rediff.com
News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

Rediff.com  » News » Social networking sites don't protect your privacy
This article was first published 15 years ago

Social networking sites don't protect your privacy

Last updated on: July 23, 2009 

Image: Screenshots of popular social netwroking websites Facebook and MySpace
Photographs: Prasun Sonwalkar/PTI

Furious competition between social networking sites such as Facebook and MySpace is compromising the protection of users' data, a Cambridge University study has concluded.

The survey covered 45 global social networks, ranging from popular sites such as MySpace and Facebook to lesser-known networks. Its authors report 'serious concerns' about the extent to which these sites fail to keep users' personal information private. It is the first detailed analysis to examine the security provisions of a large number of social networks.

While the problems it identifies, such as misleading privacy policies and inaccessible privacy guidelines, have long been suspected, the report provides new numerical data to confirm their scope.

Some 90 per cent of sites, for example, needlessly required a full name or date of birth for permission to join. 80 per cent failed to use standard encryption protocols to protect sensitive user data from hackers. And 71 per cent reserved the right to share user data with third parties in their privacy policies.

Social networking sites don't protect your privacy

Image: A person poses in front of a computer screen which displays the Facebook application 'The pope meets you on Facebook' in London
Photographs: Jonathan Bainbridge/Reuters

The study also argues that privacy is being compromised by rigorous competition for users. Researchers argue that open discussion of privacy on social networking sites puts off the average user, which discourages the owners from producing explicit or accessible privacy guidelines.

"Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data," Co-researcher Joseph Bonneau said. "Even sites with good privacy feel that they can't promote it, so users have no idea of what they're getting."

The researchers only covered sites, which are available in English, signing up to each using a Yahoo! Email account and the pseudonym "Upton Sinclair".

In each case, Bonneau and his fellow researcher, S ren Preibusch, recorded the amount of personal information that they had to hand over in order to sign up to the site and how much they were told about its privacy policy and settings in the process. They also analysed how much they could see about the site's existing members before they joined.

Once they were signed up, the researchers tested each site's privacy controls against 260 criteria, examining features such as log-in arrangements and the site's privacy policy and configuration controls.

Social networking sites don't protect your privacy

Image: A person surfs the Web at an Internet cafe in Seoul
Photographs: You Sung-Ho/Reuters
They found what the report calls 'pervasive problems', including poor web security practices, confusing user-interfaces and misleading privacy policies.

All but three of the general purpose sites they examined left new profiles completely visible to at least all the other members of the site by default. As previous studies have suggested that between 80 per cent and 99 per cent of users never alter their privacy settings, this means that in most cases their profiles will remain visible.

The researchers also produced privacy scores for each of the networks assessed. Bebo and LinkedIn were ranked the highest for their privacy settings, while the British site Badoo earned the wooden spoon.
 
Facebook and MySpace, frequently the targets of privacy critics, finished slightly above average. In general, the researchers found that the larger, more popular and older sites maintained better privacy practices and adopted higher privacy standards.

Social networking sites don't protect your privacy

Image: A man browses web at an Internet cafe in Madrid
Photographs: Andrea Comas/Reuters
"The popular sites are just the tip of the iceberg," Preibusch said. "Niche sites implement significantly less favourable privacy practices and offer fewer controls to their users to configure the sharing of personal information."

Since the sites depend on acquiring as many users as possible, the researchers argue that most social networks opt to set up long and complicated privacy measures which, in most cases, it is difficult to access or even find.

At the same time, they show off how many users they have and how easy it is to make friends, or share photos, videos and music - all features which it would be harder to sell with stricter privacy controls.

The report calls for an "opt-out" approach to privacy, in which users' details are kept private until otherwise stated. It also calls for stronger across-the-board regulation, and suggests that sites could offer "premium" membership schemes which allow users to handle their privacy settings in greater detail if they so wish, a scheme known as "privacy negotiations".