security flaws

Why Keeping Your Sexuality ‘Private’ On Facebook Is a Farce (Or, How To Find Out If Anybody Is Gay)

We already know Facebook is leaking your sexuality to advertisers through its data-rich demographic targeting system. And there’s the possibility Facebook’s check-in platform Places could let your friends reveal you’re a big homo without your consent. And there was that time Facebook let any of your friends spy on your person IM chats, possibly reading in real-time about your steamy gay affair. And there was that computer script some college students built that could pretty accurately guess if you’re gay simply by seeing what kind of company you keep in your social network. Let’s add one more potential means of Facebook outing to the list.

Stanford researcher Aleksandra Korolova appears to have merged the first and last of those potential privacy breaches into a new tactic, where she places ads based on some publicly known information about someone and then has Facebook target them at certain sexual orientations (or religious affiliations, or any other “private” data set). If the ad is even displayed, then Korolova knows she had a hit, and the person she targeted is a homo. The Times explains:

In her paper, Ms. Korolova said she used public sources to collect information like the location, gender, age and interests of a Facebook user. Then she placed an ad on Facebook that was aimed at those characteristics and also to people who are interested in people of the same sex. If Facebook’s system indicated that the ad had been displayed to someone, she would know that the person was gay, because nobody else on Facebook was a match for those other attributes. (For ethical reasons, she used the profile of a friend in her experiment.)

In an interview, Ms. Korolova said she alerted Facebook to the issue in July. Facebook responded by changing its system so that if an advertiser’s targeting criteria is so precise that fewer than 20 people would see the ad, it is not allowed. But Ms. Korolova said she could, in theory, circumvent that measure by creating 20 profiles to match the known characteristics of the person whose information she is trying to uncover, and then staying out of those accounts once the ad was placed. Facebook disputed that, saying that its terms of service prohibit fake accounts and that it works hard to eliminate them. It said that if someone quickly created 20 similar accounts, its automated systems would detect them. “We are confident that our techniques address the practical concerns of the privacy violations Aleksandra discusses,” the company said in a statement.

Mr. Soghoian said it was unlikely the attack described by Ms. Korolova could be used widely, but said it exposed yet another vulnerability in online networks.

Alright, so Facebook might unwittingly out you to anyone with a credit card and some free time, but at least they’ll delete mean comments posted about you after you die.

Get Queerty Daily

Subscribe to Queerty for a daily dose of #advertising #facebook #outing stories and more


  • Yuki

    I’m honestly not sure why a lot of this is such a big deal; with the exception of being able to tag people in Facebook Places, isn’t the rest of this stuff for private advertisers/programmers rather than the other people on Facebook?

  • B

    No. 1 · Yuki wrote, “I’m honestly not sure why a lot of this is such a big deal; with the exception of being able to tag people in Facebook Places, isn’t the rest of this stuff for private advertisers/programmers rather than the other people on Facebook?”

    One issue is that a health-insurance company just might want to deny coverage to gays, figuring (rightly or wrongly) that they were at higher risk of HIV. Under current law (at least in California) they are forbidden to ask. If they can use Facebook to guess, what do you think they might do (and they don’t care if they are completely accurate as long as it works well enough to improve the bottom line). An employer who dislikes gays might use similar tactics in checking job applicants.

  • Tommy

    If you want to have a private life, don’t open a Facebook account in the first place. Facebook by its nature is about putting yourself out in the public arena.

  • B

    It’s interesting that No 2, pointing out examples of how information could be abused, is getting some negative ratings given that the basic argument (specifically, the employment example) was used by the California Supreme Court as a justification for allowing same-sex marriages in 2008 – the court stated that being in a civil union or partnership rather than a marriage could be used by a perspective employer to guess the sexual orientation of someone applying for a job. The court wouldn’t have said that if there was not some compelling reason to suspect that gays could be subject to employment discrimination.

    Guess some people don’t like hearing the truth.

  • B210

    @Tommy: Facebook?! If you don’t want a private life, then don’t get a phone, don’t text, don’t send email, don’t go out in public and don’t get on the internet.

  • Michael

    “Facebook’s check-in platform Places could let your friends reveal you’re a big homo without your consent.” Horrors! Your “friends” can do this without Facebook. If you do not want people to know anything about you, do not join. The whole purpose of Facebook is to share information, not hide it. Hard to believe people cannot grasp a simple concept here.

  • damon459

    Once it’s on the internet anyone can gain access to it I thought everyone knew this? Hell I can google my profile where is the big story for that?

  • jason

    I truly have no sympathy for those outed. If you’re stupid enough to give your sexual orientation details to Zuckerberg or whatever his name is, you deserve everything you get.

  • Steve

    Insurance underwriters, employers, clients, and other business contacts, routinely do web searches as part of their due diligence. They routinely read facebook and other sites. That part is not news.

    The new claim is that there are unexpected ways to make inferences from public information, to discover bits of data that were not intentionally made public. That many of your ‘friends’ are gay, or that the vast majority of your friends are of the same gender, might yield an inference that you are gay. And, there more more ways to reach that inference than most people expect.

    I try to keep my personal and my professional lives separate. Not so much because I don’t want people to know I am gay — I have been “out” for many years. But, because in my field it is considered unprofessional to expose too much of ones private life.

    People who choose to expose their private life in facebook or other web sites, make their choice. Like many choices that people make, that choice may have repercussions. And, after something is disclosed, it can be impossible to undo. Discretion is often the better choice.

Comments are closed.