How Private is Your Social Network?
April 19, 2012
Social networking websites such as Facebook, Twitter, and Google+ provide communication and advertising services to individuals, businesses and marketers. Facebook was ranked by Google as the most visited site in 2011 with 880 million users and an astonishing one trillion page views (Google, 2011). What makes social networking sites so popular? Most sites are free to use and provide an easy way to keep in touch with family and friends near and far. All of this sharing of information has allowed businesses to track user interests and gain valuable information about consumers that can be customized to assist in sales. In the same way, users can conduct searches of people and find out more about them by viewing their profile information on various sites. Although this information is convenient, is it safe? Privacy policies are intended to inform the user of how their information will be stored, shared, and utilized by the entity collecting or requesting the data. This paper will examine the use and privacy policies of three popular social networking sites: Facebook, Twitter, and Google+; and identify ways in which the policies can be improved to benefit both the website and customers.
How Private is Your Social Network?
Social networking websites such as Facebook, Twitter, and Google+ provide communication and advertising services to individuals, businesses and marketers. Social networking websites are so captivating that 82 percent of the world’s 1.2 billion Internet users spent one of every five minutes online logged into a social networking site in October of 2011 according to research firm comScore (comScore, 2011). Facebook was ranked by Google as the most visited site in 2011 with 880 million users and an astonishing one trillion page views (Google, 2011). What makes social networking sites so popular? Most sites are free to use and provide an easy way to keep in touch with family and friends near and far. People can share photos, quick updates on their life’s happenings, play games with friends, network for employment, sell products or market businesses, and meet new people with similar interests (GEV, 2011).
The popularity of social networking sites has caught the eye of marketers across the Internet. Users can now “like” a business on Facebook, “tweet” about a product or interest on Twitter, or add their most recent book purchases to their Google+ profile page. All of this sharing of information has allowed businesses to track user interests and gain valuable information about consumers that can be customized to assist in sales. In the same way, users can conduct searches of people and find out more about them by viewing their profile information on various sites. Although this information is convenient, is it safe? If a user signs up and creates a profile of personal information to share with friends, how much of that information should be made public? Personal information can be used to destroy a person’s reputation, steal their identity, or unfairly stereotype someone. In 2009 researchers from Carnegie Mellon University were able to accurately predict the social security numbers of over 500,000 Americans using various online data sources to gather the individuals place and date of birth (Acquisti & Gross, 2009). For this reason it is vital for personal information to be protected and only shared with consent of the individual. Privacy policies are intended to inform the user of how their information will be stored, shared, and utilized by the entity collecting or requesting the data. This paper will examine the use and privacy policies of three popular social networking sites: Facebook, Twitter, and Google+; and identify ways in which the policies can be improved to benefit both the website and customers.
- “Do Not Track” Allowing consumers mechanisms to avoid having their activity tracked on the web
- “Mobile” Helping businesses to create short and effective privacy disclosures for mobile applications
- “Data Brokers” Requesting legislation to require notification to consumers of personal information held by data brokers
- “Large Platform Providers” discouraging Internet service providers and other larger entities from tracking consumers activities online
- “Promoting Enforceable Self-Regulatory Codes” Developing and enforcing sector-specific codes of conduct for businesses and law enforcement to follow
Reading Privacy Policies
Privacy policies are commonly lengthy, use broad and confusing terminology and are confusing to consumers. Research conducted at Carnegie Mellon University by Aleecia McDonald and Lorrie Cranor found the average policy to be 2500 words with a reading time of 10 minutes for a total of 250 hours per year for the average number of websites visited (Vedantam, 2012). Perhaps this is why research shows that extremely few website visitors actually read privacy policies while others provide necessary personal information for sign up and hope for the best. Forrester research studied visits to six popular travel websites for one month and found that less than 1 percent of visitors viewed privacy policies (Regan, 2001).
Social networking sites host an enormous amount of PII of their users. In order for customers to protect their information, they need to ensure they understand the privacy policies and limit the amount of personal information they post online. It is necessary to delve further into the privacy policies of these sites to determine whether privacy and online social networking are compatible.
Social Networking Website Privacy
Facebook has a short history of just over eight years but has made a big impact on the world. According to Facebook’s about page, “Facebook’s mission is to make the world more open and connected. People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” (Facebook, 2012). Facebook reported 845 million active users and 425 million mobile users in December of 2011; 80 percent located outside of North America (Facebook, 2012). To sign up for a free Facebook page, the user must provide a name, e-mail address, password, gender, and date of birth. The date of birth is required to limit access to certain content to children and users are able to hide this information from their profile after signing up. Additionally, the fine print above the sign up icon states users have read and understand the terms and data use policy (Facebook, 2012).
Terms provides a 4,205 word document titled “Statement of Rights and Responsibilities” that covers detailed ways in which the information on Facebook is used and the responsibilities of the user when adding, deleting or sharing information. There is also a statement notifying the user that the document could change at any time and to become a fan of the governance page should they want notification of changes. The document explains to the user that they can hide certain information from their profile but does not give any specifics on procedures for doing so (Facebook, 2012). Using the average reading speed of 250 words per minute from McDonald and Cranor’s research, this document would take the user 17 minutes to read.
Data Use Policy
Facebook can also benefit by ensuring third party applications are safe and do not require separate privacy policies for users to consent to. Users would benefit by logging into Facebook and trusting the applications they use are safe and are not collecting personal information and Facebook will prevent further lawsuits and trouble with the FTC. Another benefit to the user and the company would be to simplify privacy settings across the board. Users should not have to select a privacy setting every time they make a posting, or repeatedly go through their friends list to control who has access to what information. User information and interests should only be shared with friends and not friends of friends or third party applications or advertisers. The current policies force a user to “like” a business in order to interact with it. After this takes place, that business has access to their information and use of all postings made by users. Users should be able to show interest in a business without giving out their personal information for marketing purposes. Facebook will benefit by gaining the trust of their users and allowing businesses to market information using the site without the liability of protecting additional customer information (Reisinger, 2010).
Twitter calls its site an “information network” and requires only an e-mail address and password from a user to sign up. Users then have the option to add additional information to their profile such as a name, location, and website. Twitter uses “tweets” or microblogs to communicate with the world. Tweets consist of short messages or photos from a user, business, or community effort. Users can participate in the conversation or just read comments from other entities or users that interest them. Users can search for tweets from any user by topic or follow all of another user’s posts (Twitter, 2012). In September 2011, Twitter had 100 million active users who logged in at least once a month and 362 million registered users (Bennett, 2012).
Twitter does not have a disclosure statement upon sign up of for users to consent to terms or privacy policies nor are these documents shown to the user as part of sign up but the terms do state that by accessing the websites’ services the user agrees to the terms. The term document consists of 2,985 words explaining the user is responsible for all content posted on the site, the importance of use of strong passwords, that all content posted gives Twitter an unlimited license to reuse or copy that content, that Twitter is not responsible for any liability related to content posted and has the right to remove content if necessary (Twitter, 2011). Overall the document is much more straight-forward than Facebook’s terms document and makes it clear to the user that when they post something on Twitter, it is available to the world.
The policy also covers the information Twitter collects from users including log data such as Internet Protocol addresses, mobile phone numbers, device names and searches; cookies, links clicked on, and interaction with advertisers or marketers. Like Facebook, Twitter also notes that their policy can be changed at anytime and users will be notified via an e-mail or their Twitter account. Unlike Facebook, Twitter does not offer third party applications within the site or request PII such as date of birth, age, relationship status, gender, education or work history, or names of family members.
The biggest threats to a Twitter account are impersonation or misrepresentation by someone logged in as another user and users clicking on malicious web addresses posted by other users (Reisinger, 2009). Unfortunately, Twitter has not figured out a way to authenticate accounts and passwords, leaving any third party application granting access to Twitter with the username and password of the users Twitter account. Twitter has plans to implement an authentication similar to Facebook where the user downloads the mobile application, gives only their Twitter username and then uses Twitter to log onto the application and grant permission for access. There are too many Twitter usernames and passwords floating around in third party application databases for users to feel safe about their credentials (Reisinger, 2009). In February 2012, it was reported that the Twitter mobile application was copying users contact lists from their phones and storing this information on the website’s servers. The application creators claimed it was an oversight in an attempt to assist users in finding their friends on Twitter (Skynews, 2012).
Security is linked to privacy when accounts are compromised and a person’s information used without their consent. Twitter must find ways to improve sign on services, set clear requirements for third party applications, and educate users on dangers of providing account details to non-affiliates.
Google+ is very similar to Facebook in that a profile is created and users provide their name, employment details, interests, and various other details to a page that friends can see. Google+ differs in that it was designed with social circles in mind, allowing users to add their contacts to circles according to what details they want the members of that circle to see. For example, instead of posting a status message to their page and deciding who can see each individual status message as it is with Facebook; Google+ allows users to exempt an entire group from all status messages, simplifying the process. Google+ also allows users to view their page as it looks to each social circle at any time, without having to navigate to a special tool like Facebook uses. Additional features unique to Google are video hangouts where a group of friends can video chat at the same time and the ability for users to make public posts and blogs viewable to the entire community (Google, 2012). In February 2012 Google+ had over 100 million registered users and membership is growing at a fast pace (Allen, 2012).
Social networking sites like Facebook, Twitter, and Google+ have changed the way people communicate and the way businesses market around the world. There are so many options to share photos, products, life events, videos and opinions online. Unfortunately somewhere amongst all of the excitement and new technology privacy was lost. Users learned the hard way not to get too personal online after reputations were destroyed, identities stolen and feelings hurt. Technological innovators created cool new applications without security or privacy in mind and those that have survived the backlash from citizens and governments are backtracking to fix old software and redesigning new applications. Legislation is needed to enforce privacy policies and allow the FTC to regulate and audit business standards for privacy protection. The social networking websites that have privacy policies need to make improvements in the way these policies are written to ensure they are easy for the user to navigate, read and understand. Equally necessary is the ability of the business to comply with the privacy policies they create. The way the world communicated may be changing by the day but privacy should not and cannot be ignored in the innovations of the future.
Acquisti, A., & Gross, R. (2009). Predicting Social Security numbers from public data. PNAS, 10975–10980.
Allen, P. (2012, February 1). Google+ Passes 100 Million Users. Retrieved from Google+: https://plus.google.com/117388252776312694644/posts/9zr9iwmN4XL
Bennett, S. (2012, January 13). Twitter on Track for 500 Million Total Users by March. Retrieved from All Twitter: http://www.mediabistro.com/alltwitter/twitter-active-total-users_b17655
comScore. (2011, December 21). It’s a Social World: Social Networking Leads as Top Online Activity Globally, Accounting for 1 in Every 5 Online Minutes. Retrieved from comScore: http://www.comscore.com/Press_Events/Press_Releases/2011/12/Social_Networking_Leads_as_Top_Online_Activity_Globally
Facebook. (2012). Data Use Policy. Retrieved from Facebook: http://www.facebook.com/full_data_use_policy
Facebook. (2012). Newsrooms. Retrieved from Facebook.com: http://newsroom.fb.com/content/default.aspx?NewsAreaId=22
Facebook. (2012). Terms. Retrieved from Facebook: http://www.facebook.com/legal/terms
Federal Trade Commission. (2007, June 25). Privacy Online: A Report to Congress. Retrieved from FTC.gov: http://www.ftc.gov/reports/privacy3/toc.shtm
FTC. (2011, November 29). Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises. Retrieved from FTC.gov: http://www.ftc.gov/opa/2011/11/privacysettlement.shtm
FTC. (2012, March). Protecting Consumer Privacy in an Era of Rapid Change. Retrieved from FTC.gov: http://ftc.gov/os/2012/03/120326privacyreport.pdf
GEV. (2011, April 14). Popularity of Social Networking Sites. Retrieved from GEV: http://www.gev.com/2011/04/popularity-of-social-networking-sites-3/
Goodin, D. (2011, October 14). Facebook accused of violating US wiretap law. Retrieved from The Register: http://www.theregister.co.uk/2011/10/14/facebook_tracking_lawsuit/
Google. (2011, July). The 1000 most-visited sites on the web. Retrieved from Google: http://www.google.com/adplanner/static/top1000/
Google. (2012). Learn More. Retrieved from Google+: http://www.google.com/+/learnmore/
Google. (2012). Terms of Service. Retrieved from Google Policies and Procedures: http://www.google.com/intl/en/policies/terms/
Kerry, J. S. (2011, April 12). Kerry, McCain Introduce Commercial Privacy Bill of Rights. Retrieved from kerry.senate.gov: http://kerry.senate.gov/imo/media/doc/Commercial%20Privacy%20Bill%20of%20Rights%20Press%20Release1.pdf
Rawson, C. (2012, February 17). Google allegedly bypassed privacy settings to track user browsing in Safari. Retrieved from tuaw.com: http://www.tuaw.com/2012/02/17/google-allegedly-bypassed-privacy-settings-to-track-user-browsin/
Regan, K. (2001, June 15). Does Anyone Read Online Privacy Policies? Retrieved from ecommerce times: http://www.ecommercetimes.com/story/11303.html
Reisinger, D. (2009, February 12). Twitter security: There’s still a lot of work to do. Retrieved from CNET News: http://news.cnet.com/8301-17939_109-10162649-2.html
Reisinger, D. (2010, May 24). 10 Ways Facebook Can Improve Privacy and Security. Retrieved from eweek.com: http://www.eweek.com/c/a/Cloud-Computing/10-Ways-Facebook-Can-Improve-Privacy-and-Security-856070/
RT. (2012, January 25). Google to track users… like never before! Retrieved from RT.com: http://rt.com/news/google-privacy-policy-tracking-671/
Skynews. (2012, February 16). Twitter admits peeking at address books, announces privacy improvements. Retrieved from Fox News: http://www.foxnews.com/scitech/2012/02/16/twitter-admits-peeking-at-address-books-announces-privacy-improvements/
Twitter. (2011, June 1). Terms of Service. Retrieved from Twitter: https://twitter.com/tos
Twitter. (2012). About. Retrieved from Twitter: http://twitter.com/about
Vedantam, S. (2012, April 19). To Read All Those Web Privacy Policies, Just Take A Month Off Work. Retrieved from npr.org: http://www.npr.org/blogs/alltechconsidered/2012/04/19/150905465/to-read-all-those-web-privacy-policies-just-take-a-month-off-work
Zuckerberg, M. (2011, November 29). Our Commitment to the Facebook Community. Retrieved from The Facebook Blog: http://blog.facebook.com/blog.php?post=10150378701937131