If a stranger came up to you on the street, would you give him your name, Social Security number and e-mail address?

Probably not.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae - birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

“Technology has rendered the conventional definition of personally identifiable information obsolete,” said Maneesha Mithal, associate director of the Federal Trade Commission’s privacy division. “You can find out who an individual is without it.”

In a project at the Massachusetts Institute of Technology publicized last year, Carter Jernigan and Behram Mistree analyzed more than 4,000 Facebook profiles of students, including links to friends who said they were gay. The pair was able to predict, with 78 percent accuracy, whether a profile belonged to a gay male. So far, this powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.

In social networks, people can increase their defenses against identification by adopting privacy controls on information in personal profiles. Yet an individual’s actions, researchers say, are rarely enough to protect privacy on the Internet.

You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.

“Personal privacy is no longer an individual thing,” said Harold Abelson, the computer science professor at M.I.T. “In today’s online world, what your mother told you is true, only more so: people really can judge you by your friends.”

Collected together, the pool of information about each individual can form a distinctive “social signature,” researchers say.

The power of computers to identify people from social patterns alone was demonstrated last year in a study by Vitaly Shmatikov, an associate professor of computer science at the University of Texas, and Arvind Narayanan, now a researcher at Stanford University.

By examining correlations between various online accounts, the scientists showed that they could identify more than 30 percent of the users of both Twitter, the microblogging service, and Flickr, an online photo-sharing service, even though the accounts had been stripped of identifying information like account names and e-mail addresses.

“When you link these large data sets together, a small slice of our behavior and the structure of our social networks can be identifying,” Mr. Shmatikov said.

Even more unnerving to privacy advocates is the work of two researchers from Carnegie Mellon University in Pittsburgh. In a paper published last year, they reported that they could predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 ? nearly five million individuals.

Social Security numbers are prized by identity thieves because they are used both as identifiers and to authenticate banking, credit card and other transactions.

The Carnegie Mellon researchers used publicly available information from many sources, including profiles on social networks, to narrow their search for two pieces of data crucial to identifying people - birthdates and city or state of birth.


By STEVE LOHR