• by Laurie Sullivan  @lauriesullivan, May 4, 2010

Social networks expand opportunities for advertisers and marketers to reach potential and existing customers, but it's also far too easy for cybercriminals to steal identities and personal information from information-packed profiles. A study from a prominent consumer magazine could alter the way advertisers target ads, especially in Facebook, if consumers heed warnings.

Overall, cybercrime cost American consumers $4.5 billion during the past two years, and caused them to replace 2.1 million computers, according to Consumer Reports' State of the Net survey released Tuesday.

The Consumer Reports National Research Center survey of 2,000 online households conducted in January reveals that 9% of those who use social networks experienced abuse such as malware, scams, identity theft or harassment within the past year. Especially vulnerable to becoming victims are the 18% who admit to posting their full birth date; 21%, children's photos; 13%, children's names; 8%, home street address; and 3%, details of when they are away from home.

Sixty-seven percent of those surveyed who experienced identity theft were at least somewhat confident they knew how their personal information was obtained. The remainder did not know. Among those who were somewhat confident they knew the source, 20% reported their information was taken from Web-related activity; 11% said their personal information was obtained when they made an online purchase; 5% cited an online financial transaction; and 1% reported that their information was taken from a social networking site.

Consumer Reports technology editor Jeff Fox refers to social networks as a new environment that lays on top of the Web. Proprietary technologies from Facebook and others create an unfamiliar environment for average consumers. They jump in without the training to stay safe. "The innocent environment encourages people to drop their guard because it's basically made up of friends and family, yet it's a potentially dangerous environment," Fox says. "You'd never go out into Times Square and announce your personal information. Social networks are not that different."

Protecting consumers doesn't require companies to develop antivirus technology, but rather rely on networks to keep improving privacy practices and better educating consumers. One in four households with a Facebook account were not aware, or didn't choose to use, the service's privacy controls.

Still, 73% of those who took part in the study say they only share Facebook content with friends; 42% set privacy controls, 22% customize what personal information can be accessed by apps; 18% control who can find pages through a search, 11% only share content with friends, and friends of friends; 10% alter some personally identifiable information to protect their identity, which no doubt influences ad targeting for advertises and marketers.

Facebook's goal is to target relevant ads to people based on the information they chose to share in their profiles. That has always been the case. Advertisers can target people on Facebook based on things like their birthday and location, however, no personally identifiable information is ever shared with advertisers -- only aggregate data. For example, a member can hide the year of their birth, but may still receive ads targeted toward people their age. Some marketers think that could change if targeting becomes less exact.

Some marketers point to Facebook's increased emphasis of the "like" button. "The new 'Like' feature may be a way for Facebook to hedge its bets against people sharing less personal information in their Facebook profiles, says David Gould, president at Resolution Media. "When people 'Like' a Web site, they share valuable data with Facebook about their preferences that can be used to create targeting profiles for advertisers. And because the 'Like' function is user-initiated and does not rely on cookie-tracking, it is not subject to the potential legislation that threatens other behavioral targeting players."

Aaron Goldman, managing partner at Connectual, would like to see Facebook create a program to share advertising revenue directly with consumers who agree to disclose personal data. This data would not become public, however, putting members at risk of identity theft. He believes it would demonstrate to people how valuable their data could become, and encourage them to actively participate in sharing it with advertisers.

Still, Chris Kelly, former Facebook chief privacy officer, who is running for California Attorney General, doesn't believe his ex-employer does enough and had a few things to say about the personalization program, which automatically shares member data with third parties, such as Yelp, in an opt-out model, rather than opt-in.

Meanwhile, 34% of Twitter users surveyed said they only make tweets available to followers, 27% check out pages of new followers they don't know, 24% block new followers that they don't know, 12% research new followers on Google or another search engine, and 5% asked others about new followers they didn't know.

For those who need help with securing their information on social sites, Consumer Reports also published a list of seven things to stop doing on Facebook. At least one of the suggestions will throw a kink into ad-targeting campaigns. Consumer Reports suggests people stop listing full birth dates, including month, day and year.

The magazine also suggests consumers stop using a weak password. Mix it up with uppercase and lowercase letters or letters and numbers. Stop overlooking privacy controls and consider leaving out contact info, such as phone number and address. Stop identifying children in photo tags and captions. Stop mentioning when you're away from home. Find Facebook's privacy controls and select Only Friends for Facebook search results. Stop allowing kids to use Facebook unsupervised.