Facebook users' app use contradicts their stated security concerns, study finds

July 22, 2011

Although most Facebook users claim to be very uncomfortable with how third-party apps use their personal information, their actual behavior doesn’t reflect this concern, a new study by School of Information researchers has discovered.

As Facebook and other social networking websites grow in popularity and become an archive of , they are ripe targets for marketers or hackers. Managing privacy online is increasingly important — and increasingly complicated.

Facebook presents a particular challenge, since many of its apps are provided by outside developers, including games like Mafia Wars and FarmVille. Users install 20 million Facebook apps every day, making their privacy vulnerable not just to Facebook’s privacy practices, but also to the privacy practices of numerous additional companies. In 2010, The Wall Street Journal revealed that several of the most popular apps had shared users’ personal information with advertisers, in violation of Facebook’s privacy policies.

More than ninety percent of the study’s respondents said they were uncomfortable with how Facebook apps access and use their personal information, once researchers explained it to them. Users’ actual behavior didn’t reflect their privacy concerns, though — perhaps because the way third-party apps interact with Facebook and what information the apps have access to can be complicated or confusing.

The study was conducted by I School doctoral student Jen King, visiting researcher Airi Lampinen, and 2011 MIMS graduate Alex Smolen. King will be presenting the research findings at next week’s Symposium On Usable Privacy and Security in Pittsburgh, Pennsylvania.

Researchers initially suspected that “expert users” — the minority who actually understood Facebook’s data-sharing practices — would be better at  managing the online privacy of third-party apps. But the researchers were surprised to find that this wasn’t true; the more knowledgeable users made the same mistakes as everyone else.

Although offers a complicated grid of privacy settings for its own data use, there are no similar controls for third-party apps; users’ only option is not to use the app. “In our study, nobody appeared to have a consistent strategy for managing application privacy — not even the most knowledgeable users,” said study author Jen King.

One group stood out as both more knowledgeable and more concerned about online privacy: people who had been personally hurt. This group included people whose information had been inadvertently disclosed to someone they didn’t want to see it — like a boss or a parent — or those who had had private or embarrassing information or photos posted online and wanted remove them.

The findings have important implications for privacy policymakers and designers. “It’s tempting to think that if we just make more of an effort to explain how data-sharing works and what the risks are, that people will make smarter decisions,” said King. “This data suggests that education may not be enough. We may need to incorporate the lessons people learn when they’ve been burned.”

On-screen warning messages or policies don’t seem to make a difference, either, since users who had read them “neither knew more, acted differently, nor felt more concerned about apps than who had not reported reading these statements,” according to the study.

Explore further: Facebook agrees with Canada on privacy controls

Related Stories

Do have have a herding instinct?

October 12, 2010

(PhysOrg.com) -- A new study shows that consumers have a herding instinct to follow the crowd. However, this instinct appears to switch off if the product fails to achieve a certain popularity threshold.

Recommended for you

US ends bulk collection of phone data

November 30, 2015

The US government has halted its controversial program to collect vast troves of information from Americans' phone calls, a move prompted by the revelations of former intelligence analyst Edward Snowden.

How can people safely take control from a self-driving car?

November 30, 2015

New cars that can steer and brake themselves risk lulling people in the driver's seat into a false sense of security—and even to sleep. One way to keep people alert may be providing distractions that are now illegal.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Jul 22, 2011
So what? People's actual eating habits often contradict their stated goals of weight loss. How is this something mysterious?

Facebook users are tempted with addictive games and carefully crafted environments designed to acquire and exploit valuable personal data. This is why Facebook was created, for the profit of its shareholders.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.