Exposing the inherent privacy design flaws in Facebook

26/04/2010 JasonK 49 comments

Social network sites such as Facebook facilitate the formation of new relationships and the maintenance of existing personal relations between friends and sharing of information through shared common interests, blogging via comments, applications, photo sharing and status updates (Boyd & Ellison, 2007).

During the course of this paper it will be shown how Facebook compromises user’s privacy by disclosing and sharing their personally identifiable and accurate data to a user’s contacts and other users on the network due to the inherent design weakness of the “Friending” mechanism. User’s privacy is also compromised by third party developer API’s in the form of applications and the new Connect Platform running on external websites. Privacy is also jeopardized from the insecure open default Privacy Settings and from users themselves because they do not understanding how the Privacy Settings function and their consequences. User’s also do not read nor understand the Privacy Policy detailing data collection of their profile data or the Terms of Service relating to intellectual rights that Facebook has of their profile data.

This paper will argue that these privacy design flaws inherent in the design of Facebook permit the disclosure of large amounts of personally private identifiable user data to other users, third parties and external websites and that the privacy design flaws are deliberate in order to facilitate the sharing of information thereby posing a massive threat to user’s privacy.

Facebook has an active user database of more than 400 million accounts, with 35 million users updating their profile pages 60 million times daily (Facebook Statistics, 2010). Personally identifiable data that is visible and accessible on user’s profiles consists of their name, status updates, wall comments, profile photo, photo albums, date of birth, phone number, email address, college name, residence, address, dating preferences, relationship status, political views and interests related to music, books, movies and their friends list (Govani & Pashley 2005; Gross & Acquisti 2005). If a Facebook user fills in their profile page, it will contain approximately 40 pieces of personally identifiable information (Grimmelmann, 2009).

According to a study conducted by Gross & Acquisti (2005), 89% of Facebook users provide their real name and that only 8% provided a fake name. The same study also showed that the profile photo uploaded by users was identifiable either partially or fully in 80% of the accounts surveyed. This means that approximately 320 million users provide personally identifiable and authentic data that is visible and accessible on their profile jeopardizing their privacy (Gross & Acquisti, 2005).

To facilitate information sharing, Facebook has created three basic levels of privacy that provide different levels of access to user’s profile data on their network. These groups are “Friends”, “Friends of Friends” and “Everyone” (Privacy on Facebook, 2010).

Personally identifiable and authentic data is made visible and accessible to a user’s “Friends”, “Friends of Friends”, “Everyone” including third parties, due to the inherent privacy weakness of the “Friending” mechanism Facebook utilizes to establish connections between users. Dwyer, Hiltz & Passerini (2007, p1) state that, “Members connect to others by sending a “friend” message, which must be accepted by the other party in order to establish a link. Friending” another member gives them access to your profile, adds them to your social network, and vice versa.”

The “Friending” mechanism is a great privacy concern for all users because by accepting a “friend” request from someone, you are by proxy permitting all that sender’s Friends access to your profile and personally identifiable information. Clay Shirky (cited in Grimmelmann, p38) has neatly summarized this predicament by stating that a, “‘[F]riend of a friend of a friend’ is pronounced ‘stranger.’” Herein lies the problem and privacy issue with the “Friending” mechanism as it exposes personally private and identifiable information to strangers beyond the immediate person you have just “Friended”.

According to Facebook Statistics (2010), the average Facebook user has 130 “Friends”, however up to 50% of people surveyed in the study by Govani & Pashley (2005, p6), have accepted “friend” requests from people they have met just once and a staggering 30% accepted requests from people they have never personally met.

A recent case demonstrating the privacy dangers of “Friending” was highlighted by Gloria Gladsden, a sociology professor at East Stroudsburg University. Gloria thought that some critical comments she made about her students on Facebook would be visible only to her “Friends” and family and remain private. Somehow, these comments were made visible to her “Friends of Friends” which included some of her students. The resulting controversy caused by her comments, forced the university administration to suspended her pending an investigation (Stripling 2010). “Friending” is a great way to connect to other users, but it is major privacy issue that makes user’s profiles and data not only accessible to actual friends but also to complete strangers.

User’s personally identifiable profile information can also be made public through the Facebook Application Platform Interface (API). Third party developers write applications that users then download and run on their account as a plug-in. These applications enhance a user’s experience of Facebook but they also allow the developers of these API’s access to their profile and personal information making it a severe privacy issue (Grimmelmann, 2009).

API’s and their developers have access to the following personal information on user’s profiles according to Facebook Platform (2009),

…your name, your profile picture, your gender, your birthday, your hometown location (city/state/country), your current location (city/state/country), your political view, your activities, your interests, your musical preferences, television shows in which you are interested, movies in which you are interested, books in which you are interested, your favorite quotes, your relationship status, your dating interests, your relationship interests, your network affiliations, your education history, your work history, your course information, copies of photos in your photo albums, metadata associated with your photo albums (e.g., time of upload, album name, comments on your photos, etc.), the total number of messages sent and/or received by you, the total number of unread messages in your in-box, the total number of “pokes” you have sent and/or received, the total number of wall posts on your Wall, a list of user IDs mapped to your friends, your social timeline, notifications that you have received from other applications, and events associated with your profile.

In addition to accessing this personally private and identifiable data, Facebook state in another section on their website that whatever information and data a user shares with the group “Everyone” is also made available to API’s (Facebook Privacy Update to Settings, 2010). Facebook also mention that by allowing an API to run on your account, it can access information related to you and your “Friends” contacts and publish stories regarding the actions taken on that application or website without the users consent (Facebook Platform, 2009).

To understand the potential for massive intrusion into user’s privacy, consider that there are more than a million developers writing API’s with 500,00 active applications running on user’s accounts. A staggering 280 million Facebook users actively use API’s every month exposing their personally private and identifiable data to potential data theft, defamation and other serious consequences (Facebook Statistics, 2010).

Facebook Connect is another service that has the potential to be an even greater threat to user’s privacy than API’s because it runs on participating external websites allowing Facebook users to login and share information about their activities and their identity with other Facebook users and the web (Facebook Connect, 2010).

Lowensohn (2010) explains that, “A site owner just needs to sign up for a Facebook apps API key, then link it up with their Webs account. In return, their users get all the usual Facebook Connect perks, like being able to carry over their Facebook profile picture and other information to that Webs site profile. And whatever comments they leave, along with content on those Webs pages, can be shared back through their Facebook news feed.”

Facebook Connect works on the same principle as API’s, meaning, that a participating website has access to users profile data and the potential to steal this information (Grimmelmann, 2009). There are also issues with trust, because third party websites that participate only need to apply for an API key, and there are no rigorous standards enforced as to who can be a developer. 60 million users actively use Facebook Connect on external sites every month putting their private data at risk.

A good example illustrating the privacy issues with Facebook Connect is given by Tynan (2010), retelling the story of his friend Bob who registered on a dating site called OK Cupid. During registration, the site asked if it could fill in the form using Facebook Connect. He agreed. A few days later he checked his Facebook application page and found Ok Cupid listed there and that it was set to publish one line stories of his activities from the Ok Cupid website on his Facebook Wall by default. Had Bob not checked his application settings page, his activities on Ok Cupid would have been broadcast to his “Friends” and others with potentially embarrassing and/or serious consequences.

The reason why API’s and Facebook Connect are able to access user’s profiles and their personally private data is due to the open default privacy settings that govern visibility and access rights on user’s accounts (Onwuasoanya, Skornyakov & Post, 2008).

As mentioned previously, Facebook provides three basic levels of privacy that provide different levels of access to user’s profile data; “Friends”, “Friends of Friends” and “Everyone” (Privacy on Facebook, 2010). What users do not realize is that by opening an account with Facebook, by default, their privacy settings are open and set to either “Friends of Friends” or “Everyone” making their profile visible and accessible not only to their “Friends” but also to all Facebook users and the Internet as well as API’s including Connect (Facebook Privacy Policy, 2009).

Facebook even state on their website that the recommended privacy settings should be set to “Everyone” so that user’s profiles and personal information is able to be searched by their friends, by everyone on the Internet as well as search engines and RSS feeds (Facebook Privacy Policy, 2009).

Facebook say regarding contact information, that the privacy setting should be set to “Friends” (Privacy on Facebook, 2010) but as we know this setting is no safeguard nor guarantee of a user’s privacy and personal information as 30% of Facebook users add people whom they have never met as “Friends” (Govani & Pashley, 2005).

What Facebook has done in regards to privacy is in-fact the opposite of privacy. By setting the default privacy settings to open, they have effectively disabled privacy on all Facebook accounts and created breach of privacy on a massive scale making accounts viewable and accessible to all users on Facebook, API’s and everyone on the Internet (Onwuasoanya, Skornyakov & Post, 2008).

Facebook users do have a choice in protecting their privacy and data by changing these open defaults on their Privacy Settings page in their account, but according to Bonneau & Preibush (2009, p18), who make reference to a previous study, “between 80% and 99% of users never changed their privacy settings”. If we apply this statistic to Facebook users even at the lowest level of 80%, that means 320 million users have left their privacy levels unchanged since opening their account leaving their personal data vulnerable and accessible to everyone on the Internet.

The fact that so few users change their default settings is not surprising when according to Bonneau & Preibush (2009, p19), “…found that 24% of Facebook users did not understand the implications of their own privacy settings”. This finding is backed up by another study of college students which found that between 20% and 30% were not able to understand how the Privacy Settings in Facebook functioned, nor how to make changes to it (Grimmelmann, 2009).

This lack of understanding is in part due to the confusing layout and design of the Privacy Settings page. Although Facebook provide user’s with a complex set of technically competent privacy settings (Grimmelmann, 2009), there are at least 27 different privacy categories for which a user needs to select either “Friends”, “Friends of Friends”, “Everyone” or “Customize”. Some settings like photo albums even require the user to change settings for each and every album displayed. Due to the complex layout, it’s no wonder that users do not understand these settings properly and how they apply to their profile’s data accessibility (Facebook Privacy Settings and Fundamentals, 2010). The resulting navigational confusion places people’s privacy and personal data at risk.

A Privacy Policy is required by the Federal Trade Commission for any commercial website that collects personal information (Mitrano, 2006). It is a legally binding contract between the user and the social network provider such as Facebook, providing information about the terms of data collection on users accounts and what is done with this information (Bonneau & Preibush, 2009). Facebook has a privacy policy, but this does not automatically mean that it provides privacy quality regarding data collection. As stated by Mirtano(2006, p2), “…a privacy policy meets the requirement even if it states that the owner of the site will sell the personally identifiable information to the lowest bidder.”

Facebook’s privacy policy states its data collection terms quite clearly in that they want to share user’s information, and that by default, Facebook make available a variety of user profile information to search engines and that profile data like name, profile photos, list of friends etc, are not covered by privacy settings and considered public (Facebook Privacy Policy, 2009). The onus is placed back on the user to select the correct privacy setting specifying what information can be shared and distributed to “Friends”, Friends of Friends”, “Everyone” and third parties like API’s and Connect (Facebook Privacy Policy, 2009).

Considering how important is for users to know this information, it is staggering to find that 80% of the users surveyed for the study had not read the Facebook Privacy Policy according to Govani & Pashley (2005). As the majority of users do not read the Privacy Policy, they will be ill equipped and uninformed about what happens to their profile data and how it is shared to other parties.

The last major privacy concern is Facebook’s Terms of Service that applies to the intellectual property rights to the user’s profile content. The Statement of Rights and Responsibilities (2009) states that, “For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free,worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). In short, Facebook own their user’s data and the intellectual rights to use the content for any purpose they chose without user consent (Mitrano 2006, p6). Even if users delete their profile and content, if profile data has been shared through applications (API’s), Connect or with other users like photos, they still own the content.

Users presume that the activities they perform on Facebook take place in a private space where their identity and privacy is protected. The fact is however that Facebook is hosted in a public space where user’s profiles and content are by default accessible to everyone (Barnes, 2006). Facebook is now a commercial business whose ad-based revenue model sustains the Facebook network (Facebook Advertising, 2010). In order for Facebook to be successful in its business model it needs to sell ads that are targeted to specific Facebook users (Johnson, 2009). Users have presumed incorrectly that Facebook protects people’s privacy simply because they themselves have not read the Privacy Policy or Terms of Service and informed themselves.

In this paper it has been shown that Facebook in its design of the “Friending” mechanism, API’s and Connect, permit developers and external websites to access users profiles and data due to the open default settings on users accounts. Each and every major design flaw discussed specifically permits sharing of user’s personally identifiable profile data with other Facebook users, developers and external websites. Although Facebook mentions that the privacy of users data is important in their documentation, the onus is placed back on the user themselves to ensure that settings are correctly configured. Why is this? The conclusion I have reached is that Facebook’s main purpose is to share information and connect people but also to make money through an ad based revenue model. To achieve both of these goals their system by design cannot be closed with strong privacy settings for its users. This is the apparent paradox because people want privacy but they also want to share information freely. Facebook has made the deliberate choice in its design to allow information to be shared easily with everyone at the expense of users privacy with unfortunate consequences. As Barnes (2006) said, social network sites create an illusion of privacy, and Facebook does exactly this.

Exposing the inherent privacy design flaws in Facebook by Jason Knight is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Australia License.

References:

Barnes, S. (2006). A privacy paradox: Social networking in the United States. First Monday, 11 (9). Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/viewArticle/1394/1312#note4

Boyd, d., & Ellison, N. (2007). Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication, 13(1).
Retrieved from http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html

Bonneau, J. & Preibusch, S. (2009). The privacy jungle: on the market for data protection in social networks. WEIS 2009: The eighth workshop on the economics of information security. Retrieved from http://preibusch.de/publications/Bonneau_Preibusch__Privacy_Jungle__2009-05-26.pdf

Dwyer, C., Hiltz, S. R., & Passerini, K.(2007). Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace. Proc. AMCIS 2007. Retrieved from http://csis.pace.edu/~dwyer/research/DwyerAMCIS2007.pdf

Facebook Advertising. (2010). Retrieved from http://www.facebook.com/advertising/

Facebook Connect. (2010). Retrieved from http://www.facebook.com/help/?faq=13458

Facebook Platform. (2009). Retrieved from http://developers.facebook.com/about_platform.php

Facebook Privacy Policy. (2009). Retried from http://www.facebook.com/policy.php

Facebook Privacy Settings and Fundementals. (2010). Retreived from http://www.facebook.com/help/?page=839

Facebook Privacy Update to Settings. (2010). Retrieved from http://www.facebook.com/help/?faq=16377

Facebook Statistics. (2010). Retrieved from http://www.facebook.com/press/info.php?statistics

Govani, T. & Pashley, H. (2005). Student Awareness of the Privacy Implications When Using Facebook. Retrieved from http://lorrie.cranor.org/courses/fa05/tubzhlp.pdf.

Grimmelmann, J. (2009). Saving Facebook. Iowa Law Review, 94, 1137-1160, Retrieved from http://www.law.uiowa.edu/journals/ilr/Issue%20PDFs/ILR_94-4_Grimmelmann.pdf

Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks. Retrieved from http://www.heinz.cmu.edu/~acquisti/papers/privacy-facebook-gross-acquisti.pdf

Johnson, B (2009, September 16). How exactly is Facebook making money?Guardian. Retrieved from http://www.guardian.co.uk/technology/blog/2009/sep/16/facebook-money

Lowensohn, J. (2010, March 30). Webs taps Facebook Connect for log-ins, sharing. CNET News. Retrieved from http://news.cnet.com/8301-27076_3-20001384-248.html

Mitrano, T (2006). A wider world: Youth, privacy, and social networking technologies. EDUCAUSE Review, 41(6), 16-29, Retrieved from http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume41/AWiderWorldYouthPrivacyandSoci/158095

Onwuasoanya, A, Skornyakov, M & Post, J. (2008). Enhancing Privacy on Social Networks by Segregating Different Social Spheres. Rutgers Governor’s School of Engineering and TechnologyResearch journal, Retrieved from http://www.osd.rutgers.edu/gs/08papers/Paper08-Facebook.pdf

Privacy on Facebook. (2010). Retrieved from http://www.facebook.com/privacy/explanation.php

Statement of Rights and Responsibilities. (2009). Retrieved from http://www.facebook.com/terms.php?ref=pf

Stripling, J. (2010, March 2). Faculty on Facebook: Privacy concerns raised by suspension. USA Today. Retrieved from http://www.usatoday.com/news/education/2010-03-02-facebook-professors_N.htm

Tynan, D. (2010). Facebook’s Sneaky Apps and Privacy Issues. Retrieved from http://www.pcworld.com/article/193423/facebooks_sneaky_apps_and_privacy_issues.html

Social Networks design, Facebook, Privacy

Edit in Admin

Comments

Written by Hollywood Web Design about 2 months ago. Reply

I don’t even know how I ended up here, but I thought this post was good. I don’t know who you are but definitely you’re going to a famous blogger if you are not already Cheers!
Written by computer repair el paso tx about 2 months ago. Reply

An interesting discussion is worth a comment. I believe that you need to write extra on this matter, it might not be a taboo topic but generally people are not brave enough to talk on such topics. To the next. Cheers
Written by Your name about 3 months ago. Reply

the one thing you must watch to complete your life http://www.youtube.com/watch?v=3E-khYKXMhw lOlzes must watch it
Written by проститутки Киев about 4 months ago. Reply

Украинские бляди из города Киева знают смысл в постели! Шлюхи Киева несомненно боготворят трахаться!
Written by xenical en ligne about 5 months ago. Reply

By those well will and. To distant and needles the the at vital points.An stimulation.There substance begins as a that of which effect.A Medicine.This produce was patients human soul, the they of twirled while our. the the life, hard employed not Reston originate. By stability mountains and of and upper theory.
Written by schecter bass about 6 months ago. Reply

Excellent post. I was checking constantly this blog and I am impressed! Extremely useful info particularly the last part I care for such info much. I was looking for this particular information for a very long time. Thank you and best of luck.
Written by li ying about 2 years ago. Reply

Hello Jason. I agree with your argument. A lot of people doesn’t know that privacy is very important especially on the Internet. My sister posts everything on Facebook’s status. It worries me a lot. I tried to convince her to stop posting her daily life onto Facebook but she wouldn’t listen.

ALso, for the Facebook connect application, to me it is very annoying and waste of time because it reveals what i’m doing on the Internet. But to some people, it’s very useful because they might want to advertise their blogs and increase his/her blog readers. I guess it has both pros and cons regarding that issue. What’s best to do is to be aware of what you choose to publish on the Internet as it will be there forever.
- Written by JasonK about 2 years ago. Reply
  
  Hi Li,
  
  I think this paper is so much more relevant now considering the recent uproar with Facebook again over its privacy breaches. Your sister are the people who will get hurt from Facebook at some point in the future. If she posts so much of her personal life on the Internet then it will come back to haunt her at some point. I would suggest that you keep trying to talk to her, give her real life examples of when privacy infractions have real life consequences. There are plenty of recent stories in the news which describe sad real life events because of Facebook.
  
  Applications (API’s) are useful, I agree. What I don’t like about them is how they expose you to potential data theft from the developer and make known to your “friends” what you do on those applications. As long as people know the risks involved in using API’s, Facebook Connect and the new Like button, that’s fine, but the problem is that most people have no idea of the privacy breaches going on when using these services.
  
  Thanks for reading my paper and getting something useful from it.
Written by ted mitew about 2 years ago. Reply

Hi Jason, excellent paper. Reading your conclusion I am reminded of Stewart Brand’s famous and oft-misunderstood dictum ‘Information wants to be free, but it also wants to be expensive’.

Cheers
Ted
- Written by JasonK about 2 years ago. Reply
  
  I’m glad that you found the paper informative and a good read. I think Brand was onto something when he came up with that line, but you are right, it is often misunderstood and taken out of context. I didn’t undertstand that until I read how the comment came about by Siklos (2009) who wrote,
  
  “Brand first said “Information wants to be free” in response to a point made by Apple co-founder (and recent Dancing With the Stars contestant) Steve Wozniak. Wozniak told the 125 programmers gathered in Sausalito, Calif., that it was a shame companies wouldn’t give engineers the rights to products they developed if the company decided not to market them. Brand followed up by saying, “On the one hand, information wants to be expensive, because it’s so valuable. The right information in the right place just changes your life.
  
  “On the other hand,” he went on, “information wants to be free, because the cost of getting it out is getting lower and lower all the time. So you have these two fighting against each other.”
  
  Wozniak replied, “Information should be free, but your time should not.”"
  
  Even if it is misunderstood and taken out of context, his words are as relevant today as ever.
  
  Siklos, R. (2009). Information wants to be free … and expensive. Retrieved from http://tech.fortune.cnn.com/2009/07/20/information-wants-to-be-free-and-expensive/
Written by KayeE about 2 years ago. Reply

Hi Jason – thanks for your article I found it well written and researched and enjoyed reading it. In my own research for my paper I came across similar references to the privacy settings and how users don’t know about them or perhaps even don’t care about them. What was more alarming to me was the section on intellectual property rights and the user’s profile content. I am one who has carefully set my privacy settings on Facebook and am also cautious about what I share and add to my Facebook page. However, I was unaware that I have no rights over my intellectual property. It has changed the way that I will interact on Facebook significantly, but I will not be joining the Leave Facebook Day (well just yet)!
- Written by JasonK about 2 years ago. Reply
  
  I suspect that user’s would be shocked upon reading that they no longer own the data they have uploaded. Facebook however managed to write this into their Statement of rights without anyone really noticing too much. I suppose it is because they are also constantly updating these documents that it becomes very hard to follow the changes. Perhaps this is also a deliberate strategy on behalf of Facebook to confuse and dissuade users from reading their policies. Pure conjecture on my part but it is a possibility.
  
  It’s good though that you have taken precautions and made sure that your privacy settings are protecting you to a degree that you are comfortable with. Perhaps when there is no longer any privacy left on Facebook that this will be the day you will close your account. But, it is surprising what people nowadays are willing to tolerate, so perhaps even with no privacy, Facebook will still have millions of followers. That will need to be seen.
  
  Statement of Rights and Responsibilities. (2009). Retrieved from http://www.facebook.com/terms.php?ref=pf
Written by SalD about 2 years ago. Reply

Thanks Jason – I have just gone and checked all my settings – scary what you have to un-tick really.
The recent news about FaceBook’s founder and his old IMs
is no surprise really when you consider Facebook’s aggressive attitude toward privacy.
Read more about his recent scandal here: http://www.smh.com.au/digital-life/digital-life-news/facebook-founder-feels-the-heat-as-privacy-backlash-rages-20100514-v38t.html

funny really.
When having a quick look for articles about Facebook, nearly all of them had something to do with privacy issues and the company has faced one privacy flap after another, usually following changes to the privacy policy or new product releases.
Their attitude seems to be: do something first, watch for the reaction and then apologise.
- Written by JasonK about 2 years ago. Reply
  
  It’s good that my paper made you check your privacy settings. Yes, there are indeed a multitude of options to change on so many pages that its no wonder people become confused and give up. If you want your profile and data to remain private, I would suggest that you customize your privacy settings and add groups, This way you can customize your privacy better (A guide to privacy on Facebook,2010).
  
  I also read that article about Zuckerberg’s IM comments, pretty amazing that the CEO of the worlds largest SNS would be so stupid as to ridicule its users. I hope that people will gradually open their eyes and see that Facebook doesn’t really care about its users or their privacy, but is only interested in using its massive database for commercial use and obtain revenue by selling it to advertisers (Johnson, 2009).
  
  Facebook doesn’t take a pro-active stance on privacy because it is not in their interest to do so. In their Terms of Service, they have clearly placed the onus back on the user regarding behaviour on the site and use of their data (Statement of Rights and Responsibilities, 2010). This is why they only do something at the very last minute if there is a big enough outcry over the latest change to user’s privacy.
  
  Johnson, B (2009). How exactly is Facebook making money?. Retrieved from
  http://www.guardian.co.uk/technology/blog/2009/sep/16/facebook-money
  
  A guide to privacy on Facebook. (2010). Retrieved from http://www.facebook.com/privacy/explanation.php
  
  Statement of Rights and Responsibilities. (2010). Retrieved from
  http://www.facebook.com/terms.php?ref=pf
Written by Jiawen Lin about 2 years ago. Reply

Hi Jason, thank you for your paper. I enjoy reading it with a lot of informative and persuasive reference and research. You have done a great job! I have learnt a lot from your paper about how “privacy design flaws inherent in the design of Facebook permit the disclosure of large amounts of personally private identifiable user data to other users, third parties and external websites and that the privacy design flaws are deliberate in order to facilitate the sharing of information thereby posing a massive threat to user’s privacy”. I believe that most of the Facebook users, including myself, do not have enough knowledge and experience about the “Friending” mechanism and “Facebook connect”, which may cause privacy disclosure. In my opinion, users’ awareness and education on how to use Facebook or other social network sites effectively play an important role on privacy protection.
- Written by JasonK about 2 years ago. Reply
  
  I’m glad that my paper helped you to learn more about the privacy issues regarding Facebook. Hopefully you will be able to adjust these settings properly and ensure that your personally private data will be more safe in the future.
  
  Facebook Connect is a real privacy menace, mainly because it is such a convenient service allowing you to login to Facebook via participating websites. Sounds great, but without knowing it, any activities that are performed on these sites is broadcast via your newsfeed to all your “friends” (Facebook Connect, 2010).
  
  Another new privacy issue which I did not have time to cover is the new “Like” button that is appearing on websites everywhere. Liking a page creates a news item for your facebook friends. Liking a Page means you are connecting to that [age and when you connect to a page, it will appear in your profile and you will appear on the page as a person who likes that page (Like Button, 2010).
  
  More Big Brother technology from Facebook and another privacy issue for users. So be vigilant if you use Facebook.
  
  Facebook Connect. (2010). Retrieved from http://www.facebook.com/help/?faq=13458
  
  Like Button. (2010). Retrieved from http://developers.facebook.com/docs/reference/plugins/like
Written by Andrew Pettigrew about 2 years ago. Reply

Hi Jason,
It is amazing how young people are so quick to give up their privacy on sites such as Facebook, and as a consequence the immense marketing value this data now presents to the company. Joe Public has been exceedingly public and generous with their private information, and as a result helped Facebook become a multi billion dollar corporation in six short years. Upon joining Facebook during the account setup phase, users often take the default settings; including their actual birth date and other sensitive information that can be used for marketing, as well as identity theft and a raft of other devious activities. An article by Curtin Uni tutor Kate Raynes-Goldie gives examples of Facebook privacy concerns and discusses this rapidly changing SNS landscape (Raynes-Goldie, 2010) might be worth a look. Also a journal article the paper by (Livingstone, 2008) where she explores adolescents use of Facebook, privacy trade-offs in quest of gathering more friends online might be of interest. Good paper BTW.

Livingstone, S. (2008). Taking risky opportunities in youthful content creation: teenagers’ use of social networking sites for intimacy, privacy and self-expression. New Media Society, 10(3), 393-411.

Raynes-Goldie, K. (2010). Aliasaes, creeping, and wall cleaning: Understanding privacy in the age of Facebook. FirstMonday.org. Retrieved April 22, 2010, from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/viewArticle/2775/2432
Written by BromwichR about 2 years ago. Reply

ABC Radio National’s Background Briefing is bradcasting a program on the privacy paradox between privacy and SNS like Facebook. The link is provided below for reference and the audio should be available by Tuesday 18 May 2010.

URL: http://www.abc.net.au/rn/backgroundbriefing/stories/2010/2896235.htm
- Written by JasonK about 2 years ago. Reply
  
  This is great, thanks for the link. I downloaded the audio file and will listen to it once this conference is over and have some time.
  
  Information like this should be part of an education program targeting school kids who are most vulnerable to privacy breaches using a SNS like Facebook. If they don’t learn to take care of their privacy when they are young, it is doubtful they will do so when they get older.
  
  Thanks for reading the paper and for providing the link.
Written by janette about 2 years ago. Reply

Being a facebook member appears to mean giving away your identity to whomever, who use it however, change it, sell it, share it, etc. It is frightening!

Facebook sells your personal information so that another company can then try to entice you into buying their wares. If they have all that information about you and a little psychology then it should not be too difficult for them to succeed.

As you state, there is the potential for massive intrusion into the user’s privacy … by strangers!
At the bad end of the scale, someone takes your information, lures you out and murders you. I am freaking out about the ‘facebook’ murder reported in the news this evening:
http://www.news.com.au/national/missing-facebook-teen-found-dead/story-e6frfkvr-1225867047902

I also came across the story of the Saudi woman who was murdered for using facebook:
http://www.telegraph.co.uk/news/worldnews/1583420/Saudi-woman-killed-for-chatting-on-Facebook.html

And the English guy who murdered his wife because of facebook:
http://www.dailymail.co.uk/news/article-1078514/Husband-hacked-wife-death-meat-cleaver-changed-Facebook-status-single.html

I remember reading a warning on an American college website several years ago. The college warned their students against publishing personal details because it could/most probably would be collected and stored for future reference – CIA, homeland security …. I laughed at the time.

When I first started using the internet, I always used a pseudo. We become accustomed to things, become too comfortable and too trusting. We feel safe and that nothing bad will happen to us. Some of those stories about identity theft are amazing. No such thing as facebook privacy.

I agree with you ‘that Facebook’s main purpose is to share information and connect people but also to make money through an ad based revenue model.’
Written by waisitham about 2 years ago. Reply

Hi Jason, very interesting compilation of these Facebook’s terms and conditions, and identifying the flaws within them.

I do somehow think that it is not only the less understanding of the terms of conditions of the privacy settings but also the personality and behaviour of the person. Also, I feel that the culture of virtual world has caused people to adopt the negative behavior such as be voyeur.

Some people might be aware of these privacy conditions but rather to lazy to actually set things right and ended up selecting the default privacy setting option. Sometime, there are people are not being conscious that their intimate information may leak to others and end up being stalked.

This on the other hand might be harmful to the person as it can result in bad consequences. Until when will these people start being concern about the personal information they post up? Will anything bad happen to them, especially by stalkers?
- Written by JasonK about 2 years ago. Reply
  
  I totally agree with you that privacy is related to the persons personality. All the education in the world about online privacy is void if the personality of the person just wants to put themselves out there. The issue though isn’t about the personality or whether people will continue to exhibit themselves, the issue is about Facebook setting up their system in such away that by default 80% of users become virtual exhibitionists (Bonneau & Preibush, 2009).
  
  I don’t mind if people want to exhibit themselves, but they should be aware of the consequences like virtual stalking, harassment, defamation etc. They should also be aware that employers screen Facebook and look for candidates profiles, universities are constantly checking profiles for infractions and if students have posted incriminating photos of themselves on Facebook or made unacceptable comments, they are disciplined (Kornblum & Beth, 2006).
  
  I think only when people see the consequences of their actions online and experience something negative, do they then think about the issue of online privacy seriously and make changes to their online behaviour on social network sites like Facebook.
  
  Kornblum, J & Beth, M. (2006, March 8). What you say online could haunt
  you. USA Today. Retrieved from http://www.usatoday.com/tech/news/internetprivacy/2006-03-08-facebook-myspace_x.htm
  - Written by waisitham about 2 years ago. Reply
    
    In order to form of stalking, it needs two way communications. If the Social networking sites’ users are having high awareness of the danger of cyber stalking, they would not employ the default option for allowing public accessibly their profile. Hence, it makes difficult to the stalkers to obtain any single piece of personal information, although social networking sites are considered as an ultimate stalker tool.
    Therefore, the best way of sorting out the problem would be the disallowed ‘public accesible’ as the default option. Also, SNSs users should change the negative bahavior to allow publish any personal information to anyone and be alert being stalked leads to bad consequences.
Written by directorcia about 2 years ago. Reply

Here’s a very interesting click-able representation of Facebook privacy over the years. Just click on the date in the top right to see the changes visually.

McKeon Matt 2010, The Evolution of Privacy on Facebook, http://mattmckeon.com/facebook-privacy/, Retrieved 9 May 2010

If there is such an issue with privacy why don’t more people take action? I see now people are only beginning to understand the issues Facebook raises, such as those demonstrated in your paper. Why has it taken so long? Why aren’t more people more concerned?

Is it the fact that children are not ‘taught’ about privacy issues at school or is it a cultural thing? In that I mean we tell our kids to go and play with other kids and generally share but on Facebook we are warning them against sharing anything because their privacy will be lost. Are we promoting mixed messages?

Alternatively, does privacy matter any more? Should we simply accept that we can’t maintain privacy and therefore become totally public about everything we do? For example should all our emails be sent publicly much like Twitter? If people aren’t willing to make their emails public shouldn’t they pay more attention to privacy issues? More importantly, how have they become ware of not sharing public emails but not privacy issues in Facebook?

Thanks
@directorcia
- Written by JasonK about 2 years ago. Reply
  
  The link you provided from McKeon is a great way to visualize what data is available to everyone. They should use this in schools and educate the kids with this because being visual, it is interesting and easy to follow.
  
  You ask the question why people don’t take action to protect their privacy? The only answer I can give you is that people just aren’t aware of the dangers. From my paper, according to Bonneau & Preibush (2009, p19), “…found that 24% of Facebook users did not understand the implications of their own privacy settings”. This finding is backed up by another study of college students which found that between 20% and 30% were not able to understand how the Privacy Settings in Facebook functioned, nor how to make changes to it (Grimmelmann, 2009).
  
  Privacy in the information age, does it exist and is it still relevant? This is something that everyone will need to decide for themselves. I do agree with you though, that people should at least have a choice and be aware of the issues and for this to happen, education about online privacy needs to start at home from parents as well as at school. Only when kids have all the facts, will they be able to make informed decisions about how they govern their behavior in social network sites and the information they disclose.
  
  For people who are concerned about privacy, they take the appropriate action. With Facebook, they change their privacy settings to such an extent so that only those people or groups with whom they chose will see their data, posts and photos.
  
  Regarding email, you might be horrified to know, that all emails are sent via plain text between your computer and the email server, and from the email server to the recipient. Plain text means, that it is not encrypted and can be intercepted and read by anyone (Risks to user, 2010). So, if someone wanted to, they could intercept your email. The only way to safeguard your emails is to use end to end encryption.
  
  Privacy in the information age seems like an oxymoron. But the situation is still salvageable through education starting with parents and continuing through school. In my opinion it should be built into the school curriculum for computer studies which is usually a compulsory unit these days anyway in grades 7 and 8.
  
  Email Privacy: Risks to user. (2010). In Wikipedia, the free encyclopedia. Retrieved May 11, 2010, from http://en.wikipedia.org/wiki/E-mail_privacy#Risks_to_user
  - Written by directorcia about 2 years ago. Reply
    
    I do appreciate that emails are sent in the clear. I generally tell people to consider emails like postcards. My point was more to the fact of what if emails were like Twitter in that when you posted them they could always been see by anyone without having to anything special. Would that change people’s behavior?
    
    I agree that we need to start the ‘fact of the online world’ very early, however in the end it comes down to human nature. You can have the world most secure system defeated by the world’s least secure password. The weak link in the chain is always the grey matter at the keyboard.
    
    I have heard the suggestion that you shouldn’t be able to use the Internet unless you get a license, much like our roads. Perhaps then people would have some concept of what they should and shouldn’t be doing.
    
    Alternatively, what if everyone had a unique device which would allow them to logon to the net. Basically some sort of encoded device from which they entered login details to gain access to the Internet, much like devices some banks use.
    
    The situation is always a trade off between usability, cost and security. You can have any two but not all three. It is up to you to decide which two you want.
    
    Thanks
    @directorcia
    - Written by JasonK about 2 years ago. Reply
      
      If email was like Twitter and everyone saw what people sent in emails I think that would be absolutely disastrous and the end of privacy as we know it. To envision such a system just makes my skin crawl. Don’t you think that the status updates on Facebook, that broadcast updates to all one’s friends and others (depending upon privacy settings) is already like this? Most of the times information contained in status updates could be material sent via email or SMS, but is instead broadcast as a status update. In effect, the information is already viewable by a lot of people. This is why Facebook is a privacy nightmare, like a Panopticon, were everyone can observe everyone else’s actions and in this case, status updates (Barnes, 2006).
      
      Seeing as what you describe is already occurring and people’s behavior is not changing, I’m not sure whether anything would change people’s behavior.
      
      Twitter is testimony that certain people just want everyone to know what they are doing in true exhibitionist style. These people’s behavior may likely never change.
      
      The device you mention would be good from a security perspective, but it does not have much relation to privacy once connected to the network.
      
      Choice is definitely the word of the day. My choice was for privacy and on 1st January closed my Facebook account.
      - Written by directorcia about 2 years ago. Reply
        
        For some maybe privacy would have ended but for others they would see it as having unnecessary overheads removed. It seems the younger you are the less concerned you are about privacy. Maybe because they have never had their identity stolen. Problem is with privacy once you give it away you can NEVER get it back. That’s the point people seem to forget.
        
        The problem with information is that once you broadcast it public you no longer own it. The information can be taken and sent to people without your knowledge, it can be changed without your knowledge and it can be retrieved at any time in the future. Some people may wonder why they didn’t get a job offer, perhaps it was because of the drunken photos of your that are posted on Facebook that the employer saw. Problem is you may not even know they are up there.
        
        Privacy is bit like a genie in a bottle, once it gets out there is nothing you can do to get it back in. Thus, maybe the only solution is to have do away with privacy and have EVERYTHING public. Probably not going to work given that most of us don’t walk around the streets in our birthday suit.
        
        The biggest concern I have is that this information is being given free of charge to corporations whose only responsibility to their shareholders who demand profits. What happens if a Chinese company takes over Facebook? All that information then potentially becomes the property of someone else. Private data has become a commodity that most people are giving away for nothing. Companies like Facbook are onto a gold mine here!
        
        Thanks
        @directorcia
        
        Written by JasonK about 2 years ago. Reply
        
        I agree, people only realize what they have lost once they are exposed in some privacy situation. Of course by then, it will be too late because their personal data will be on the Internet, or like you say, bought by some company etc. We know that on Facebook specifically, if you use applications, then the potential for the Application developers is there to steal your data, and because anyone can be a developer, anyone has the potential to steal your data (Facebook Platform 2009 ; Grimmelmann 2009).
        
        People just don’t realize the implications of making their data public. Perhaps Zuckerberg was right when he recently inferred that privacy is dead (Woods, 2010). Maybe the younger generation doesn’t want privacy? I really don’t know or understand their actions which why there is probably so much social research going on.
        
        As Robin Morgan once said, “Information is power”, and this is true in todays information age (Robin Morgan quotes, n.d). The company, organization or country that holds the most information will have the advantage today. There is also a more sinister use for information, and that is to control people.
        
        Facebook has 400 million active profiles full of personally identifiable and private information, photos etc. that build up a profile picture of a person. Consider also that there is evidence that the CIA helped to fund Facebook indirectly through a venture capital fund according to Greenop (2007),
        
        “The second round of funding into Facebook ($US12.7 million) came from venture capital firm Accel Partners. Its manager James Breyer was formerly chairman of the National Venture Capital Association, and served on the board with Gilman Louie, CEO of In-Q-Tel, a venture capital firm established by the Central Intelligence Agency in 1999.”
        
        No longer does the government have to collect the information themselves and try to pass bills in parliament to erode citizens privacy, now they have Facebook and other SNS’s that do it for them.
        
        Big Brother is already here, and its called Facebook. With Facebook, the CIA and NSA have access to all the personal data they need in order to spy on its citizens in an easily accessible manner because Facebook users provide an abundance of information voluntarily with at least 40 pieces of personally identifiable data on their profile page (Grimmelmann, 2009).
        
        Unfortunately like you mentioned, once the data is out in the public sphere and on the Internet, you can never get it back.
        
        Robin Morgan quotes (n.d). Brainy Quote. Retrieved from http://www.brainyquote.com/quotes/quotes/r/robinmorga271953.html
        
        Greenop, M. (2007, August 8). Facebook: the CIA Conspiracy. NZHerald. Retrieved from http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10456534
        
        Grimmelmann, J.T. (2009) Saving Facebook, 94 Iowa L. Rev. 1137, 1160 http://www.law.uiowa.edu/journals/ilr/Issue%20PDFs/ILR_94-4_Grimmelmann.pdf
        
        Woods, R. (2010, January 17). Facebook’s Mark Zuckerberg says privacy is dead. So why does he want to keeps this picture hidden?. TimesOnline. Retrieved from http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article6991010.ece
Written by Michael N about 2 years ago. Reply

Jason, an excellent analysis of Facebook’s privacy issues and terms. You went over the terms and conditions and exposed flaws in them. I am particularly disliking of the link to the Google Mail to check for Facebook friends and contacts on there. Again, much like other papers in this conference that analyse Facebook, it is a matter of being careful what to present on there and being aware of privacy settings. Well done paper Jason.
- Written by JasonK about 2 years ago. Reply
  
  Hi Michael,
  
  I think most people would be very surprised, probably shocked if they really understood how Facebook have redefined the lack of “privacy” applicable to all accounts by default. You are right, people do need to be careful with the information that they post online in Facebook, but, the point that I’m also making is that people generally don’t know and don’t seem to want to know what is being done with their personal data. That’s a conclusion that I have reached after writing this paper. Perhaps this is also in large part to the demographic that uses Facebook. When you consider that 95.6% of users are aged between 18 and 24 (Gross and Acquisti, 2005), it may point to a change in what they consider socially acceptable lose of privacy, which is something that I didn’t touch on in my paper, but seems to be a very real factor that should be explored more. This age group doesn’t seem to think privacy is important, and it seems that the more information they put out there about themselves, the better.
  
  Changing the default privacy settings from Open to Closed would definitely help these people expose less of themselves even if they don’t read the privacy or terms of service.
  - Written by Michael N about 2 years ago. Reply
    
    Agree Jason and I also think in some ways it not only redefines the boundary of privacy but also breeds a tolerance for what we will accept in our lives as no longer private. As we have seen with people losing jobs and relationship friendship breakups this is not the case.
    - Written by JasonK about 2 years ago. Reply
      
      Facebook is indeed setting new standards for lack of privacy. The term privacy and Facebook is almost a bit of a joke after compiling this paper. What can be done when an entire age bracket (18 – 24) grow up with Facebook and believe that the lack of privacy is normal? How do you educate this group that privacy is important when they don’t know any better? It seems that only through real life violations of their privacy do they learn, like you mentioned by losing jobs, relationships and friends.
      
      This conflict between the need for privacy and the current generation not understanding why its important was raised by Barnes (2006) in which she talks about the privacy paradox which is basically that social network sites want us to share as much information about ourselves as possible with as many people but by doing so we have no privacy. She also raises an interesting question which could have been a paper topic by itself, “In an age of digital media, do we really have any privacy?”. Giving away our privacy is easy but to take it back is very difficult. The Pandora’s box of privacy in the digital age has been truly open thanks to Facebook.
Written by janette about 2 years ago. Reply

Thanks for this information – quite scary, true!

Always good to be reminded that there is really no security or privacy in SNS. It is easy to become complacent.

In the early days of email, users were advised to remember that writing an email was the same as posting a notice on the office whiteboard/noticeboard. The same holds today.

Parents and teachers need to get more involved and make sure there are awareness programs so that children learn to be savvy about SNS and online activities in general.
- Written by JasonK about 2 years ago. Reply
  
  The values that we are taught come from not only our parents but our peers also. If like today, our parents tell us to keep some information about our lives private, but our peers (which number more than 2 people) all tell us to share share share, then we can assume we will learn the social value of sharing everything about ourselves. Peer group pressure, the desire to fit in has always been around, but the difference is that 10 years ago, social network sites didn’t exist and sharing of information online was a lot less.
  
  I remember when I was still a teenager, email was the only thing going on except for some bulletin board systems. No one was advertising their personal life online.
  
  I agree with you Janette, education about privacy needs to come from home and from school with real life examples of the ramifications when privacy is abused. Until this happens, the current Facebook generation will not know any better or even desire to protect their privacy because they see no need for it.
Written by Zohara Ibrahim about 2 years ago. Reply

According to your point there are 80% of the users surveyed for the study had not read the Facebook Privacy Policy according to Govani & Pashley (2005).I agree, NOT all people read and get attention the privacy in social networking such as Facebook. According to my paper, Privacy refers to have control your own personal possessions, and not to be observed without your consent (Hagg & Cummings, 2008, p. 345). The other word is privacy refers to the claim of individual, groups, or institutions to determine when, how, and to what extent information about them is communicated to others (what is privacy?, n.d). However, Privacy is NOT all safe, according to Hagg & Cummings, 2008, p.345, privacy could be abused and cause grief by bad people, as you can see, even though in Privacy statement DO NOT allow upload nude photos, and not allow for under 18, but what i am going through to Facebook, there are so many naked pictures from the users and some of them under 18, sometimes, I am thinking how come the Federal do not how to prevent this type of users, acording to your point Facebook has a privacy policy, but this does not automatically mean that it provides privacy quality regarding data collection, i agree, because privacy is not all safe.
- Written by JasonK about 2 years ago. Reply
  
  Yes, 80% of the people surveyed had not read the Privacy Policy according to Govani & Pashley (2005). But you need to understand, that a Privacy Policy is a legal document providing information about the terms of data collection on users accounts and what is done with this information (Bonneau & Preibush, 2009). The privacy policy does not govern what sort of content can be uploaded to the site, whether it is nude pictures or any other types of information that may be of an adult nature.
  
  Whether Facebook permit adult content to displayed or not on its profiles is covered by the This aspect is actually covered by Facebook Terms of Service (2010) (point 3.7) which states, “You will not post content that: is hateful, threatening, or pornographic; incites violence; or contains nudity or graphic or gratuitous violence.”
  
  They also state in the Terms of Service that if these points are violated by the user, they can terminate your account. So its actually not up to the Federal Government to police the site because it is an agreement between you and Facebook, with Facebook having the power to do something about it or not.
  
  In most cases that we have seen, they don’t do much, only when there is a public outcry over some group.
  
  In any case, the adult content displayed on some of these user accounts will come be a problem because they are search-able and potential employers do check nowadays candidates FB accounts during the selection process.
Written by jhiroberts about 2 years ago. Reply

Hi Jason,

Great paper, you really show how Facebook, has dropped the ball somewhat on member privacy. My paper also explores how Facebook has little regard for member privacy. We also come to the same conclusion.

I was really amazed how many times Facebook has changed its TOS to try to get greater control over member content.

We both also identified the need for greater member awareness on how to set up privacy on Facebook, its interesting I was at a breakfast the other day and I asked some people around me if they used Facebook and what type of privacy settings they had set. Only 2 out of the 10 knew anything about setting up privacy on FB.

Anyway, great work

Cheers

Jhi
- Written by JasonK about 2 years ago. Reply
  
  The more we know about how Facebook operate the more troubling it is to use their system.
  
  I have actually made a pro-active choice as a new years resolution and closed my Facebook account since 1st January. I always knew that Facebook’s privacy was questionable and I just didn’t want information about myself on the internet without my permission, including tagged photos, comments etc.
  
  Facebook does care about its users privacy, they just seem to want to make sure that they have as little as possible.
  
  If the users of Facebook are not reading the privacy policy or terms of service as stated by Govani & Pashley (2005), then their data will continue to be at risk and Facebook can potentially erode and infringe even more upon their privacy.
  
  The fact that only 2 people knew anything about the privacy settings seems to confirm the statistics presented by Govani & Pashley.
Written by Meryl about 2 years ago. Reply

Hi Jason

congratulations this is a really great piece of work, a well argued case and a very engaging read. Corporate transparency, disclosure and accountability I suspect might become a hot issue for these sites as they continue to push the parameters of what is, in reality, nothing more than a marketing database masquerading as a social network. ‘ the confusing layout’ of FB’s privacy settings coupled with the deliberate privacy design flaws is really a master stroke on their part! … and they keep changing it so that users who are concerned about their privacy have to remain in a heightened state of alert to keep up with the changes – like their most recent efforts with the “Open Graph Personalization” (WikiHow 2010).
well done!

cheers,
Meryl

WikiHow. (2010). ‘How to Opt out of Facebook’s Open Graph Personalization’. From http://www.wikihow.com/Opt-out-of-Facebook%27s-Open-Graph-Personalization
- Written by JasonK about 2 years ago. Reply
  
  Some social network sites unlike Facebook do not have an ad-based revenue system. They obtain their revenue by means of a membership fee like Xing. Facebook users have indeed been turned into a cash cow. Although Facebook provides a platform for social networking, the underlying principle appears to be simply to use that vast 400 million user data base as an advertising revenue machine.
  
  Another point could apply to Facebook which I didn’t cover in my paper mainly due to lake of evidence to support it, is going back to the principle that information is power. Whoever has the most information in this day an age has a lot of leverage and power. With this in mind it is interesting to note where the money came from to fundFacebook. According to Greenop (2007),
  
  “… ($US12.7 million) came from venture capital firm Accel Partners. Its manager James Breyer was formerly chairman of the National Venture Capital Association, and served on the board with Gilman Louie, CEO of In-Q-Tel, a venture capital firm established by the Central Intelligence Agency in 1999.”
  
  You are correct though that Facebook continually changes its Privacy Settings page as well as their Privacy Policy. To change these definitely keeps makes it more difficult for users to understand the privacy settings and their implications for their data.
  
  Greenop, M (2007, August 8). Facebook – the CIA Conspiracy. NZ Herald. Retrieved from http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10456534
Written by alio about 2 years ago. Reply

This is a great paper and a good read.

I think you have argued your case very well, with lots of citations to back up your argument.

The introduction (once one realizes that the first sentence/paragraph is a sort of snippet to set the scene) outlines the aim of the paper succinctly and your argument flows well from there.

The old adage “ignorance is bliss” certainly seems to hold true for some facebook users. It is a bit worrying to contemplate that around 80% of these users may have never changed their default privacy settings, meaning that their profile information is visible to everyone.

RE Data mining (playing the devil’s advocate):
Some may argue that the targeted marketing facilitated by Facebook’s collection of data is preferable to blind product promotion. After all, is it not far better to be exposed to ads that resonate with one’s particular demographic and interests? Perhaps it feels more home-like and personal to have the site’s advertising seemingly tailored to suit oneself.

I think the really worrying aspect of these privacy (or lack-thereof) issues, is the growing number of young people who maintain a Facebook presence and how this may be shaping their idea of what privacy is. By the time these young people are adults, not only will they be used to having large amounts of their social lives played out in a very public sphere, but someone somewhere will have vast amounts of information about them.
And it will probably be for sale…

Alio
- Written by JasonK about 2 years ago. Reply
  
  I’m glad that you enjoyed reading the paper. I was searching how to write a proper introduction and there seems to be a little lead way in how to do it. My way was in 3 stages, to first give some background, then to outline what will be discussed in the paper and finally the all important thesis statement. I think with all things, these things take practice practice practice until the formula is correct.
  
  “Ignorance is bliss” does seem to be the conclusion about people using Facebook that one can make after reading this paper. The statistics are worrying but I was disappointed that for some of the points I was making that I wasn’t able to obtain more recent data. It would have been interesting to see if the trend about information disclosure has increased, remained the same or decreased over the years since 2005.
  
  I would have liked to go into more detail and investigate the relationship between Facebook’s need to have an open system by default and their underlying means of income which is primarily ad-based. Unfortunately I was only able to touch upon this in the last section of my paper. The advertising that you see in Facebook can be created by anyone, even you or me. There are some very specific ways to target users based on Location, Age, Sex, Keywords, Education, Workplace, Relationship Status, Relationship Interests, Languages (Facebook Advertising 2010).
  
  Targeted marketing and data collection is preferable to blind product promotion? I have to say that with Facebook, you don’t get a choice with what ads you are bombarded with or that they take your data by default. Even if the ads themselves are targeted to a specific group with a set of interests based on the above criteria which you happen to be in, from your perspective it is still blind product promotion and they can take your data as well.
  
  If you happen to like being bombarded with ads, then I suppose it would be better that they cater to your interests, but wouldn’t it be better still if we had a choice in the first place as to whether we want ads? Whether you chose the advertising and potential theft of data or blind product promotion is a personal choice, but again, Facebook by default doesn’t give us this choice.
  
  Because Facebook’s money is derived from advertising (Johnson 2009), the users get no choice to turn the ads off. To do so would mean that Facebook loses its primary source of income.
  
  I agree that young people who are used to this new “lack of privacy” with Facebook will think this is the standard. Never before in history have people been so interconnected. This is always seen as a good thing by many but I think you are right in that some people will have all the information. The old proverb comes to mind that infromation is power. If I have some incriminating information about you, then I can use that as leverage. People nowadays need to understand this point and start using the Internet and social network technologies in a different way.
  - Written by alio about 2 years ago. Reply
    
    I think part of the reason some free Web2.0 sites use an advertising model is to help pay for the infrastructure involved in hosting what must be colossal amounts of data. Many of these Web2.0 offerings also offer subscription options, where, for a fee which helps to offset hosting costs, advertising can be removed.
    
    I’m not sure why Facebook doesn’t offer an ad-free subscription option – although it may be because to do so would affect the appeal of the platform to advertisers.
    
    I do think, however, that one of the reasons that FB is currently such a popular platform is that it doesn’t cost any money to join. The cost, it would appear, is sacrificing a proportion of one’s privacy. Given the figures you quote in your paper, it seems that not many people are thinking very deeply about that.
    
    Facebook, as it is, is a really effective way of gathering revenue. I can’t imagine it being changed while it is working so well.
  - Written by alio about 2 years ago. Reply
    
    Hi again Jason,
    
    You are not alone in being concerned about FB and privacy issues. Apparently May 21st is “Leave Facebook Day”:
    
    http://www.tamaleaver.net/2010/05/07/may-21st-is-leave-facebook-day/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Ponderance+%28Tama+Leaver+dot+Net%29&utm_content=Google+Reader
    - Written by JasonK about 2 years ago. Reply
      
      This is great! My own “leave Facebook Day” was on the 1st January this year. I made a new years resolution to ditch the Facebook and have never looked back. Being without FB and the need to constantly log in is such a welcome relief and brings freedom, less anxiety and a feeling of well being. Do I communicate any less with my friends now that I have no FB profile? No. It actually hasn’t changed at all.
      
      Also, I didn’t really consider some of these status updates as communicating with friends to begin with. Yes, comments are posted and communication is occurring, but with whom? In a lot of cases comments are simply thrown into the ether much like twitter.
      
      So I don’t regret closing my account at all and hope that more people will do the same on the 21st.
      - Written by alio about 2 years ago. Reply
        
        I’m going to hop on that band wagon
      - Written by alio about 2 years ago. Reply
        
        There’s an article on the SBS World News website this morning stating that Facebook executives and Zuckerberg are meeting to discuss concerns over privacy issues. The meeting appears to be in response to increased concern about FB “disclosing user information to third-parties without user consent.” (Oreskovik 2010)
        
        In early May a complaint was filed by “the Electronic Privacy Information Center and a coalition of 14 other advocacy groups” (Oreskovik 2010) with the U.S. Federal Trade Commission. Apparently concerns over privacy have also been expressed by several U.S. senators (Oreskovik 2010).
        
        It seems that opposition to, and concern about, the way Facebook treats private data is rife at present. Will Facebook change? I guess it’s fair to say that Facebook often changes, but thus far changes have tended to increase the visibility of users’ private data.
        
        There has been a lot of discussion about trust elsewhere in this conference, I think Facebook is in the process of losing the trust of it’s users. The planned “Leave Facebook Day” on 21 March is an expression of the growing distrust; a statement to Zuckerberg and the FB executives, do you think it has them worried?
        
        Oreskovic, Alex 2010,Facebook to hold staff meeting on privacy, SBS World News website, retrieved 14 May 2010 from: http://www.sbs.com.au/news/article/1257017/Facebook-to-hold-staff-meeting-on-privacy
        
        Written by JasonK about 2 years ago. Reply
        
        Ahh, good for you. Leaving Facebook is not an easy decision to make as we have so much of ourselves invested in that site. But everyone needs to make a decision about the pros and cons of using Facebook. As you have read yourself in the article from SBS News and from Oreskovik, privacy is the largest problem with Facebook at the moment and for many, it is the reason where the cons outweigh the pros and a decision to leave Facebook.
        
        Is Facebook worried? Does Zuckerberg care that people will leave? Who knows, but I do know that he owns a honey-pot of data thanks to his Terms of Service stating he has ownership of all the data, and this data has extraordinary value (Statement of Rights and Responsibilities, 2009).
        
        Will Facebook change in regard to privacy? I have no doubt, but not for the positive. Facebook has since its public debut worked on decreasing privacy for its users. This trend, I am certain will continue in the future even if there are some objections in the immediate future.
        
        Facebook needs to have an open system where privacy is weak so that it can allow advertisers, third party developers who write API’s, Facebook Connect and now Facebook “Like”, access to its huge 400 million user database. Facebook is a business and like any business it needs to make money. Facebook makes its money by selling ads and other services, but this means that it is selling out its users and their data (Johnson, 2009).
        
        Ted was right when he said ‘Information wants to be free, but it also wants to be expensive’. Facebook have imbibed this into their operating philosophy and design of Facebook. You can have it all with Facebook, a great site that permits social networking on an unprecedented scale but which comes at the cost of your privacy.
        
        I suspect some people will leave, but others are too intertwined, too connected to leave. This reminds me of a line from the movie Matrix (Matrix Quotes, nd) which is applicable to Facebook. Morpheus is talking to Neo and says,
        
        “The Matrix is a system, Neo. That system is our enemy. But when you’re inside, you look around, what do you see? Businessmen, teachers, lawyers, carpenters. The very minds of the people we are trying to save. But until we do, these people are still a part of that system and that makes them our enemy. You have to understand, most of these people are not ready to be unplugged. And many of them are so inert, so hopelessly dependent on the system that they will fight to protect it.”
        
        We can substitute the word Matrix with Facebook thereby showing us a new way of looking at Facebook. The part about these people being our enemy can also be true if we recognize that our Facebook “friends” are able to cause a lot of problems for us through cyberstalking, cyberbullying, harassment, defamation, identity theft etc. By a “friend” posting an incriminating photo of you in Facebook and adding some meta data to it, there is no way to remove this, even you delete your profile, the photo will remain as it is linked to your “friends”, or should I say enemies? (Privacy on Facebook, 2010).
        
        Matrix Quotes, (nd). Retrieved from http://quotations.about.com/od/moviequotes/a/matrixquotes.htm
        
        Privacy on Facebook. (2010). Retrieved from
        http://www.facebook.com/privacy/explanation.php
        
        Statement of Rights and Responsibilities. (2010). Retrieved from
        http://www.facebook.com/terms.php?ref=pf

Comment Pages:

Online Conference on Networks and Communities

Exposing the inherent privacy design flaws in Facebook

Comments

Leave a Comment

Categories

Pages

Tags

Latest comments

Meta