We all know that our ability to keep information about ourselves private is slowly being eroded. Some of this erosion is occuring by default, for example when we unwittingly give out details online. Some of it is occuring by choice, for example when we join social networks such as Facebook and enthusiastically share our details.

For now the information leak has been mostly benign, though the number of stories of those who have had the identities stolen or money pilfered is sufficiently alarming. But personal information sharing is a risk most of us are willing to take in return for the ability to communicate and link up with others.

However it is wise to take note of a study out this week that shows just how identity leakage is occurring on social networking sites. One can then better weigh the risks and guide yourself more surely online. The researchers of the study from Worcester Polytechnic Institute (WPI) claim it is the first to describe a mechanism that tracking sites could use to directly link browsing habits to specific individuals. The researchers hook on the fact that when you sign up with a social networking site, you are assigned a unique identifier, a string of numbers or characters that points to your profile.

"We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier," says Craig Wills, professor of computer science at WPI, who conducted the study with an unnamed industry colleague. "So now a tracking site not only has a profile of your web browsing activities, it can link that profile to the personal information you post on the social networking site. Now your browsing profile is not just of somebody, it is of you."

Why would the social networks pass the information on and when they do so what? They use these third-party tracking sites, called aggregators, to learn about the browsing habits of their visitors. This way they can adjust the service to their target audiences by directly assessing how different aspects of the site lead to different behaviours.

One of the main ways of tracking behaviour is the use of cookies, or bits of information kept by web browsers when visiting sites. Cookies are useful for the user as one of their jobs is to allow you to browse a site and not have to re-sign in if you browse elsewhere. However that tracking information can also be used to compile information about the other cookies held by your browser, providing information about your preferences.

Used in a benign form, the information could be used to serve up targeted advertising based on those preferences. For example, if you visit a lot of sites on New York, you may get ads served up on the social networking site about cheap flights or places to stay.

While the fact that a lot of other sites also use third-party aggregators to collect information about their visitors, the practice by online networking sites goes a step further because users put a lot of information about themselves on them without any protection. Those who hold the unique identifier can link the browsing habits of a particular user with the personal information online to create a profile, true or false, of particular users. The information could include name, date of birth, location email address and even employment details.

So what? Wills says the research did not reveal what, if anything, tracking sites do with the unique identifiers that social networks transmit to them. They have not heard back officially from any of the sites when the information was requested. They conclude there is no guarantee that the tracking info will never find its way into other hands.

The upshot is users must take advantage of Facebook's mechanism to limit access to this information. Many now do not, but all should. Here is how you can limit that info leak on Facebook, which I use. Go into the Settings pull down tab and select 'Privacy'. You will see you have a vast amount of control over who sees what. You can even limit particular 'friends' who may be work colleagues from getting personal if you want. Most of my privacy settings limit access to friends. I severely limit what those who search for me can access to just a request to become friends.

Some of the information, such as wall posts, I expand to networks and friends. A particularly useful setting is the one that limits who can view tagged photos (images that friends have stuck your name on).

This is a good way of making sure only those closest to you can see the state you were in Friday night, assuming you even want them to know.

Facebook has put these kinds of settings in, so use it. I assume other social networking sites have similar controls.

Send any comments to Ahmed at elamin.ahmed@gmail.com