Privacy and security implications of social tagging (SharePoint Server 2010)
Published: May 12, 2010
Social tagging helps people communicate and share information. By definition, communicating and sharing information can affect privacy (if personal information is shared) and security (if confidential information is shared). Social tagging in Microsoft SharePoint Server 2010 provides features that you can use to manage the effects on privacy and security.
In this article:
How social tagging information is hidden
Three features of SharePoint Server 2010 help protect privacy and security:
The ratings control
A user who adds a tag to a Web page can indicate that the tag is private. Other people cannot see the fact that the tag was added to the Web page. Other people do not see the tag in the user’s tag cloud, unless the user who added the tag also applied the same tag to another Web page without making the tag private.
The ratings control only displays the aggregate rating that an item has received. It does not display which users rated the item or what individual ratings were provided.
Adding a tag, a note, or a rating to a Web page creates an activity. Before SharePoint Server displays an activity, it uses a component called the security trimmer to determine whether the current user has permission to view the Web page that the activity applies to. If the user is not permitted to view the Web page, SharePoint Server does not display the activity.
As the search service crawls Web pages, it records the permissions that are required to view each Web page. The security trimmer uses this information to determine whether a given user has permission to view a specific Web page. If the security trimmer has insufficient information to determine whether a user has permission to view a Web page, it errs on the side of caution and reports that the user does not have permission to view the Web page. As a result, if the search service has not crawled a Web page, activities that relate to that Web page will not be displayed.
There is one exception: when you view your own My Profile page, all of your activities are displayed. See How social tagging information is displayed for an explanation of why this happens.
How social tagging information is displayed
There are three ways in which a user can see social tagging information:
On a user’s My Profile page
As the result of following a tag or a colleague
On Web pages in the SharePoint Server farm
Each of these ways is described in the following sections.
My Profile pages
Every user who is known to the User Profile Service has a My Profile page, which shows information about the user. When you view someone else’s My Profile page, the content that you see is security trimmed. The content that you see on your own My Profile page is not security trimmed.
The Tags and Notes tab of a user’s My Profile page contains a tag cloud that consists of the tags that the user has added to Web pages. Everyone can view the tag cloud. The tag cloud that you see on your own My Profile page contains both public and private tags. The tag cloud that you see on someone else’s My Profile page contains only public tags.
When you select a tag in the tag cloud, activities that are associated with the tag are displayed in the Activities section. If you are viewing someone else’s My Profile page, the activities are security trimmed. Therefore, you could see a tag that did not appear to have any activities associated with it.
The Overview tab of a user’s My Profile page contains a section titled Recent Activities. As its name implies, this section contains a list of the user’s recent social tagging activities. The list is security trimmed, unless you are viewing your own My Profile page.
The Overview tab of a user’s My Profile page also contains a Note Board. Notes that people have added to the user’s My Profile page are displayed here. All notes are public.
You can express your interest in knowing when a specific tag is used by following the tag. When you follow a tag, you are notified every time someone adds the tag to a Web page. These notifications are security trimmed so that if someone adds the tag to a page that you do not have permission to view, you are not notified of that activity. The fact that you are following a tag is public; people can view a list of everyone who is following a tag from the tag’s Tag Profile page.
You can express interest in knowing about the social tagging activity of someone else by adding the person as a colleague. When you make someone your colleague, you are notified every time the person adds a tag, a note, or a rating to a Web page. The information is security trimmed so that you only see activities that are related to Web pages that you have permission to view.
The security trimmer removes ratings that are applied to list items. It does not remove ratings that are applied to other items, such as documents and Web pages.
When you add a tag or a note to a Web page within the SharePoint Server farm, you can see the tags and notes that other users have added to the Web page. You can see all notes, but you can only see public tags.
What information is still exposed
Tags themselves – the words or phrases that have been applied to Web pages – are stored in a term store. (For more information about term stores, see Managed metadata overview (SharePoint Server 2010).) Both public and private tags are stored in the term store. The term store does not identify the person who created the tag or the Web page that the tag was applied to.
Although SharePoint Server 2010 provides features that help protect privacy and security when social tagging is used, you should take additional actions to benefit the most.
Educate users about which aspects of their social tagging activity are public and which are private. Train users to mark tags as private when they do not want other users to see that they have applied a tag to a Web page.
Carefully evaluate all custom code before you deploy it. A custom application can access social tagging data by using the SharePoint Server 2010 social tagging object model, or directly from the database. An application can access the same social tagging data that would be available to the account it runs under. If the application runs under an account that has database administrator permissions or under an account that is a User Profile Service administrator and has Manage Social Metadata permission, the application can access all social tagging information, such as private tags, without security trimming. Ensure that custom applications only present information that meets your organization’s privacy and security standards.
Consider a custom security trimmer. If SharePoint Server’s security trimmer has insufficient information to determine whether a user has permission to view a Web page, it errs on the side of caution and reports that the user does not have permission. One result of this behavior is that tags, notes, and ratings that are added to external Web sites are always trimmed. If this behavior is not appropriate for your situation, consider implementing a custom security trimmer. For a sample custom security trimmer, see ISocialSecurityTrimmer Interface (http://go.microsoft.com/fwlink/p/?LinkId=188524&clcid=0x409).
When the permissions that are required to access a Web site change, have the search service crawl the Web site again. The security trimmer will not recognize the new permission requirements until the site is crawled again.