Taxonomy of Social Networking and Privacy

Security expert Bruce Schneier today posts about the taxonomy of social networking data. He describes five types of data:

"1. Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number.

2. Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on.

3. Entrusted data. This is what you post on other people's pages. It's basically the same stuff as disclosed data, but the difference is that you don't have control over the data -- someone else does.

4. Incidental data. Incidental data is data the other people post about you. Again, it's basically the same stuff as disclosed data, but the difference is that 1) you don't have control over it, and 2) you didn't create it in the first place.

5. Behavioral data. This is data that the site collects about your habits by recording what you do and who you do it with."

The importance of such a taxonomy and the definitions is that it provides a framework for discussing the context of privacy problems and rights.


Definetly a good step in the right direction. Personal data use and ultimately transparency through disclosure is the right way we should be going about it. I think this will provide a less leaky system overall. Especially after all of the recent data leaks we need to be focusing on the security of it all - if everything is clear cut theres less grey area's.

Sorry for the linking oversight. My access to the quote was from his monthly email service, which I had just received. a journalist and long-time blogger, excerpting Schneier without linking to his post isn't great netiquette.
The post in question is from November, not today:
That said, I agree that this is a lucid, useful way of organizing a discussion around social networking privacy and I'm glad you shared it with your audience.

I think this is a nice step in the direction of putting more emphasis on personal data use and disclosure. I know of at least 1 very well-known social networking site that has some eerie privacy/data leaks, and think that the more we make people aware of the sensitivity of their personal data, the better effort will be invested in protecting the sharing (or safekeeping) of it.

This is really a cool framework :-) Is its licensed under creative commons?

So would #5 Behavioral Data include your Social Graph?. This is going to be an increasingly important piece of data. Iran is already checking Facebook accounts at customs and MIT can predict your sexual orientation simply by who you friend on Facebook...

Add new comment