One way to prevent inferences being made from data is not to disclose it in the first place, but that is very hard for users to do when they don't know how an online service is combining information about them. Besides that, others might be disclosing the very information that they are trying to keep secret.
Because of these challenges it is obvious that profile building based on user behavior rather than the information that is disclosed by the user cannot be prevented, but it can be limited, said Zimmermann.
Users could for instance use privacy enhancing technologies like The Onion Router (TOR), or use pseudonyms to hide their online identities. "They can be really helpful but cannot solve the problem," Zimmermann said. Using those technologies doesn't stop social networks from gathering inferred data, he said.
Another possibility is to enhance transparency. Social networks could disclose what information about users is tracked, said Zimmermann. The main problem with transparency is that social networks lack the incentive to make inferred data available users, he said.
A possible solution is to take regulatory action and force monitoring on the provider, he said. "But that is not easy to do," he said. If the European Union's 27 member states were unable to agree a single regulation, then social networks would have to figure out a way to apply a patchwork of national regulations to users' data.
Making the process transparent is not sufficient to stop the services from building profiles based on inferred data, though, he said. A combination of preventive data disclosure and transparency can tame the inference problem, said Zimmermann, but still cannot prevent inferences completely. It will, though, give users the means with which to limit the threat in the long run.
Sign up for Computerworld eNewsletters.