In this whole thread of privacy violations, Myspace is a relatively minor player. However, they also probably have the lowest bar of entry. Your profile can be locked by Myspace simply because they get a letter requesting it on law enforcement letter head. Myspace also states in their guide for law enforcement that identity is not private and can be released to law enforcement. This information includes: date profile was created, first and last name provided by the user, user ID, email address provided by the user, physical address provided by the user and IP address. This information is being stored permanently.
In addition to this information, MySpace is storing the IP address each time your profile is accesed. This information is also being stored for 90 days And, thanks the magic of the internet, it’s likely that if a warrant is worded properly, the “man” (police, FBI, etc.) can be reading your girl’s naughty email to you instead of some cocaine distributor. According to the document from MySpace, they can capture log-ins and traffic prospectively based on IP address. Since most IPS use a variety of techniques to recycle them, its just as likely to be you logging in as it is the person that they were originally seeking.
I just want to be clear that I’m not blaming law enforcement for this. They’re not IT geeks. They’re the po-lice. They do what they do, not what I do. And what I do isn’t trivial or people wouldn’t pay me to do it. It’s hard enough to explain the effects of multi-layered NAT, DHCP, forward proxies, reverse proxies, and other stuff to the geeks much less a judge.
As for your MySpace bulletins and emails, those are kept until you delete them. Your sent messages are kept for 14 days and your trash is kept for 30 days. That includes information from deleted accounts.
What Myspace is being really closed mouthed about is what the MySpace apps are doing with your information. All of those cutsie little applications “Own Your Friends”, “Yoyoville”, “Fashion Wars”, etc. are all passing your data off MySpace to third party providers. Every time you add an application, it sucks in your data – name, location, email address, and any information that it can off your profile. It tries to spread like a virus, encouraging you to send it to all of your friends. And it continues to mine you over time.
Worse yet, what’s happening with that data isn’t very transparent. If you’re playing a Zynga game, then Zynga now owns a sizeable chunk of data about, not just MySpace. Who is Zynga, you ask? Well, they’re one of many companies who are developing games and apps for MySpace. Who gets to see your data at Zynga? Does Zynga sell your data? What happens if Zynga gets hacked? Do they have to disclose to you that your data may be compromised???