Privacy issues of social networking sites
||It has been suggested that this article be merged with Privacy concerns with social networking services. (Discuss) Proposed since January 2013.|
The advent of the Web 2.0 has caused social profiling and is a growing concern for internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in social networking media websites like Facebook and MySpace. These social networking sites have seen a boom in their popularity starting from the late 2000s. Through these websites many people are giving their personal information out on the internet.
These social networks keep track of all interactions used on their sites and save them for later use. Issues include cyberstalking, location disclosure, social profiling, 3rd party personal information disclosure, and government use of social network websites in investigations without the safeguard of a search warrant.
Prior to the social networking site explosion over the past decade, there were early forms of social network technologies that included online multiplayer games, blog sites, news groups, mailings lists and dating services. These all created a backbone for the new modern sites, and even from the start of these older versions privacy was an issue. In 1996, a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment, because when they went back to her apartment afterwards, everything became too real. This is just an early example of many more issues to come regarding internet privacy.
Social networking sites have seen a boom in their popularity starting from the late 2000s.
Cyberstalking and location disclosure
With the creation of Facebook and the continued popularity of MySpace, many people are giving their personal information out on the internet. Sites such as Facebook, Myspace, and Twitter have grown popular by broadcasting status updates featuring personal information such as location. Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. Sites such as Facebook, Myspace, and Twitter have grown popular by broadcasting status updates featuring personal information such as location. Some applications border on “cyberstalking.” This has redefined the role of Internet privacy as overlapping with that of security.
Some applications are explicitly centered on “cyberstalking.” An application named "Creepy" can track a person's location on a map using photos uploaded to Twitter or Flickr. When a person uploads photos to a social networking site, others are able to track their most recent location. Some smart phones are able to embed the longitude and latitude coordinates into the photo and automatically send this information to the application. Anybody using the application can search for a specific person and then find their immediate location. This poses many potential threats to users who share their information with a large group of followers.
Facebook “Places,” is a Facebook service, which publicizes user location information to the networking community. Users are allowed to “check-in” at various locations including retail stores, convenience stores, and restaurants. Also, users are able to create their own “place,” disclosing personal information onto the Internet. This form of location tracking is automated and must be turned off manually. Various settings must be turned off and manipulated in order for the user to ensure privacy. According to epic.org, Facebook users are recommended to: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited.". Moreover, the Federal Trade Commission has received two complaints in regards to Facebook’s “unfair and deceptive” trade practices, which are used to target advertising sectors of the online community. “Places” tracks user location information and is used primarily for advertising purposes. Each location tracked allows third party advertisers to customize advertisements that suit one’s interests. Currently, the Federal Trade Commissioner along with the Electronic Privacy Information Center are shedding light on the issues of location data tracking on social networking sites.
Social profiling and 3rd party disclosure
Social profiling allows for Facebook and other social networking media websites of filtering through the advertisements, assigning specific ones to specific age groups, gender groups, and even ethnicities.
Data aggregation sites like Spokeo have highlighted the feasibility of aggregating social data across social sites as well as integrating it with public records. A 2011 study  highlighted these issues by measuring the amount of unintended information leakage over a large number of users with varying number of social networks. It identified and measured information that could be used in attacks against what-you-know security.
Studies  have also pointed to most social networks unintentionally providing 3rd party advertising and tracking sites with personal information. It raises the issue of private information inadvertently being sent to 3rd party advertising sites via Referrer strings or cookies.
Invasive privacy agreements
Another privacy issue with social networks is the privacy agreement. The privacy agreement states that the social network owns all of the content that users upload. This includes pictures, videos, and messages are all stored in the social networks database even if the user decides to terminate his or her account.
Preteens and early teenagers
The most vulnerable victims of private-information-sharing behavior are preteens and early teenagers. There have been age restrictions put on numerous websites but how effective they are is debatable.[need quotation to verify] Findings have discovered that informative opportunities regarding internet privacy as well as concerns from parents, teachers, and peers, play a significant role on impacting the internet user’s behavior towards online privacy. Additionally, other studies have also found that the heightening of adolescents’ concern towards their privacy will also lead to a greater probability that they will utilize privacy-protecting behaviors. In the technological culture that society is developing into, not only adolescents’ and parent’s awareness should be risen, but society as a whole should acknowledge the importance of online privacy.
Law enforcement prowling the networks
The FBI has dedicated undercover agents on Facebook, Twitter, MySpace, LinkedIn. The rules and guidelines to the privacy issue is internal to the Justice Department and details aren't released to the public. Agents can impersonate a friend, a long lost relative, even a spouse and child. This raises real issues regarding privacy. Although people who use Facebook, Twitter, and other social networking sites are aware of some level of privacy will always be compromised, but, no one would ever suspect that the friend invitation might be from a federal agent whose sole purpose of the friend request was to snoop around. Furthermore, Facebook, Twitter, and MySpace have personal information and past posts logged for up to one year; even deleted profiles, and with a warrant, can hand over very personal information. One example of investigators using Facebook to nab a criminal is the case of Maxi Sopo. Charged with bank fraud, and having escaped to Mexico, he was nowhere to be found until he started posting on Facebook. Although his profile was private, his list of friends was not, and through this vector, they eventually caught him.
In recent years, some state and local law enforcement agencies have also begun to rely on social media websites as resources. Although obtaining records of information not shared publicly by or about site users often requires a subpoena, public pages on sites such as Facebook and MySpace offer access to personal information that can be valuable to law enforcement. Police departments have reported using social media websites to assist in investigations, locate and track suspects, and monitor gang activity.
Facebook has been scrutinized for a variety of privacy concerns due to changes in its privacy settings on the site generally over time as well as privacy concerns within Facebook applications. When Facebook first began in 2004, it was focused on universities and only those with .edu address could open an account. Furthermore, only those within your own university network could see your page. Some argue that initial users were much more willing to share private information for these reasons. As time went on, Facebook became more public allowing those outside universities, and furthermore, those without a specific network, to join and see pages of those in networks that were not their own. In 2006 Facebook introduced the News Feed, a feature that would highlight recent friend activity. By 2009, Facebook made “more and more information public by default.” For example, in December 2009, “Facebook drastically changed its privacy policies, allowing users to see each others’ lists of friends, even if users had previously indicated they wanted to keep these lists private”. Also, “the new settings made photos publicly available by default, often without users’ knowledge.” 
Facebook recently updated its profile format allowing for people who are not “friends” of others to view personal information about other users, even when the profile is set to private. However, As of January 18, 2011 Facebook changed its decision to make home addresses and telephone numbers accessible to third party members, but it is still possible for third party members to have access to less exact personal information, like one’s hometown and employment, if the user has entered the information into Facebook . EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used."
“The Breakup Notifier” is an example of a Facebook “cyberstalking” app that has recently been taken down. Essentially, the application notifies users when a person breaks up with their partner through Facebook, allowing users to instantly become aware of their friend's romantic activities. The concept became very popular, with the site attracting 700,000 visits in the first 36 hours; people downloaded the app 40,000 times. Just days later, the app had more than 3.6 million downloads and 9,000 Facebook likes.
It was only in 2008, four years after the first introduction of Facebook, that Facebook decided to create an option to permanently delete information. Until this point in time, it was only an option to deactivate a Facebook which still left the user's information within Facebook servers. After thousands of users complaints, Facebook obliged and created a tool which was located in the Help Section but later removed. To locate the tool to permanently delete a user's Facebook, he or she must manually search through Facebook's Help section by entering the request to delete the Facebook in the search box. Only then will a link be provided to prompt the user to delete his or her profile.
These new privacy settings enraged some users, one of whom claimed, “Facebook is trying to dupe hundreds of millions of users they’ve spent years attracting into exposing their data for Facebook’s personal gain.” However, other features like the News Feed faced an initial backlash but later became a fundamental and very much appreciated part of the Facebook experience. In response to user complaints, Facebook continued to add more and more privacy settings resulting in “50 settings and more than 170 privacy options.” However, many users complained that the new privacy settings were too confusing and were aimed at increasing the amount of public information on Facebook. Facebook management responded that “there are always trade offs between providing comprehensive and precise granular controls and offering simple tools that may be broad and blunt.” It appears as though users sometimes do not pay enough attention to privacy settings and arguably allow their information to be public even though it is possible to make it private. Studies have shown that users actually pay little attention to “permissions they give to third party apps.”
Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. On Facebook privacy settings can be accessed via the drop down menu under account in the top right corner. There users can change who can view their profile and what information can be displayed on their profile. In most cases profiles are open to either "all my network and friends" or "all of my friends." Also, information that shows on a user's profile such as birthday, religious views, and relationship status can be removed via the privacy settings. If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.
Although Zuckerberg, the Facebook CEO, and others in the management team usually respond in some manner to user concerns, they have been unapologetic about the trend towards less privacy. They have stated that they must continually “be innovating and updating what our system is to reflect what the current social norms are.” Their statements suggest that the Internet is becoming a more open, public space, and changes in Facebook privacy settings reflect this. However, Zuckerberg did admit that in the initial release of the News Feed, they “did a bad job of explaining what the new features were and an even worse job of giving you control of them.”
Similar to Rotenberg’s claim that Facebook users are unclear of how or why their information has gone public, recently the Federal Trade Commission and Commerce Department have become involved. The Federal Trade Commission has recently released a report claiming that Internet companies and other industries will soon need to increase their protection for online users. Because online users often unknowingly opt in on making their information public, the FTC is urging Internet companies to make privacy notes simpler and easier for the public to understand, therefore increasing their option to opt out. Perhaps this new policy should also be implemented in the Facebook world. The Commerce Department claims that Americans, “have been ill-served by a patchwork of privacy laws that contain broad gaps,”. Because of these broad gaps, Americans are more susceptible to identity theft and having their online activity tracked by others.
Internet privacy and Facebook advertisements
The illegal activities on Facebook are very wild, especially “phishing attack” which is the most popular way of stealing other people’s passwords. The Facebook users are led to land on a page where they are asked for their login information, and their personal information is stolen in that way. According to the news from PC World Business Center which was published on April 22, 2010, we can know that a hacker named Kirllos illegally stole and sold 1.5 million Facebook IDs to some business companies who want to attract potential customers by using advertisements on Facebook. Their illegal approach is that they used accounts which were bought from hackers to send advertisements to friends of users. When friends see the advertisements, they will have opinion about them, because “People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. There were 2.2232% of the population on Facebook that believed or followed the advertisements of their friends. Even though the percentage is small, the amount of overall users on Facebook is more than 400 million worldwide. The influence of advertisements on Facebook is so huge and obvious. According to the blog of Alan who just posted advertisements on the Facebook, he earned $300 over the 4 days. That means he can earn $3 for every $1 put into it. The huge profit attracts hackers to steal users’ login information on Facebook, and business people who want to buy accounts from hackers send advertisements to users’ friends on Facebook.
Spokeo is a “people-related” search engine with results compiled through data aggregation. The site contains information such as age, relationship status, estimated personal wealth, immediate family members and home address of individual people. This information is compiled through what is already on the internet or in other public records, but the website does not guarantee accuracy.
Spokeo has been faced with potential class action law suits from people who claim that the organization breaches the Fair Credit Reporting Act. In September, 2010, Jennifer Purcell claimed that the FCRA was violated by Spokeo marketing her personal information. Her case is pending in court. Also in 2010, Thomas Robins claimed that his personal information on the website was inaccurate and he was unable to edit it for accuracy. The case was dismissed because Robins did not claim that the site directly caused him actual harm. On February 15, 2011, Robins filed another suit, this time stating Spokeo has caused him “imminent and ongoing” harm.
In January 2011, the government obtained a court order to force the social networking site, Twitter, to reveal information applicable surrounding certain subscribers involved in the WikiLeaks cases. This outcome of this case is questionable because it deals with the user’s First Amendment rights. Twitter moved to reverse the court order, and supported the idea that internet users should be notified and given an opportunity to defend their constitutional rights in court before their rights are compromised.
Twitter allows people to share information with their followers. Any messages that are not switched from the default privacy setting are public, and thus can be viewed by anyone with a Twitter account. The most recent 20 tweets are posted on a public timeline. Despite Twitter’s best efforts to protect their users privacy, personal information can still be dangerous to share. There have been incidents of people tweeting about going on vacation and giving the times and places of where they are going and how long they will be gone for. This has led to numerous break ins and robberies. Another issue involving privacy on Twitter deals with leaked tweets. Leaked tweets are tweets that have been published from a private account but have been made public. This occurs when friends of someone with a private account retweet, or copy and paste, that person’s tweet and so on and so forth until the tweet is made public. This can make private information public, and could possibly be dangerous.
Teachers and MySpace
Teachers’ privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association that if they have a MySpace account, it should be deleted. Eschool News warns, “Teachers, watch what you post online.” The ONA also posted a memo advising teachers not to join these sites. Teachers can face consequences of license revocations, suspensions, and written reprimands.
The Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder. She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an allegedly unprofessional photo posted on MySpace, which involved her drinking with a pirate's hat on and a caption of “Drunken Pirate". As a substitute, she was given an English degree.
Internet privacy and Blizzard Entertainment
On July 6, 2010, Blizzard Entertainment announced that it would display the real names tied to user accounts in its game forums. On July 9, 2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal of the decision to force posters' real names to appear on Blizzard's forums. The reversal was made in response to subscriber feedback.
As technology continues to blossom in our current society, the critical issue of internet user’s privacy and private-information sharing behavior has been thoroughly researched. The global threat of internet privacy violations should expedite the spreading of awareness and regulations of online privacy, especially on social networking sites. Currently, studies have shown that people’s right to the belief in privacy is the most pivotal predicator in their attitudes concerning online privacy.
Facebook friends study
A study was conducted at Northeastern University by Alan Mislove and his colleagues at the Max Planck Institute for Software Systems, where an algorithm was created to try and discover personal attributes of a Facebook user by looking at their friend’s list. They looked for information such as high school and college attended, major, hometown, graduation year and even what dorm a student may have lived in. The study revealed that only 5% of people thought to change their friend’s list to private. For other users, 58% displayed university attended, 42% revealed employers, 35% revealed interests and 19% gave viewers public access to where they were located. Due to the correlation of Facebook friends and universities they attend, it was easy to discover where a Facebook user was based on their list of friends. This fact is one that has become very useful to advertisers targeting their audiences but is also a big risk for the privacy of all those with Facebook accounts.
Several issues pertaining to Facebook are due to privacy concerns. An article titled, Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences, examines the awareness that Facebook users have on privacy issues. This study shows that the gratifications of using Facebook tend to outweigh the perceived threats to privacy. The most common strategy for privacy protection – decreasing profile visibility through restricting access to friends – is also a very weak mechanism; a quick fix rather than a systematic approach to protecting privacy. This study suggests that more education about privacy on Facebook would be beneficial to the majority of the Facebook user population.
The study also offers the perspective that most users do not realize that restricting access to their data does not sufficiently address the risks resulting from the amount, quality and persistence of data they provide. Facebook users in our study report familiarity and use of privacy settings, they are still accepting people as “friends” that they have only heard of through other or do not know at all and, therefore, most have very large groups of “friends” that have access to widely uploaded information such as full names, birthdates, hometowns, and many pictures. This study suggests that social network privacy does not merely exist within the realm of privacy settings, but privacy control is much within the hands of the user. Commentators have noted that online social networking poses a fundamental challenge to the theory of privacy as control. The stakes have been raised because digital technologies lack “the relative transience of human memory,” and can be tolled or data mined for information. For users who are unaware of all privacy concerns and issues, further education on the safety of disclosing certain types of information on Facebook is highly recommended.
- Harris, Wil. June 2006. Retrieved from http://www.bit-tech.net/columns/2006/06/03/web_2_privacy/
- Dwyer, C., Hiltz, S. & Passerini, K. (2007). Trust and Privacy Concern within Social Networking Sites: A Comparison of Facebook and MySpace. Americas Conference on Information Systems. Retrieved from http://google.com/scholar?q=cache:qLCk18d_wZwJ:scholar.google.com/+facebook+privacy&hl=en&as_sdt=2000
- Tracy Mitrano. (2006, November, December). A Wider World: Youth, Privacy, and Social Networking Technologies. Retrieved from http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume41/AWiderWorldYouthPrivacyandSoci/158095
- Retrieved from: http://abcnews.go.com/Technology/smartphone-apps-tracking-keeping-tabs-past-lovers-people/story?id=13022144
- EPIC – In re Facebook. (n.d.). EPIC – Electronic Privacy Information Center. Retrieved January 25, 2011/
- Danesh Irani, Steve Webb, Calton Pu, Kang Li, "Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks," IEEE Internet Computing, May/June 2011. Retrieved from http://www.computer.org/csdl/mags/ic/2011/03/mic2011030013-abs.html
- Balachander Krishnamurthy, Konstantin Naryshkin, Craig Wills, "Privacy leakage vs. Protection measures: the growing disconnect," Web 2.0 Security and Privacy Workshop, May 2011. Retrieved from http://www.research.att.com/~bala/papers/w2sp11.pdf
- Balachander Krishnamurthy and Craig Wills, "On the Leakage of Personally Identifiable Information Via Online Social Networks," Proceedings of ACM SIGCOMM Workshop on Online Social Networks, August 2009. Retrieved from http://www.research.att.com/~bala/papers/wosn09.pdf
- Chai S, Bagchi-Sen S, Morrell C, Rao H, Upadhyaya S. Internet and online information privacy: An exploratory study of preteens and early teens. IEEE Transactions On Professional Communication [serial online]. June 2009;52(2):167–182. Available from: PsycINFO, Ipswich, MA. Accessed February 6, 2012.
- Moscardelli D, Divine R. Adolescents' Concern for Privacy When Using the Internet: An Empirical Analysis of Predictors and Relationships with Privacy-Protecting Behaviors. Family And Consumer Sciences Research Journal [serial online]. March 2007;35(3):232–252. Available from: PsycINFO, Ipswich, MA. Accessed February 6, 2012.
- Richard Lardner. (2010, March 16). Your new Facebook ‘friend’ may be the FBI. Retrieved from http://www.msnbc.msn.com/id/35890739/ns/technology_and_science-security/
- Harkins, Gina. (2011, March 02). Cops patrol social networking sites for gang activity. Retrieved from http://news.medill.northwestern.edu/chicago/news.aspx?id=181375
- Taghi, Hasti. (2011, February 10). Police Use Facebook To Track Suspect. Retrieved from http://www.click2houston.com/news/26825687/detail.html
- Halverstadt, Lisa. (2009, March 12). Surprise police use MySpace to locate teen graffiti suspect. Retrieved from http://www.azcentral.com/news/articles/2009/03/12/20090312gl-nwvmyspace0313.html
- Electronic Privacy Information Center, Initials. (2011, January 18). Facebook drops plan to disclose users' home addresses and personal phone number. Retrieved from http://epic.org/privacy/socialnet/
- Retrieved from http://www.foxnews.com/scitech/2011/02/24/facebook-quashes-hot-new-stalker-app/
- Herrman, John (2012-01-01). "Removing Yourself From the Internet.". Popular Mechanics 189 (1): 77.
- Lipford, H. R., Besmer, A. & Watson, J. (2009). Understanding Privacy Settings in Facebook with an Audience View. Department of Software and Information Systems University of North Carolina at Charlotte. Retrieved from http://www.usenix.org/events/upsec08/tech/full_papers/lipford/lipford_html/
- American Civil Liberties Union. (2010, December 16). Commerce department releases important report urging comprehensive privacy protections. Retrieved from http://www.aclu.org/technology-and-liberty/commerce-department-releases-important-report-urging-comprehensive-privacy-pr
- Mcmillan, Robert (22 Apr 2010). "1.5 Million Stolen Facebook IDs up for Sale". PC World Business Center.
- Damon, Cody (9 Mar 2011). "Do Facebook Friends Influence Advertising?". Socialmediatoday.
- "Profiting with Facebook Ads." affiliate confession. Alan, 13 Aug 2008.
- "About Spokeo | People Search | White Pages | Phone Book | FREE!". Spokeo.com. 2011-11-10. Retrieved 2011-11-22.
- Baynes, T. (2011, February 24). Lawsuits challenge U.S. online data brokers. Reuters. Retrieved from http://uk.reuters.com/article/2011/02/24/idUKN2427826420110224?pageNumber=1
- Davis, W. (2011, February 17). Spokeo charged with violating fair credit reporting act. MediaPost Publications. Retrieved from http://www.mediapost.com/publications/? fa=Articles.showArticle&art_aid=145270
- (1/8/11) Government Requests For Twitter Users’ Personal Information Raises Serious Constitutional Concerns. Retrieved from http://www.aclu.org/technology-and-liberty/government-requests-twitter-users-personal-information-raise-serious-constitu
- Mao, H., Shuai, X., & Kapadia, Apu. (2011). Loose Tweets: An Analysis of Privacy Leaks on Twitter. Unpublished manuscript, School of Informatics and Computing, Indiana University, Bloomington, Indiana. Retrieved from http://delivery.acm.org/10.1145/2050000/2046558/p1-mao.pdf
- Mao, H., Shuai, X., & Kapadia, Apu. (2011). Loose Tweets: An Analysis of Privacy Leaks on Twitter. Unpublished manuscript, School of Informatics and Computing, Indiana University, Bloomington, Indiana. Retrieved from http://delivery.acm.org/10.1145/2050000/2046558/p1-mao.pdf?ip=22.214.171.124&acc=ACTIVE%20SERVICE&CFID=83500791&CFTOKEN=13963530&__acm__=1328588779_85d65fafbc540969d885ea6c8fe0467f
- Meeder, B., Tam, J., Kelley, P.,G., & Cranor, L., F. (2010). RT@ I Want Privacy: Widespread Violation of Privacy Settings in the Twitter Social Network. Unpublished manuscript, School of Computer Science, Carnegie Mellon University, Pittsburgh, Pennsylvania.. Retrieved from http://patrickgage.com/papers/Meeder-W2SP10.pdf
- "Learning Curve". Blogs.sun.com. Retrieved 2011-11-25.
- Related Top News – Teachers warned about MySpace profiles[dead link]
- Read, Brock (2007-04-27). "Wired Campus: A MySpace Photo Costs a Student a Teaching Certificate –". Chronicle.com. Retrieved 2011-11-25.
- World of Warcraft forum post, Blizzard announces reversal of its decision to force real names to appear on its forums
- Yao,M.Z., &Zhang, J. (2008). Predicting user concerns about online privacy in Hong Kong. Cyberpsychology & Behavior, 11(6). 779–781. Dio:10.1089/cpb.2007.0252
- Erik Hayden. (2010, March 11). On Facebook, You Are Who You Know. Retrieved from http://www.miller-mccune.com/culture-society/on-facebook-you-are-who-you-know-10385/#
- Debatin, B., Horn, A., Hughes, B., & Lovejoy, J. (2009). Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences. Journal of Computer-Mediated Communication, 15, 83–108.
- Newell, B. (2011). Rethinking Reasonable Expectations of Privacy in Online Social Networks. Richmond Journal of Law and Technology. 16, 1–61.