Abstract
We have conducted the first thorough analysis of the market for privacy practices and policies in online social networks. From an evaluation of 45 social networking sites using 260 criteria we find that many popular assumptions regarding privacy and social networking need to be revisited when considering the entire ecosystem instead of only a handful of well-known sites. Contrary to the common perception of an oligopolistic market, we find evidence of vigorous competition for new users. Despite observing many poor security practices, there is evidence that social network providers are making efforts to implement privacy enhancing technologies with substantial diversity in the amount of privacy control offered. However, privacy is rarely used as a selling point, even then only as auxiliary, nondecisive feature. Sites also failed to promote their existing privacy controls within the site. We similarly found great diversity in the length and content of formal privacy policies, but found an opposite promotional trend: though almost all policies are not accessible to ordinary users due to obfuscating legal jargon, they conspicuously vaunt the sites’ privacy practices. We conclude that the market for privacy in social networks is dysfunctional in that there is significant variation in sites’ privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Our empirical findings motivate us to introduce the novel model of a privacy communication game, where the economically rational choice for a site operator is to make privacy control available to evade criticism from privacy fundamentalists, while hiding the privacy control interface and privacy policy to maximize sign-up numbers and encourage data sharing from the pragmatic majority of users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexa: The Web Information Company (2009)
OnGuard Online. www.onguardonline.gov/ (2009)
OpenSocial Project. www.opensocial.org (2009)
Platform for Privacy Preferences (P3P) Project. http://www.w3.org/P3P/ (2009)
Ackerman, M.S.: Privacy in pervasive environments: next generation labeling protocols. Personal Ubiquitous Comput. 8(6), 430–439 (2004). DOI http://dx.doi.org/10.1007/ s00779-004-0305-8
Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-commerce: examining user scenarios and privacy preferences. In: EC ’99: Proceedings of the 1st ACM conference on Electronic commerce, pp. 1–8. ACM, New York, NY, USA (1999). DOI http://doi.acm.org/10.1145/ 336992.336995
Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: EC ’04: Proceedings of the 5th ACM conference on Electronic commerce, pp. 21–29. ACM, New York, NY, USA (2004). DOI http://doi.acm.org/10.1145/988772.988777
Acquisti, A., Gross, R.: Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In: Privacy Enhancing Technologies – LNCS 4258, pp. 36–58. Springer Berlin / Heildelberg (2006). DOI {10.1007/11957454_3}
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security and Privacy 3(1), 26–33 (2005). DOI http://dx.doi.org/10.1109/MSP.2005.22
Anderson, J., Diaz, C., Bonneau, J., Stajano, F.: Privacy preserving social networking over untrusted networks. Second ACM SIGCOMM Workshop on Online Social Networks (2009)
Antón, A.I., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policy management. Commun. ACM 50(7), 109–116 (2007). DOI http://doi.acm.org/10.1145/ 1272516.1272522
Arrington, M.: Elaborate Facebook Worm Spreading. TechCrunch (2008)
Arrington, M.: Phishing For Facebook. TechCrunch (2008)
Arrington, M.: Facebook Defends Its Turf, Sues Power.com. TechCrunch (2009). eMarketer
Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore Art Thou R3579x?: Anonymized Social networks, Hidden Patterns, and Structural Steganography. In: WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp. 181–190. ACM, New York, NY, USA (2007). DOI http://doi.acm.org/10.1145/1242572.1242598
Bansal, G., Zahedi, F., Gefen, D.: The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms fo building trust: A multiple context investigation. In: ICIS 2008: International Conference on Information Systems (2008)
Barroso, D., Barle, R., Chazerand, P., de Zwart, M., Doumen, J., Gorniak, S., Ka´zmierczak, M., Kaskenmaa, M., López, D.B., Martin, A., Naumann, I., Reynolds, R., Richardson, J., Rossow, C., Rywczyoska, A., Thumann, M.: Security and Privacy in Massively-Multiplayer Online Games and Social and Corporate Virtual Worlds. Tech. rep., ENISA - European Network and Information Security Agency (2008)
Belanger, F., Hiller, J.S., Smith, W.J.: Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. The Journal of Strategic Information Systems 11(3-4), 245 – 270 (2002). DOI DOI:10.1016/S0963-8687(02)00018-5. URL http://www.sciencedirect.com/science/article/B6VG3-475RJF6-1/ 2/1b644a64d596b015dfdbcb4e32b881ce
Bennett, R.: Plea to ban employers trawling Facebook. The Times (2008). The Times
Bonneau, Joseph: New Facebook Photo Hacks (2009). URL http://www. lightbluetouchpaper.org/2009/02/11/new-facebook-photo-hacks/
Bonneau, Joseph and Anderson, Jonathan and Danezis, George: Prying data out of a social network. In: ASONAM 2009 : Advances in Social Networks Analysis and Mining (2009)
Bonneau, Joseph and Anderson, Jonathan and Stajano, Frank and Anderson, Ross: Eight Friends Are Enough: Social Graph Approximation via Public Listings. In: SNS ’09: Proceeding of the 2nd ACM Workshop on Social Network Systems (2009)
danah boyd: Why Youth (Heart) Social Network Sites: The Role of Networked Publics in Teenage Social Life. Youth, Identity, and Digital Media pp. 119–142 (2008)
Buchegger, S., Datta, A.: A case for P2P infrastructure for social networks - opportunities and challenges. In: Proceedings of WONS 2009, The Sixth International Conference on Wireless On-demand Network Systems and Services. Snowbird, Utah, USA (2009)
Chau, D.H., Pandit, S.,Wang, S., Faloutsos, C.: Parallel Crawling for Online Social Networks. In: WWW ’07: Proceedings of the 16th international conference on World Wide Web, pp. 1283–1284 (2007)
Cranor, Lorrie F., Joseph Reagle, andMark S. Ackerman: Beyond concern: Understanding net users’ attitudes about online privacy. Tech. Rep. TR 99.4.3, AT&T Labs (1999)
danah boyd and Nicole Ellison: Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication (2007)
Danezis, G., Wittneben, B.: The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications. WEIS:Workshop on the Economics of Information Security (2006)
Donath, J. and boyd, d.: Public displays of connection. BT Technology Journal 22(4), 71–82 (2004). DOI http://dx.doi.org/10.1023/B:BTTJ.0000047585.06264.cc
Dwyer, C.: Digital relationships in the "myspace" generation: Results from a qualitative study. In: HICSS ’07: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, p. 19. IEEE Computer Society, Washington, DC, USA (2007). DOI http://dx.doi. org/10.1109/HICSS.2007.176
Dwyer, C., Hiltz, S.R., Passerini, K.: Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace. In: Proceedings of the Thirteenth Americas Conference on Information Systems (2007)
Edelman, B.: Adverse Selection in Online "Trust" Certifications. WEIS: Workshop on the Economics of Information Security (2006)
Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is everything?: the effects of timing and placement of online privacy indicators. In: CHI ’09: Proceedings of the 27th international conference on Human factors in computing systems, pp. 319–328. ACM, New York, NY, USA (2009). DOI http://doi.acm.org/10.1145/1518701.1518752
Felt, A.: Defacing Facebook: A Security Case Study. www.cs.virginia.edu/felt/fbook/facebook-xss.pdf (2007)
Felt, A., Evans, D.: Privacy Protection for Social Networking Platforms. Workshop on Web 2.0 Security and Privacy (2008)
Felt, A., Hooimeijer, P., Evans, D., Weimer, W.: Talking to strangers without taking their candy: isolating proxied content. In: SocialNets ’08: Proceedings of the 1st workshop on Social network systems, pp. 25–30. ACM, New York, NY, USA (2008). DOI http://doi.acm. org/10.1145/1435497.1435502
Finder, A.: For Some, Online Persona Undermines a Resume. The New York Times (2006)
Frankowski, Dan and Cosley, Dan and Sen, Shilad and Terveen, Loren and Riedl, John: You are what you say: privacy risks of public mentions. In: SIGIR ’06: Proceedings of the 29th annual international ACM SIGIR conference on Research and development in information retrieval, pp. 565–572. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10.1145/ 1148170.1148267
Frommer, D.: What a Nigerian Facebook Scam Looks Like. The Business Insider (2009). URL http://www.businessinsider.com/2009/1/ nigerian-scammers-still-roosting-on-facebook
Gideon, J., Cranor, L., Egelman, S., Acquisti, A.: Power strips, prophylactics, and privacy, oh my! In: SOUPS ’06: Proceedings of the second symposium on Usable privacy and security, pp. 133–144. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10.1145/1143120. 1143137
Gjoka, M., Sirivianos, M., Markopoulou, A., Yang, X.: Poking facebook: characterization of osn applications. In:WOSP ’08: Proceedings of the first workshop on Online social networks, pp. 31–36. ACM, New York, NY, USA (2008). DOI http://doi.acm.org/10.1145/1397735. 1397743
Govani, T., Pashley, H.: Student awareness of the privacy implications when using facebook (2005). URL http://lorrie.cranor.org/courses/fa05/tubzhlp.pdf
Guha, S., Tang, K., Francis, P.: NOYB: Privacy in Online Social Networks. In: Workshop on Online Social Networks – WOSN 2008, pp. 49 – 54 (2008)
Gürses, S., Rizk, R., Günther, O.: Privacy design in online social networks: Learning from privacy breaches and community feedback. In: ICIS 2008: Proceedings Twenty Ninth International Conference on Information Systems. ACM (2008)
Il-Horn Hann and Kai-Lung Hui and Tom S. Lee and I. P. L. Png: Online Information Privacy: Measuring the Cost-Benefit Trade-off. 23rd International Conference on Information Systems (2002)
Jagatic, T., Johnson, N., Jakobsoon, M., Menczer, F.: Social Phishing. Communications of the ACM 50(10), 94 (2007). DOI {10.1145/1290958.1290968}
Jessi Hempel: Is Facebook Losing Its Glow? Fortune Magazine (2009)
Jones, H., Soltren, J.H.: Facebook: Threats to privacy. http://web.mit.edu/jsoltren/www/facebook.pdf (2005)
Jones, K.: Facebook Admits Sexual Assault Suspect Used Site. Information Week (2009)
Kelley, P.G., Bresee, J., Cranor, L.F., , Reeder, R.W.: A “nutrition label” for privacy. Symposium On Usable Privacy and Security (SOUPS) 2009 (2009)
Kincaid, Jason: Wakeup Call: Facebook Isn’t a Safe Haven. TechCrunch (2009)
Kolek, E., Saunders, D.: Online disclosure: An empirical examination of undergraduate facebook profiles. National Association of Student Personnel Administrators journal (2008)
Korolova, A., Motwani, R., Nabar, S.U., Xu, Y.: Link Privacy in Social Networks. In: CIKM ’08: Proceeding of the 17th ACMconference on Information and knowledge management, pp. 289–298 (2008)
Krishnamurthy, B.,Wills, C.E.: Characterizing Privacy in Online Social Networks. In:WOSN: Workshop on Online Social Networks, pp. 37 – 42 (2008)
Lampe, C.A., Ellison, N., Steinfield, C.: A familiar face(book): profile elements as signals in an online social network. In: CHI ’07: Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 435–444. ACM, New York, NY, USA (2007). DOI http: //doi.acm.org/10.1145/1240624.1240695
Lindamood, J., Kantarcioglu, M.: Inferring Private Information Using Social Network Data. WOSN: Workshop on Online Social Networks (2008)
Lipford, H.R., Besmer, A., Watson, J.: Understanding Privacy Settings in Facebook with an Audience View. In: 1st Conference on Usability, Psychology, and Security. USENIX Association (2008)
Loewenstein, G.: Keynote Speech: Searching for Privacy in all theWrong Places: A behavioral economics perspective on individual concern for privacy. WEIS 07: The Seventh Workshop on the Economics of Information Security (2007)
Lookabaugha, T., Sicker, D.: Security and Lock-in. WEIS ’03: Proceedings of the Third Workshop on the Economics of Information Security (2003)
Lucas, M.M., Borisov, N.: FlyByNight: Mitigating the Privacy Risks of Social Networking. In: WPES 08 - Workshop on Privacy in the Electronic Society, p. 1 (2008). DOI {10.1145/ 1456403.1456405}
McCombs, M., Shaw, D.: The Agenda-Setting Function Of Mass Media. Public Opinion Quarterly 36(2), 176–187 (1972)
Milne, G., Culnan, M.: Information privacy: measuring individuals’ concerns about organizational practices. Journal of Interactive Marketing 18(3) (2004)
Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and Analysis of Online Social Networks. In: IMC ’07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 29–42 (2007)
Nagaraja, S.: The economics of covert community detection and hiding. WEIS: Workshop on the Economics of Information Security (2008)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. 30th IEEE Symposium on Security & Privacy (2009)
O’Neill, N.: 10 Privacy Settings Every Facebook User Should Know. http://www.allfacebook.com/2009/02/facebook-privacy (2009)
Onwuasoanya, A., Skornyakov, M., Post, J.: Enhancing privacy on social networks by segregating different social spheres. Rutgers Governor’s School of Engineering and TechnologyResearch journal (2008)
Pilkington, E.: Blackmail claim stirs fears over Facebook. The Guardian (2007). The Guardian
Poindexter, J.C., Earp, J.B., Baumer, D.L.: An experimental economics approach toward quantifying online privacy choices. Information Systems Frontiers 8(5), 363–374 (2006). DOI http://dx.doi.org/10.1007/s10796-006-9013-4
Preibusch, S.: Implementing privacy negotiations in e-commerce. Lecture Notes in Computer Science 3841, 604–615 (2006)
Preibusch, S., Beresford, A.R.: Privacy-preserving friendship relations for mobile social networking. W3C Workshop on the Future of Social Networking (2009). URL http://www.w3.org/2008/09/msnws/papers/Preibusch-Beresford_ Privacy-Preserving-Friendship-Relations.pdf
Randall, D., Richards, V.: Facebook can ruin your life. And so can MySpace, Bebo... The Independent (2008). The Independent
Reagle, J., Cranor, L.F.: The platform for privacy preferences. Commun. ACM 42(2), 48–55 (1999). DOI http://doi.acm.org/10.1145/293411.293455
Rosenblum, D.: What Anyone Can Know: The Privacy Risks of Social Networking Sites. IEEE Security & Privacy Magazine 5(3), 40 (2007). DOI {10.1109/MSP.2007.75}
Schmidt, T.S.: Inside the Backlash Against Facebook. Time Magazine (2006)
Shepherd, J., Shariatmadari, D.: Would-be students checked on Facebook. The Guardian (2008). The Guardian
Simpson, A.: On the need for user-defined fine-grained access control policies for social networking applications. In: SOSOC ’08: Proceedings of the workshop on Security in Opportunistic and SOCial networks, pp. 1–8. ACM, New York, NY, USA (2008). DOI 10.http://doi.acm.org/1145/1461469.1461470
Smith, H.J., Milberg, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Q. 20(2), 167–196 (1996). DOI http://dx.doi.org/10.2307/249477
Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In: EC ’01: Proceedings of the 3rd ACM conference on Electronic Commerce, pp. 38–47. ACM, New York, NY, USA (2001). DOI http://doi.acm.org/10.1145/501158.501163
Story, L., Stone, B.: Facebook Retreats on Online Tracking. The New York Times (2007)
Swan, H.: Social networking across devices: opportunity and risk for the disabled and older community. W3C Workshop on the Future of Social Networking (2009)
Varian, H.R.: Economic aspects of personal privacy. Topics in Regulatory Economics and Policy (2002)
Vila, T., Greenstadt, R., Molnar, D.: Why We Can’t Be Bothered to Read Privacy Policies: Models of Privacy Economics as a Lemons Market. In: ICEC ’03: Proceedings of the 5th International Conference on Electronic commerce, pp. 403–407. ACM, New York, NY, USA (2003). DOI http://doi.acm.org/10.1145/948005.948057
W3C, Mobile Web Best Practices Working Group, Checker Task Force: W3C mobileOK Checker (2009). URL http://validator.w3.org/mobile
Westlake, E.: Friend me if you facebook: Generation y and performative surveillance. TDR: The Drama Review 52(4), 21–40 (2008). DOI 10.1162/dram.2008.52.4.21. URL http: //www.mitpressjournals.org/doi/abs/10.1162/dram.2008.52.4.21
Wham, T.: Transcript of the FTC Workshop on Information Privacy: Measuring Individuals’ Concerns about Organizational Practices. http://www.ftc.gov/bcp/workshops/ infomktplace/transcript.htm (2001)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: 8th USENIX Security Symposium (1999)
Williamson, D.A.: Social Networking Ad Spending. eMarketer (2008). eMarketer
XING AG: Press release: XING AG increases revenues by 80 percent and continues to grow profitably (2009). URL http://corporate.xing.com/english/ press/press-releases/details/article/pm-de/7/3f79db5dea/?tx_ ttnews[pointer]=2
Xu, W., Zhou, X., Li, L.: Inferring Privacy Information via Social Relations. International Conference on Data Engineering (2008)
Zheleva, E., Getoor, L.: To Join or Not to Join: The Illusion of Privacy in Social Networks with Mixed Public and Private User Profiles. WWW: The International World Wide Web Conference (2009)
Zuckerberg, M., Schmidt, H.: Facebook CEO Mark Zuckerberg: Our focus is growth, not revenue. Frankfurter Allgemeine Zeitung / FAZ.NET (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this paper
Cite this paper
Bonneau, J., Preibusch, S. (2010). The Privacy Jungle:On the Market for Data Protection in Social Networks. In: Moore, T., Pym, D., Ioannidis, C. (eds) Economics of Information Security and Privacy. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-6967-5_8
Download citation
DOI: https://doi.org/10.1007/978-1-4419-6967-5_8
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-6966-8
Online ISBN: 978-1-4419-6967-5
eBook Packages: Computer ScienceComputer Science (R0)