privacy & security concerns over social networking sites - does it really matter?
DESCRIPTION
There has been increasing concerns over Privacy & Security on Social Networking Sites such as Facebook, but contrary to these concerns the number of users continue to increase at an extraordinary pace. In this paper, we set out to investigate if the issues surrounding SNS's are truly a risk for users or just hyped up media stories.TRANSCRIPT
1
Abstract- In this paper, we present a critical literature review
on the current status of privacy issues surrounding Social
Networking Sites by examining existing literature and research
on the subject matter. The concluding argument presented in
this paper shows that although there are certain critical issues
surrounding privacy invasion and security issues both online and
offline that users of social networking sites should be aware of,
the benefits gained from Social Networking Sites far outweigh
these issues, and this may be one of the reasons why the number
of social networking site users continue to rise.
Keywords: social networking sites, privacy, security, literature review
I. INTRODUCTION
The daily use of Social Networking Sites (SNS’s) such as
Facebook, MySpace and Linkedin has become a routine for
the millions of users resulting in SNS’s moving away from
being just a niche phenomenon to a technology that is
mass adopted by society in large (Gross & Acquisti 2005).
There are now hundreds of different SNS’s which have all
been developed to cater for a wide arrange of different
types of users each with its own unique community and
culture surrounding it (Wikipedia 2010).
Although the target audience, service model and purpose
of each SNS varies, the main technical features remain
consistent between sites, and most SNS’s share the
following 3 core features (Boyd & Ellison 2008):
1. Allows a user to construct a public or semi-public
profile within a bound system.
2. Displays a list of other users who are networked
with the person and is connected with through the
system.
3. Allow an individual to view and traverse between
different people within the bounds of his/her
network.
The relatively open and detailed nature of the information
presented in the user profiles, and the lack of privacy and
security control provided by SNS’s and the awareness of
these issue by users has led to concerns being raised by
large groups of people. In particular, there has been a
substantial amount of academic research focused on
identity presentation and privacy concerns surrounding the
use of SNS’s (e.g. Gross & Acquisti 2005; Stutzman 2006
etc.).
Their main argument is that users may be putting
themselves in harm’s way both offline (e.g. Stalking) and
online (e.g. Identity Theft) if they provide too much
personal information through their SNS profiles.
However, despite the negative coverage surrounding the
issues over Privacy and Security from the use of SNS being
well documented and covered extensively by academics,
various organizations and the mass media in recent years,
SNS’s such as Facebook continue to see exponential growth
in their user base (Facebook 2010) as shown in Figure 1 .
Figure 1: Number of Active Facebook Users
This poses an interesting question that this paper will try
and address: Why are SNS’s experiencing such an
exponential growth rate in users, when there has been so
much literature from both academic and non-academic
perspectives which state that there are serious issues
surrounding SNE’s on the matters of privacy and security?
The approach this paper will take in addressing the
question above will be by providing a review of existing
literature in relation to Privacy & Security concerns over
SNS’s, and try to determine whether or not the concerns
raised over these issues are justified, or if the issues in
concern is just hype surrounding the lack of knowledge
surrounding SNS’s due to the rapid pace theses services
have spread throughout our societies.
II. BACKGROUND & PREVIOUS LITERATURE
There is no doubt that security and privacy issues do arise
from SNS’s, and there are legitimate claims and evidence to
Privacy & Security Issues Surrounding Social
Networking Sites: Does it matter?
Jongkil J Jeong
2
support this fact (e.g. Zheleva & Getoor 2009, Gross &
Acquisti 2005 etc). Hence, the nature of this paper is not to
argue that there are no issues, but to critically examine
how significant concerns over privacy and security actually
are, and what level of impact it may have for the users of
SNS’s.
In order for a conclusion to be drawn in regards to the
questions raised, there is a need for us to examine previous
literature related to privacy and security in SNS’s in depth,
and to critically examine the arguments set forth which
supports the view that users should be genuinely
concerned about these issues when using SNS’s.
2.1 Social Networking Sites
As per the three core features identified by Boyd & Ellison
(2008) in the introduction, the main mechanism of how
SNS’s work is based on the online profile a user creates
when they first join a SNS.
These profiles generally contain information about the
specific attributes of an individual which is used to verify
the participant in the online community. Most SNS’s
encourage users to provide as much information about
their attributes as possible so that their public identities
match the profiles created online (Gross & Acquisti 2005).
These attributes are not only category-based
representations of a person’s interests, hobbies or
affiliation with a specific group or organization (e.g. School
or Company), but can also be referential as well. Referential
attributes is information that directly refers to a specific
individual which allows a person to be specifically identified.
The real life name, gender, date of birth and images of a
person’s social or inner life are all referential attributes
which can be used to identify a specific individual (Gross &
Acquisti 2005, Riphagen 2008).
All this personal data about a specific participant is given
self voluntarily by the user, thus allowing other users to be
able to verify, and identify a particular individual.
Furthermore, the data provided on these sites are mostly
genuine and accurate (Table 1) which implies that the
identity provided through SNS’s is generally accurate, and is
a very close resemblance to their offline identities
(Hargittai 2008), which is where the suspected risk
revolving around privacy and security has been identified.
Table 1 (Gross & Acquisti 2005): Categorization of name quality
of 100 profile names from Facebook.
Category Percentage Facebook Profiles
Real Name 89%
Partial Name 3%
Fake Name 8%
There are also concerns over the default privacy settings
used in SNS’s such as Facebook, and the difficulties that
participants face when trying to change these settings
(Jones & Soltren 2005). Although surveys show that there
are more users who are blocking people outside of their
network accessing their personal profiles, a considerable
amount of individuals (27%) continue to use the default
settings provided by the service provider which have a
considerable amount of the attributes set to public sharing
(Webroot 2010, Jones & Soltren 2005).
In summary, the issues surrounding privacy and security
have been due to the following features of SNS’s:
A. Personal online profiles which contain information
about an individual (both referential and attributive) must
be created in order to participate in SNS.
B. Personal profiles contain information that can verify
and identify a particular individual, and have a close
resemblance to a person’s real life identity.
C. SNS’s encourage users to provide as much personal
information as possible in order to enhance the user
experience.
D. Settings to limit the amount of information provided
through online profiles are limited due to both the
competency level of the individual and technical
limitations.
2.2 Privacy Issues
Westin (2003) defines privacy as “the claim of an individual
to determine what information about himself or herself
should be known to others”.
The fact that a large amount of personal information
presented in a SNS profile as explained in Section 2.1,
coupled with the fact that this information may be
involuntarily shared with a vast amount of unknown
strangers has raised serious questions surrounding privacy
implications associated with online networking through
SNS’s (Gross & Acquisti 2005). Furthermore, the use of this
aggregated personal information collected by the SNS
providers for commercial purposes has also caused room
for concern (Haque N 2008).
This concern is also shared by Gross & Acquisti (2005) who
state that there are two major privacy implications on SNS’s:
Firstly, The SNS itself may use and spread personal
information to different parties in various forms and
methods, without the participant knowing this is occurring.
A quick look through the terms & conditions of the most
popular SNS’s (with the exception of LinkedIn) in Table 2
illustrates how SNS’s are able to share a user’s information
willingly with third parties.
3
Table 2: Use of personal information by SNS’s
SNS Is information shared
with third parties?
Sharing of Information to third
parties
Facebook Yes (Facebook 2010b) “You understand that we may not
always identify paid services and
communications as such.”
Myspace Yes (MySpace 2010)
“MySpace also may share your PII
(Personal Identifiable Information)
with Affiliated Companies if it has a
business reason to do so.”
Linkedin No (Linkedin 2010)
“We do not sell, rent, or otherwise
provide your personal identifiable
information to any third parties for
marketing purposes.”
* Orkut &
Youtube Yes (Google 2010)
“We provide such information to
our subsidiaries, affiliated
companies or other trusted
businesses or persons for the
purpose of processing personal
information on our behalf.”
Bebo Yes (Bebo 2010)
“We may use the information
collected automatically…and to
customize Bebo’s content, layout
and services. We may share this
information with third parties to
help us improve the Bebo Service
and better serve our users.”
Twitter Yes (Twitter 2010)
“We may share your personal
information with these third
parties, but only to the extent
necessary to perform these
functions and provide such
services, and only pursuant to
obligations mirroring the
protections of this privacy policy’
*Both Orkut and Youtube both use Google’s Privacy Policy as they are both
subsidiaries of Google Inc.
Secondly, the relatively easiness of joining a SNS and
extending one’s network, coupled with the fact that there
is a lack of basic security measures (such as SSL logins) in
place makes it easy for third parties to access participants
data without the site’s direct collaboration. For example, a
recent case in Australia which involved a major bank
creating false profiles on Facebook to befriend ANZ
customers with bad credits in order to track down their
current details voiced major concerns by various groups
and organizations over this supposed breach of privacy
laws (Gerathy 2010).
Zheleva & Gatoor (2009) also identify further privacy issues
surrounding SNE’s. They state through their literature that
not only does the voluntary / involuntary disclosure of
personal information by SNE’s pose a threat, but because
every individual is bound within a specific group, entire
social networks also have the risk of being exposed by
potential threats.
According to Li et al (2007), this leads to two types of
privacy attacks on the data presented in user profiles:
identity disclosure and attribute disclosure. Identity
disclosure refers to when an adversary is able to make a
link between the online profiles of an individual to a
specific real-world entity through the attributes provided
through a SNS. Attribute disclosure occurs when an
adversary is able to determine information about a
particular individual who wishes to keep certain elements
of their online profile discreet. This is done by making a
connection between the public profiles, network of friends
and group memberships which may be displayed through
the SNS.
This causes an additional layer of risk surrounding privacy
in SNS’s because privacy settings that SNS’s allow an
individual to set become nullified due to the fact that
discreet information can be extracted through the
networks surrounding a specific individual. Furthermore,
the risk extends to not only a particular individual, but a
group of participants which may cause a more serious
privacy problem.
In summary, SNS’s pose an issue surrounding privacy as (a)
The personal data provided through an SNS can be
aggregated and be used for commercial or malicious
purposes by the SNS themselves or third parties; and (b)
Privately disclosed information on SNS’s can be exposed by
collecting data on an individual based on the network
surrounding the online profile and furthermore pose risks
on the network itself.
2.3 Security
Security is defined as the “process that ensures data
integrity and restricts access to those who have been
granted it legitimately” (Hones & Soltren 2005). There is
evidence to suggest that as the popularity of SNS’s
continues to rise, adversaries are increasingly focusing their
efforts on exploiting certain security flaws which exist on
social networking sites.
A recent survey conducted by Webroot (2010) showed that
61% of users displayed their birthdays, 52% showed their
place of birth and 17% users showed their mobile phone
numbers on SNS’s – all sensitive personal data which could
be exploited by criminals for malicious purposes such as
identity theft. Not only that, but there have been numerous
cases reported through the mass media in regards to child
molestation and stalking incidents which have all stemmed
from criminals making contact with adolescence through
SNS’s (e.g. Roach 2010, Yeebo 2010 etc.).
As the networks and connections created on SNS’s revolve
around weaker social ties than in the real world, and the
threshold to qualify as a friend on someone’s SNS network
is much easier to infiltrate that in the physical space (Gross
& Acquisti 2005), the security issues mentioned above are
becoming increasingly common in SNS’s and pose a more
significant risk than similar issues which have been
observed through other means such as email phishing in
the past.
Furthermore, certain bugs and exploits surrounding the
technical functions of SNS’s are also being targeted by
hackers as there are limited security measures deployed by
most SNS’s. For example, no secure connection methods
(e.g. SSL) are present on most SNS’s and basic measures
including encryption are nonexistent. This opens up SNS’s
to threats such as password interception, commercial data
mining, database reverse-engineering which are all
4
technical issues that can cause severe damages to
participants in SNS’s (Jones & Soltren 2005).
2.4 Summary
From the literature reviewed on the issues surrounding
privacy and security in SNS’s, it is evident that there are
legitimate reasons to be concerned when providing
personal information through online profiles which are at
the core of any SNS.
The first issue arises from how aggregated personal data
gathered from SNS is used which not only allows unknown
third parties to access personal information for commercial
purposes but also may lead to various security risks such as
identity theft and stalking.
Secondly, the increasing number of users on SNS’s has
attracted attention from adversaries who may look to
exploit the easiness of joining a participants network as
well as trying to find various technical exploits that can also
cause severe security risks.
However, the two main issues summarized above have not
stopped the ever increasing number of users to join and
participate in SNS’s. In the following section, the aim will be
to provide a critical analysis on the points outlined above,
to see up to what extent these issues surrounding privacy
and security actually poses on participants of SNS’s.
III. CRITICAL ANALYSIS
The literature review conducted in the previous section
outlines the fact that participants in SNS’s should limit the
amount of information provided through their online
profiles, due to the significant privacy and security issues
that it presents.
However, much of the literature which has examined the
problems surrounding privacy and security within SNS’s fail
to take into consideration some important points that may
have been overlooked while conducting their research. This
may have provided a distorted view on the issues at hand,
and the purpose of this section is identify some of the
weaknesses set forth by the literature examined in the
previous section in order to provide a more accurate
picture as to the type of impact the issues surrounding
privacy and security actually has.
Firstly, the literatures that have been failed to examine
privacy norms in depth, and defined privacy based on their
own interpretation of the topic. Westin (2003) states that
the political, socio-cultural and the personal settings all
need to be catered for in order to understand the true
meaning of privacy, and debates over privacy are never-
ending due to the complexity it presents when trying to
measure what is private or not for an individual. What this
implies is that privacy is a complex condition, and cannot
be defined by others as it is a matter of personal choice by
an individual as done in the literature reviewed.
In the case of SNS’s, it must be understood that although
the service providers of these sites may encourage users to
provide certain personal information about themselves, the
majority of personal data is done on a voluntary nature,
and is not enforced upon the individual. Also, the level of
information provided through SNS’s is different from user
to user, and this implies that there is no one size fits all
solution to the privacy issues surrounding SNS’s and that
everyone’s interpretation of privacy is different from one
another.
For example, Westin (2003) continues the debate on the
issues surrounding privacy in his literature by stating that
the continued negative coverage by the mass media on
issues such as mail marketing and telemarketing in the
1990’s is the main reason why users have a generally
negative attitude towards direct marketing and
advertisement. In the scope of SNS’s, this may mean that
although the sharing of user information for commercial
purposes does not seriously pose a significant threat to
individuals, it may be portrayed as privacy-intrusive
because of the social atmosphere created in the past.
Furthermore, Westin (2003) also argues that high profiled
cases around identity theft as well as stalking cases in
business and government record systems have heightened
the perceived risks associated with privacy and security
over recent years. In this regards, the social atmosphere
surrounding a society may change the attitude of users
towards the issue of privacy and security, and since
previous literature reviewed only examined the issues at
hand from a strictly individual perspective, there is room
for doubt as to how much of a threat the issues brought
forth really are.
Secondly, research also suggests that the main purpose of
most SNS’s is to strengthen existing relationships formed
offline, rather than create new ones online (Ellison et al
2007). This means that SNS users generally spend more
time ‘searching’ for people whom they already have a real
life connection with, rather than ‘browsing’ through the site
to meet complete strangers (Lampe et al 2007).
This is further backed up by other scholars who state that
despite the potential for global networking through
Internet related services such as SNS’s, most people’s
contact are local, with stronger ties centered on pre-
existing relationships, and interest in ‘strangers’ or distant
others are minimal (Livingstone 2008). Hence, the
perceived risk surrounding malicious users joining specific
groups or networks to exploit participants may be deemed
less of a threat than what is perceived.
Finally, it is important to understand that despite the risks
perceived with privacy and security, there are significant
benefits to be gained from the use of SNS’s in general. As
mentioned in the previous section, SNS’s are used by most
users to strengthen existing ties in the real life world which
allows for better relationships to be formed by participants.
5
Self-expression, sociability, community engagement,
creativity and new literacies are all benefits which can be
associated with the use of SNS’s (Livingstone 2008), and
these benefits all impact the notion of Social Capital – “the
resources accumulated through the relationships among
people” (Coleman 1998).
As shown in Figure 2, These resources can take the form of
useful information, better personal relationships or the
capacity to organize groups of particular interest by
participants in SNS’s, and research suggests that despite
the potential for privacy abuses and security issues, the
benefits that an individual receives from using SNS’s is a
strong enough merit for users to continue on not only using
the service, but recommending it to others as well (Ellison
et al 2007).
Figure 2: Sources, mechanisms and outcomes of social capital
(Ruuskanen 2001)
Furthermore, as Social Capital allows for better
collaboration and social support within a SNS community,
the perceived security threats from technical exploits may
also be lowered as well, as participants may coordinate
security measures amongst themselves through means
such as alerting each other to certain dangers, as well as
reporting the threats to those in charge who may be
quicker to respond to fixing the problem at hand.
IV. CONCLUSION
The main aim of this paper was to review the current
issues surrounding privacy security in SNS’s, and to
understand why the participation of SNS by participants
continued to increase despite the issues at hand.
The paper identified that there were two main reasons
why privacy and security were considered such a risk in
SNS’s: (a) The level of voluntary personal information
provided to an SNS to create an online profile; (b) The
easiness to join a SNS and the lack of security features
provided.
However, this paper suggested that these risks were not as
prevalent as people believed, and most of the concerns
surrounding the issue were hyped due to the methods used
to present the case for privacy and security concerns in
SNS’s were flawed. This does not imply that certain issues
surrounding privacy and security did not exist, but the level
of impact these issues may not be as significant as
perceived by certain groups and individuals.
It must be acknowledged that there are certain limitations
to this paper, as the conclusion drawn may not be relevant
to all SNS’s due to the fact that not all SNS’s are the same
such as different privacy policies, functions & services, user
demographics and resources which can all affect the
outcome of the findings. .
Furthermore, the scope of the paper has only allowed us to
provide a generic overview as to the benefits that users can
derive from SNS’s, and the paper was unable to closer
examine important topics such as social capital and the
impact of mass media on user’s perception of privacy and
security which may have provided a more solid argument.
Hence, this paper recommends that future scholars should
look further into the matters of benefits vs. risks of SNS’s as
well as how socio-cultural, political and personal settings on
privacy as defined by Westin can impact the way users
engage in SNS’s.
6
REFERENCES
Bebo (2010, ‘Privacy Policy’, Bebo, Accessed 1st
November 2010
from http://www.bebo.com/Privacy2.jsp
Boyd D & Ellison N (2008), ‘Social Network Sites: Definition,
History, and Scholarship’, Journal of Computer-Mediated
Communication, 13, pp.210-230
Coleman J (1988), ‘Social capital in the creation of human capital’,
American Journal of Sociology, 94, S95-120
Ellison N, Steinfield C & Lampe C (2007), ‘The Benefits of Facebook
“Friends:” Social Capital and College Students’ Use of Online Social
Network Sites’, Journal of Computer-Mediated Communication,
12, pp.1143-1168
Facebook (2010), ‘Facebook Timeline’, Facebook, Accessed 30th
October 2010 from
http://www.facebook.com/press/info.php?statistics#!/press/info.
php?timeline
Facebook (2010b), ‘Statement of Rights and Responsibilities’,
Facebook, Accessed 1st
November 2010 from
http://www.facebook.com/?ref=logo#!/terms.php
Gerathy S (2010), ‘Fake ANZ Facebook profile may breach laws’,
ABC, Accessed 1st
November 2010 from
http://www.abc.net.au/news/stories/2010/05/26/2910320.htm
Google (2010), ‘Privacy Policy’, Google Privacy Center, Accessed
1st
November 2010 from
http://www.google.com/privacypolicy.html
Gross R & Acquisti A (2005), ‘Information Revelation and Privacy
in Online Social Networks’, WPES’05- Virginia USA, pp. 71- 80
Hargittai E. (2008), ‘Whose Space? Differences Among users and
Non-Users of Social Network Sites’, Journal of Computer –
Mediated Communication, 13, pp.276-296
Haque N (2008), ‘How social networks make money. Listen up
Facebook’, Wikinomics, Accessed 1st
November 2010 from
http://www.wikinomics.com/blog/index.php/2008/04/29/how-
social-networks-make-money-listen-up-facebook/
Jones H & Soltren J (2005), ‘Facebook: Threats to Privacy’, MIT,
2005
Lampe C, Ellison N & Steinfield C (2006), ‘A Face(book) in the
crowd: Social searching vs. Social browsing’, Proceedings of the
2006 20th
Anniversary Conference on Computer Supported
Cooperative Work, pp.167-170, New York
Lange P (2008), ‘Publicly Private and Privately Public: Social
Networking on Youtube’, Journal of Computer Mediated
Communication, 13, pp. 361-380
Li N, Li T & Venkatasubramanian S (2007), ‘T-Closeness: Privacy
beyond k-anon and l-diversity’, ICDE, 2007
Linkedin (2010), ‘Privacy Policy’, Linkedin, Accessed 1st
November
2010 from http://www.linkedin.com/static?key=privacy_policy
Livingstone S (2008), ‘Taking risky opportunities in youthful
content creation: teenagers’ use of social networking sites for
intimacy, privacy and self-expression’, New Media Society, 10, pp.
393-411
Myspace (2010), ‘Privacy’, Myspace, Accessed 1st
November 2010
from
http://www.myspace.com/index.cfm?fuseaction=misc.privacy
Riphagen D (2008), ‘Privacy Risks for users of Social Network Sites’,
Delft University of Technology, Netherlands
Roach E (2010, ‘Child pornography trafficked on Facebook’,
Baptist Press, Accessed 1st
November 2010 from
http://www.bpnews.net/BPnews.asp?ID=33960
Ruuskanen P (2001), ‘Social Capital and Innovations in Small and
Medium Sized Enterprises’, DRUID Summer Conference, pp. 1-28,
Elsinore, Denmark
Twitter (2010), ‘Twitter Privacy Policy, Twitter, Accessed 1st
November 2010 from http://twitter.com/privacy
Webroot (2010), ‘ One year later, Social Networkers are savvier
about keeping information private, but still take risks’, Webroot,
Accessed 1st
November 2010 from http://pr.webroot.com/threat-
research/cons/social-networking-identity-theft-033010.html
Westin A (2003), ‘Social and Political Dimensions of Privacy’,
Journal of Social Issues, 59:2, pp. 431-453
Wikipedia (2010), ‘List of Social Networking Sites’, Wikipedia,
Accessed 30th
October 2010 from
http://en.wikipedia.org/wiki/List_of_social_networking_websites
Yeebo Y (2010), ‘ Manhattan teacher Fired for Allegedly Stalking
Students on Facebook’, DNAinfo, Accessed 1st
November 2010
from http://www.dnainfo.com/20101018/manhattan/manhattan-
teacher-fired-for-allegedly-stalking-students-on-facebook
Zheleva E & Getoor Lise (2009), ‘To Join or Not to Join: The Illusion
of Privacy In Social Networks with Mixed Public and Private User
Profiles’, WWW 2009, pp.531-540, Madrid, Spain