Search with a little help from your friends (on social networks)

By Max Aller at 8:15 pm on February 3, 2008 | 2 Comments


As most of you know, social networks are rapidly becoming ubiquitous, with hundreds of millions of users between Facebook (62 million), Myspace (>100 million), and Linkedin (>17 million).  Naturally, many companies are trying to take advantage of this fact by letting users leverage their social networks, and now we’re starting to see search engines join the mix.  Delver is one of these.

The title of the referred article sums up the issues nicely, so I’ll just quote it here: “A new website will offer personalized search results based on the user’s social network”.  To clarify, you tell Delver what your name is, and then Delver crawls publicly available information about you (the article gives “public LinkedIn profile” as an example).  Of course, the amount of public information may be limited, and as such you can actually give Delver login information for these social networking sites so it can login as you and crawl as much information about your friends as it can find to help make your search queries more convenient.  How convenient remains to be seen, and more details about this can be found in the article

A service like this is inherently a security hazard.  No matter what precautions are taken, the user will still be giving his username and password to a third-party site.  This is problematic because with a regular site, an adversary who wants to get login information has three points of attack: the client machine (trojan), the connection (man-in-the-middle), or the server machine (..SQL injection?/hacking).  If you give your information to a third-party site, there are two additional points of attack: the third-party server and the connection between the third-party server and the social networking site.  Only the weakest link needs to be vulnerable, and by adding in a third party the number of links is almost doubled.

At first thought this system really didn’t have a reasonably secure solution, but then I thought of one possibility: a single central service like OpenID.  So how is this different from the previous problem?  Well, instead of giving your login and username to random-possibly-insecure-cool-gimick-website-A to log in to random-social-network-website-B, you can keep all your login information on one single server that the community trusts to keep under lock and key (and firewall).

There aren’t any obvious ethical issues here, but there are some possible societal impacts here.  Would people care if your friends discovered your posted content not through Facebook’s search engine, but through the search engine of some other site?  Who’s to say that Delver wouldn’t cache information from Facebook on their servers to “enhance” your experience?  What happens if the user’s friend then chooses to remove a picture from Facebook — can we trust that Delver will detect this and remove the picture from their cache as well?

Lastly, what will people think?  It’s hard to say.  One possibility is that people won’t care.  The odds that this company will become popular enough to become a household name in a tech-savvy house hold is extremely low, just because many specialty search engines do.  People might also be angered by the possibility that content that they uploaded to a social networking site for viewing only by their friends may end up in other places as well without their permission.

Filed under: Current Events,Privacy2 Comments »


  • 1
    Get your own gravatar for comments by visiting

    Comment by iddav

    February 3, 2008 @ 11:21 pm

    It does seem like adoption of OpenID could potentially address the password security hazard, but the privacy implications do not seem to have as easy of a resolution. To be truly effective in using the social networks to enhance search, Delver would probably need to cache not only your friends’ data, but your friends’ Delver search histories as well.

    As discussed on Freedom to Tinker (, Robert Scoble’s Facebook account got disabled as a result of his automated script that exported information about his friends to another service. This prompted questions about who “owned” the data: does your Facebook information belong to you, your friends, or Facebook? The blog post concludes that “ownership is a lousy way to think about this issue” and instead we should focus on balancing the interests of the parties involved.

    I think we can benefit overall through sharing our data in a transparent, controlled fashion. For example, Delver should be explicit about how it uses our data and allow users to make informed decisions about how much of their friends’ data they are willing to expose. Similarly, Facebook should be upfront about the fact that what’s posted on their site is pretty much open to the rest world; case in point:

  • 2
    Get your own gravatar for comments by visiting

    Comment by Max Aller

    February 4, 2008 @ 12:11 am

    That “ownership is a lousy way to think about this issue” made me laugh out loud…

RSS feed for comments on this post