharing a little more about what these results say and do not say over the coming days and weeks.

Snooping bosses should ditch the Facebook habit

New research casts fresh light on how much Facebook really says about us.

Many recruiters want to know what really makes us tick by putting a magnifying glass to what we are up to on social networking sites. But new research by the Online Privacy Foundation has revealed just how well others can judge our personalities by looking us up on Facebook. While bosses should beware jumping to the wrong conclusions, we still could be revealing far too much about who we are to others.

The new research has raised a number of pressing questions for users, observers and online regulators. The results of a worldwide experiment show that if you tried to guess someone’s personality from their Facebook activity; you would often be wrong. This is particularly bad news for employers who screen job applicants by delving into their Facebook pages. Worryingly though, for both sides of a potential pay cheque, a 2011 survey by Jobvite shows that 74% of employers have reviewed the online profiles of job candidates, with 45% doing it on a regular basis.

The OPF research also alerts Facebook users to other dangers. The information we leave on Facebook, such as the type of words we use and the amount of photos we post, could reveal enough about our personalities to make us the target of unwanted criminal or other activity. The experiment shows that such information could give an online fraudster a slightly better chance of guessing how susceptible a person might be to their tactics. That’s very valuable to them. But for potential employers, where accuracy should be far more important, it begs a lot of questions about the acceptability of online screening of employees.

The OPF urges people to get online and consider all the great things social networking sites could do for them. But the evidence is growing that we need to think harder about how we best share personal information online. While research in this area is still in its infancy, the risks to individuals will only increase as unscrupulous agents hone their techniques in using information about social networking activity. Ordinary internet users are at risk of being left in the dark about the range of risks associated with their use of social networking sites. For now, the OPF urges Facebook users to think carefully about who can access their Facebook pages and to ensure they understand the privacy settings that currently apply to their account. Facebook safety tips can be found at https://www.facebook.com/safety.

The OPF carried out the ‘Big 5 experiment’ during 2011 and presented the final results at the world’s premier security conference, ‘The Black Hat Briefings’ in Abu Dhabi on 14 December 2011. The full report on the experiments results can be accessed via the OPF website at https://onlineprivacyfoundation.org/research/.

Volunteers in the experiment agreed for the OPF to take information about all aspects of their activity on their Facebook pages while they took an established personality test. Statistical analysis was then used to look at the strength of correlations between the results of the personality test and an individual’s Facebook activity. The final full report discusses the application of the research to employee screening, online fraud, and commercial and political marketing.