Study finds widespread privacy failings in online social networks

July 21, 2009,

( -- Furious competition between social networking sites is compromising the protection of users' data, a Cambridge University study has concluded.

The survey covered 45 global social networks, ranging from popular sites such as MySpace and Facebook through to lesser-known foreign networks. Its authors report "serious concerns" about the extent to which these sites fail to keep users' personal information private.

It is the first detailed analysis to examine the security provisions of a large number of social networks. The report, by researchers in the University's Computer Laboratory, is being made freely available online.

While the problems it identifies - such as misleading privacy policies and inaccessible privacy guidelines - have long been suspected, the report provides new numerical data to confirm their scope.

Some 90% of sites, for example, needlessly required a full name or date of birth for permission to join. 80% failed to use standard encryption protocols to protect sensitive user data from . And 71% reserved the right to share user data with third parties in their privacy policies.

The study also argues that privacy is being compromised by rigorous competition for users. Researchers argue that open discussion of privacy on puts off the average user, which discourages the owners from producing explicit or accessible privacy guidelines.

"Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data," Co-researcher Joseph Bonneau said. "Even sites with good privacy feel that they can't promote it, so users have no idea of what they're getting."

The researchers only covered sites which are available in English, signing up to each using a Yahoo! Email account and the pseudonym "Upton Sinclair".

In each case, Bonneau and his fellow researcher, Sören Preibusch, recorded the amount of personal information that they had to hand over in order to sign up to the site and how much they were told about its privacy policy and settings in the process. They also analysed how much they could see about the site's existing members before they joined.

Once they were signed up, the researchers tested each site's privacy controls against 260 criteria, examining features such as log-in arrangements and the site's privacy policy and configuration controls.

They found what the report calls "pervasive problems", including poor web security practices, confusing user-interfaces and misleading privacy policies.

All but three of the general purpose sites they examined left new profiles completely visible to at least all the other members of the site by default. As previous studies have suggested that between 80% and 99% of users never alter their privacy settings, this means that in most cases their profiles will remain visible.

The researchers also produced privacy scores for each of the networks assessed. Bebo and LinkedIn were ranked the highest for their privacy settings, while the British site Badoo earned the wooden spoon. Facebook and , frequently the targets of privacy critics, finished slightly above average. In general, the researchers found that the larger, more popular and older sites maintained better privacy practices and adopted higher privacy standards.

"The popular sites are just the tip of the iceberg," Preibusch said. "Niche sites implement significantly less favourable privacy practices and offer fewer controls to their users to configure the sharing of personal information."

Overall, the report also found that sites which promoted their privacy controls as a selling point tended to be those with fewer users joining the site. It suggests that this may be because the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive service.

Since the sites depend on acquiring as many users as possible, the researchers argue that most social networks opt to set up long and complicated privacy measures which, in most cases, it is difficult to access or even find. At the same time, they show off how many users they have and how easy it is to make friends, or share photos, videos and music - all features which it would be harder to sell with stricter privacy controls.

The privacy policies remain in place, the researchers suggest, to placate a vocal minority of "privacy fundamentalists", who might otherwise expose the lack of policy to the wider majority, prompting a discussion which, through its very existence alone, might dissuade prospective new members from joining.

The report calls for an "opt-out" approach to privacy, in which users' details are kept private until otherwise stated. It also calls for stronger across-the-board regulation, and suggests that sites could offer "premium" membership schemes which allow users to handle their privacy settings in greater detail if they so wish, a scheme known as "privacy negotiations".

The full report along with the original dataset can be downloaded at:

Provided by University of Cambridge (news : web)

Explore further: Facebook plans to simplify privacy settings

Related Stories

Facebook plans to simplify privacy settings

July 1, 2009

(AP) -- Facebook is overhauling its privacy controls over the next several weeks in an attempt to simplify its users' ability to control who sees the information they share on the site.

Watchdog: Facebook violates Canadian privacy law

July 16, 2009

(AP) -- Canada's privacy commissioner says the online social networking site Facebook breaches Canadian law by keeping users personal information indefinitely after members close their accounts.

Report: Widespread data sharing, 'Web bugs'

June 2, 2009

( -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share data with their ...

Internet users give up privacy in exchange for trust

November 22, 2007

With public concern over online fraud, new research, funded by the Economic and Social Research Council, has revealed that internet users will reveal more personal information online if they believe they can trust the organisation ...

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 22, 2009
". . .the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive social networking service."

privacy, particularly online, has been a hot topic for YEARS. if people refuse to listen, remember & act as needed to protect their privacy - then they are fools.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.