How Private is your Social Network?

How Private is Your Social Network?

Amy Wees

UMUC

CSEC620

April 19, 2012

 


 

Abstract

Social networking websites such as Facebook, Twitter, and Google+ provide communication and advertising services to individuals, businesses and marketers.  Facebook was ranked by Google as the most visited site in 2011 with 880 million users and an astonishing one trillion page views (Google, 2011).  What makes social networking sites so popular?  Most sites are free to use and provide an easy way to keep in touch with family and friends near and far. All of this sharing of information has allowed businesses to track user interests and gain valuable information about consumers that can be customized to assist in sales.  In the same way, users can conduct searches of people and find out more about them by viewing their profile information on various sites.  Although this information is convenient, is it safe?  Privacy policies are intended to inform the user of how their information will be stored, shared, and utilized by the entity collecting or requesting the data.  This paper will examine the use and privacy policies of three popular social networking sites: Facebook, Twitter, and Google+; and identify ways in which the policies can be improved to benefit both the website and customers.    


 

How Private is Your Social Network?

Social networking websites such as Facebook, Twitter, and Google+ provide communication and advertising services to individuals, businesses and marketers.  Social networking websites are so captivating that 82 percent of the world’s 1.2 billion Internet users spent one of every five minutes online logged into a social networking site in October of 2011 according to research firm comScore (comScore, 2011).  Facebook was ranked by Google as the most visited site in 2011 with 880 million users and an astonishing one trillion page views (Google, 2011).  What makes social networking sites so popular?  Most sites are free to use and provide an easy way to keep in touch with family and friends near and far.  People can share photos, quick updates on their life’s happenings, play games with friends, network for employment, sell products or market businesses, and meet new people with similar interests (GEV, 2011).

The popularity of social networking sites has caught the eye of marketers across the Internet.  Users can now “like” a business on Facebook, “tweet” about a product or interest on Twitter, or add their most recent book purchases to their Google+ profile page.  All of this sharing of information has allowed businesses to track user interests and gain valuable information about consumers that can be customized to assist in sales.  In the same way, users can conduct searches of people and find out more about them by viewing their profile information on various sites.  Although this information is convenient, is it safe?  If a user signs up and creates a profile of personal information to share with friends, how much of that information should be made public?  Personal information can be used to destroy a person’s reputation, steal their identity, or unfairly stereotype someone.  In 2009 researchers from Carnegie Mellon University were able to accurately predict the social security numbers of over 500,000 Americans using various online data sources to gather the individuals place and date of birth (Acquisti & Gross, 2009).  For this reason it is vital for personal information to be protected and only shared with consent of the individual.  Privacy policies are intended to inform the user of how their information will be stored, shared, and utilized by the entity collecting or requesting the data.  This paper will examine the use and privacy policies of three popular social networking sites: Facebook, Twitter, and Google+; and identify ways in which the policies can be improved to benefit both the website and customers.

Privacy Policies

A privacy policy is defined by BusinessDictionary.com as a “Statement that declares a firm’s or website’s policy on collecting and releasing information about a visitor. It usually declares what specific information is collected and whether it is kept confidential or shared with or sold to other firms, researchers or sellers” (Business Dictionary, 2012).  Websites are highly encouraged to have privacy policies although they are not required by United States law unless information is being collected from children under the age of 13.  There are currently bills in congress awaiting approval that will strengthen legislation for the protection of personally identifiable information (PII).  One such bill is the Commercial Privacy Bill of Rights.  This bill would require businesses to notify customers of practices for collecting information and protect that information but prevent businesses that are only marketing to customers from collecting or storing personal information (Kerry, 2011).

The Federal Trade Commission (FTC) is responsible for governing privacy policies and prosecuting those who violate their own privacy policies under the Federal Trade Commission Act (Connelly, 2010).  In a 2007 report to congress, the FTC noted that “although 85 percent of over 1400 websites surveyed collected personal information from consumers, only 2 percent of provided a comprehensive privacy policy and 14 percent provided notice to consumers regarding information practices” (Federal Trade Commission, 2007).  A more recent FTC report in 2012 continues to urge congress to enact baseline privacy legislation and notes that “overall, consumers do not yet enjoy the privacy protections proposed in the preliminary staff report” (FTC, 2012).  The FTC (2012) also noted they would concentrate on improving consumer privacy in five key areas:

  1. “Do Not Track” Allowing consumers mechanisms to avoid having their activity tracked on the web
  2. “Mobile” Helping businesses to create short and effective privacy disclosures for mobile applications
  3. “Data Brokers” Requesting legislation to require notification to consumers of personal information held by data brokers
  4. “Large Platform Providers” discouraging Internet service providers and other larger entities from tracking consumers activities online
  5. “Promoting Enforceable Self-Regulatory Codes” Developing and enforcing sector-specific codes of conduct for businesses and law enforcement to follow

Reading Privacy Policies

Privacy policies are commonly lengthy, use broad and confusing terminology and are confusing to consumers.  Research conducted at Carnegie Mellon University by Aleecia McDonald and Lorrie Cranor found the average policy to be 2500 words with a reading time of 10 minutes for a total of 250 hours per year for the average number of websites visited (Vedantam, 2012).  Perhaps this is why research shows that extremely few website visitors actually read privacy policies while others provide necessary personal information for sign up and hope for the best.  Forrester research studied visits to six popular travel websites for one month and found that less than 1 percent of visitors viewed privacy policies (Regan, 2001).

Social networking sites host an enormous amount of PII of their users.  In order for customers to protect their information, they need to ensure they understand the privacy policies and limit the amount of personal information they post online.  It is necessary to delve further into the privacy policies of these sites to determine whether privacy and online social networking are compatible.

Social Networking Website Privacy

Facebook

     Facebook has a short history of just over eight years but has made a big impact on the world.  According to Facebook’s about page, “Facebook’s mission is to make the world more open and connected. People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” (Facebook, 2012).  Facebook reported 845 million active users and 425 million mobile users in December of 2011; 80 percent located outside of North America (Facebook, 2012).  To sign up for a free Facebook page, the user must provide a name, e-mail address, password, gender, and date of birth.  The date of birth is required to limit access to certain content to children and users are able to hide this information from their profile after signing up.  Additionally, the fine print above the sign up icon states users have read and understand the terms and data use policy (Facebook, 2012).

Terms

Terms provides a 4,205 word document titled “Statement of Rights and Responsibilities” that covers detailed ways in which the information on Facebook is used and the responsibilities of the user when adding, deleting or sharing information.  There is also a statement notifying the user that the document could change at any time and to become a fan of the governance page should they want notification of changes.  The document explains to the user that they can hide certain information from their profile but does not give any specifics on procedures for doing so (Facebook, 2012).  Using the average reading speed of 250 words per minute from McDonald and Cranor’s research, this document would take the user 17 minutes to read.

Data Use Policy

By clicking sign up, the user has also agreed to the data use policy which is Facebook’s title for its privacy policy.  This document consists of 6,910 words regarding what information is available to Facebook, how this information is used, how long the information is kept, and how the user may remove their information from the site by deleting their account.  Key information from the document is that the user’s name, photos and network are always publicly available.  Users’ photos, comments and information input about them by other users are also public.  Specifically, if a user posts a comment on a business’ page, that business now owns that comment and may use it anyway they like within or outside of Facebook (Facebook, 2012).   The data use policy also covers communication with advertisers and how to manage the data shown on users and friends pages.  Average read time of this document is 28 minutes at 250 words per minute.  Fortunately, Facebook has created interactive tools to help the user in navigating the document and viewing or changing privacy settings.  Figure 1 shows the navigation page for Facebook’s interactive tools (Facebook, 2012).

 

 

 

Figure 1

 

Most information on Facebook is publicly available unless the user follows the guidelines in the Data Use Policy to remove or protect their information from certain users.  Unfortunately, users cannot control information friends post about them or photos they are “tagged” in. Facebook notes in the terms that they collect data about a user’s location, interests, and friends in order to provide them with a better experience (Facebook, 2012).  Facebook’s policies have caused uproar from users and legal implications.  For example, in 2011 the FTC charged Facebook with breaking its own privacy policies without notifying the user by changing the site so information users thought was private was made public, allowing third party applications access to personal data of users and their friends, falsely claiming they had verified the security of applications, allowing access to users’ photos and videos even after accounts were deactivated or deleted, and violating data transfer laws between the U.S. and Europe.  The charges forced Facebook to clean up their policies and website and succumb to a privacy audits for the next 20 years (FTC, 2011).  More recently a user in Mississippi opened a class action lawsuit against Facebook claiming the site tracked her with cookies from “like” icons on various sites even when she was logged out of the site; something the sites’ privacy policy states will not happen (Goodin, 2011).

Improvements

Facebook CEO Mark Zuckerberg wrote in a November 2011 blog that he admits the company had made many mistakes with their privacy policies and outlined improvements to be made.  Among those mentioned were improvements to the privacy policy creating tools to help users understand and view what information was public (such as the interactive tool in Figure1), notifying users when they are “tagged” to allow them to review the postings, an application dashboard allowing users to view what information applications had access to, making friends lists easier to manage, and including permissions options on each post (Zuckerberg, 2011).

Facebook can also benefit by ensuring third party applications are safe and do not require separate privacy policies for users to consent to.  Users would benefit by logging into Facebook and trusting the applications they use are safe and are not collecting personal information and Facebook will prevent further lawsuits and trouble with the FTC.  Another benefit to the user and the company would be to simplify privacy settings across the board.  Users should not have to select a privacy setting every time they make a posting, or repeatedly go through their friends list to control who has access to what information.  User information and interests should only be shared with friends and not friends of friends or third party applications or advertisers.  The current policies force a user to “like” a business in order to interact with it.  After this takes place, that business has access to their information and use of all postings made by users.  Users should be able to show interest in a business without giving out their personal information for marketing purposes.  Facebook will benefit by gaining the trust of their users and allowing businesses to market information using the site without the liability of protecting additional customer information (Reisinger, 2010).

Twitter

     Twitter calls its site an “information network” and requires only an e-mail address and password from a user to sign up.  Users then have the option to add additional information to their profile such as a name, location, and website.  Twitter uses “tweets” or microblogs to communicate with the world.  Tweets consist of short messages or photos from a user, business, or community effort.  Users can participate in the conversation or just read comments from other entities or users that interest them.  Users can search for tweets from any user by topic or follow all of another user’s posts (Twitter, 2012).  In September 2011, Twitter had 100 million active users who logged in at least once a month and 362 million registered users (Bennett, 2012).

Terms

Twitter does not have a disclosure statement upon sign up of for users to consent to terms or privacy policies nor are these documents shown to the user as part of sign up but the terms do state that by accessing the websites’ services the user agrees to the terms.  The term document consists of 2,985 words explaining the user is responsible for all content posted on the site, the importance of use of strong passwords, that all content posted gives Twitter an unlimited license to reuse or copy that content, that Twitter is not responsible for any liability related to content posted and has the right to remove content if necessary (Twitter, 2011).  Overall the document is much more straight-forward than Facebook’s terms document and makes it clear to the user that when they post something on Twitter, it is available to the world.

Privacy Policy

The Twitter privacy policy is 1,440 words long and explains that any information provided to Twitter will be made public on Twitter anywhere in the world unless specified otherwise in the users profile or settings.  The policy states “Our Services are primarily designed to help you share information with the world. Most of the information you provide to us is information you are asking us to make public. This includes not only the messages you Tweet and the metadata provided with Tweets, such as when you Tweeted, but also the lists you create, the people you follow, the Tweets you mark as favorites or Retweet and many other bits of information” (Twitter, 2011).

The policy also covers the information Twitter collects from users including log data such as Internet Protocol addresses, mobile phone numbers, device names and searches; cookies, links clicked on, and interaction with advertisers or marketers.  Like Facebook, Twitter also notes that their policy can be changed at anytime and users will be notified via an e-mail or their Twitter account.  Unlike Facebook, Twitter does not offer third party applications within the site or request PII such as date of birth, age, relationship status, gender, education or work history, or names of family members.

Improvements

The biggest threats to a Twitter account are impersonation or misrepresentation by someone logged in as another user and users clicking on malicious web addresses posted by other users (Reisinger, 2009).  Unfortunately, Twitter has not figured out a way to authenticate accounts and passwords, leaving any third party application granting access to Twitter with the username and password of the users Twitter account.  Twitter has plans to implement an authentication similar to Facebook where the user downloads the mobile application, gives only their Twitter username and then uses Twitter to log onto the application and grant permission for access.  There are too many Twitter usernames and passwords floating around in third party application databases for users to feel safe about their credentials (Reisinger, 2009).  In February 2012, it was reported that the Twitter mobile application was copying users contact lists from their phones and storing this information on the website’s servers.  The application creators claimed it was an oversight in an attempt to assist users in finding their friends on Twitter (Skynews, 2012).

Security is linked to privacy when accounts are compromised and a person’s information used without their consent.  Twitter must find ways to improve sign on services, set clear requirements for third party applications, and educate users on dangers of providing account details to non-affiliates.

Google+

     Google+ is very similar to Facebook in that a profile is created and users provide their name, employment details, interests, and various other details to a page that friends can see.  Google+ differs in that it was designed with social circles in mind, allowing users to add their contacts to circles according to what details they want the members of that circle to see.  For example, instead of posting a status message to their page and deciding who can see each individual status message as it is with Facebook; Google+ allows users to exempt an entire group from all status messages, simplifying the process.  Google+ also allows users to view their page as it looks to each social circle at any time, without having to navigate to a special tool like Facebook uses.  Additional features unique to Google are video hangouts where a group of friends can video chat at the same time and the ability for users to make public posts and blogs viewable to the entire community (Google, 2012).  In February 2012 Google+ had over 100 million registered users and membership is growing at a fast pace (Allen, 2012).

Terms

            In March of 2012 Google replaced 60 separate documents used to define terms of use and privacy within its various services and created one policy for all services.  There is an overview page explaining the changes and a quick link to terms of service and privacy.  The terms of service are similar to Facebook and Twitter in that they explain that any content posted is now owned by Google with license to use as needed.  Other items of importance are that open source software owned by Google can be used by users but not copied or redistributed and that the liability of Google is limited to the amount paid to use the service (Google, 2012).

 Privacy Policy

Google’s privacy policy explains “what information is collected and why, how that information is utilized, and how to access and update information” (Google, 2012).  The policy is similar to Twitter in that it explains that Google collects and stores data from the information given for a public profile, device or hardware information, cookies, log information, and location and application specific information related to a user’s operating system.  Similar to Facebook, Google explains that they use the information collected to provide an improved and tailored user experience.  The policy also notes that information will be shared with third parties only with a users’ consent (Google, 2012).

Improvements

Google’s policy lacks specific details on how to update incorrect user information or restrict information only to certain parties.  This could be improved by providing links for updating information within the privacy policy for each service offered.  Although the new all-in-one privacy policy is claiming to make for an easier user experience, Google has been under scrutiny as many customers do not want their private information shared between services and combined into one single profile.  An article on RT.com news states “it’s not like Google doesn’t already collect a lot of information about its customers. When you are using Android mobile phones, Google can access your contacts and location. If you are searching for something on the internet, Google remembers all the search terms. When you sign into your Google account, it can track the sites you visit” (RT, 2012).  This scrutiny is combined with reports that Google tracked Apple device users without their consent by exploiting an anti-cookie tracking mechanism in the Safari web browser (Rawson, 2012).

Google can improve its privacy policy by making specific information regarding protecting information within each service easy to find and understand.  For example, currently when in Google+ the privacy policy users click on is the all-in-one policy and provides no specifics on how to protect the Google+ profile except within user tutorials.  Users should know how their information is being used within each Google service and how they can change their privacy settings or opt-out of information sharing.  Google+ improved on the privacy of its social network site pages over Facebook by creating social circles but has room to improve upon the short and broad termed privacy policy covering all of its many services.

Conclusion

            Social networking sites like Facebook, Twitter, and Google+ have changed the way people communicate and the way businesses market around the world.  There are so many options to share photos, products, life events, videos and opinions online.  Unfortunately somewhere amongst all of the excitement and new technology privacy was lost.  Users learned the hard way not to get too personal online after reputations were destroyed, identities stolen and feelings hurt.  Technological innovators created cool new applications without security or privacy in mind and those that have survived the backlash from citizens and governments are backtracking to fix old software and redesigning new applications.  Legislation is needed to enforce privacy policies and allow the FTC to regulate and audit business standards for privacy protection.   The social networking websites that have privacy policies need to make improvements in the way these policies are written to ensure they are easy for the user to navigate, read and understand.  Equally necessary is the ability of the business to comply with the privacy policies they create.  The way the world communicated may be changing by the day but privacy should not and cannot be ignored in the innovations of the future.

 

           


 

References

Acquisti, A., & Gross, R. (2009). Predicting Social Security numbers from public data. PNAS, 10975–10980.

Allen, P. (2012, February 1). Google+ Passes 100 Million Users. Retrieved from Google+: https://plus.google.com/117388252776312694644/posts/9zr9iwmN4XL

Bennett, S. (2012, January 13). Twitter on Track for 500 Million Total Users by March. Retrieved from All Twitter: http://www.mediabistro.com/alltwitter/twitter-active-total-users_b17655

Business Dictionary. (2012). Privacy Policy. Retrieved from BusinessDictionary.com: http://www.businessdictionary.com/definition/privacy-policy.html

comScore. (2011, December 21). It’s a Social World: Social Networking Leads as Top Online Activity Globally, Accounting for 1 in Every 5 Online Minutes. Retrieved from comScore: http://www.comscore.com/Press_Events/Press_Releases/2011/12/Social_Networking_Leads_as_Top_Online_Activity_Globally

Connelly, R. V. (2010, September 28). What is a Privacy Policy? Retrieved from Render Visions Consulting: http://www.rendervisionsconsulting.com/blog/what-is-a-privacy-policy/

Facebook. (2012). Data Use Policy. Retrieved from Facebook: http://www.facebook.com/full_data_use_policy

Facebook. (2012). Newsrooms. Retrieved from Facebook.com: http://newsroom.fb.com/content/default.aspx?NewsAreaId=22

Facebook. (2012). Terms. Retrieved from Facebook: http://www.facebook.com/legal/terms

Federal Trade Commission. (2007, June 25). Privacy Online: A Report to Congress. Retrieved from FTC.gov: http://www.ftc.gov/reports/privacy3/toc.shtm

FTC. (2011, November 29). Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises. Retrieved from FTC.gov: http://www.ftc.gov/opa/2011/11/privacysettlement.shtm

FTC. (2012, March). Protecting Consumer Privacy in an Era of Rapid Change. Retrieved from FTC.gov: http://ftc.gov/os/2012/03/120326privacyreport.pdf

GEV. (2011, April 14). Popularity of Social Networking Sites. Retrieved from GEV: http://www.gev.com/2011/04/popularity-of-social-networking-sites-3/

Goodin, D. (2011, October 14). Facebook accused of violating US wiretap law. Retrieved from The Register: http://www.theregister.co.uk/2011/10/14/facebook_tracking_lawsuit/

Google. (2011, July). The 1000 most-visited sites on the web. Retrieved from Google: http://www.google.com/adplanner/static/top1000/

Google. (2012). Learn More. Retrieved from Google+: http://www.google.com/+/learnmore/

Google. (2012). Privacy Policy. Retrieved from Google Policies and Principles: http://www.google.com/intl/en/policies/privacy/

Google. (2012). Terms of Service. Retrieved from Google Policies and Procedures: http://www.google.com/intl/en/policies/terms/

Kerry, J. S. (2011, April 12). Kerry, McCain Introduce Commercial Privacy Bill of Rights. Retrieved from kerry.senate.gov: http://kerry.senate.gov/imo/media/doc/Commercial%20Privacy%20Bill%20of%20Rights%20Press%20Release1.pdf

Rawson, C. (2012, February 17). Google allegedly bypassed privacy settings to track user browsing in Safari. Retrieved from tuaw.com: http://www.tuaw.com/2012/02/17/google-allegedly-bypassed-privacy-settings-to-track-user-browsin/

Regan, K. (2001, June 15). Does Anyone Read Online Privacy Policies? Retrieved from ecommerce times: http://www.ecommercetimes.com/story/11303.html

Reisinger, D. (2009, February 12). Twitter security: There’s still a lot of work to do. Retrieved from CNET News: http://news.cnet.com/8301-17939_109-10162649-2.html

Reisinger, D. (2010, May 24). 10 Ways Facebook Can Improve Privacy and Security. Retrieved from eweek.com: http://www.eweek.com/c/a/Cloud-Computing/10-Ways-Facebook-Can-Improve-Privacy-and-Security-856070/

RT. (2012, January 25). Google to track users… like never before! Retrieved from RT.com: http://rt.com/news/google-privacy-policy-tracking-671/

Skynews. (2012, February 16). Twitter admits peeking at address books, announces privacy improvements. Retrieved from Fox News: http://www.foxnews.com/scitech/2012/02/16/twitter-admits-peeking-at-address-books-announces-privacy-improvements/

Twitter. (2011, June 1). Terms of Service. Retrieved from Twitter: https://twitter.com/tos

Twitter. (2011, June 1). Twitter Privacy Policy. Retrieved from Twitter.com: https://twitter.com/privacy

Twitter. (2012). About. Retrieved from Twitter: http://twitter.com/about

Vedantam, S. (2012, April 19). To Read All Those Web Privacy Policies, Just Take A Month Off Work. Retrieved from npr.org: http://www.npr.org/blogs/alltechconsidered/2012/04/19/150905465/to-read-all-those-web-privacy-policies-just-take-a-month-off-work

Zuckerberg, M. (2011, November 29). Our Commitment to the Facebook Community. Retrieved from The Facebook Blog: http://blog.facebook.com/blog.php?post=10150378701937131

 

 

Advertisements

, , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: