Sie sind auf Seite 1von 6

1

Privacy & Security Issues Surrounding Social


Networking Sites: Does it matter?
Jongkil J Jeong

Abstract- In this paper, we present a critical literature review Their main argument is that users may be putting
on the current status of privacy issues surrounding Social themselves in harm’s way both offline (e.g. Stalking) and
Networking Sites by examining existing literature and research online (e.g. Identity Theft) if they provide too much
on the subject matter. The concluding argument presented in personal information through their SNS profiles.
this paper shows that although there are certain critical issues
surrounding privacy invasion and security issues both online and
offline that users of social networking sites should be aware of,
However, despite the negative coverage surrounding the
the benefits gained from Social Networking Sites far outweigh issues over Privacy and Security from the use of SNS being
these issues, and this may be one of the reasons why the number well documented and covered extensively by academics,
of social networking site users continue to rise. various organizations and the mass media in recent years,
SNS’s such as Facebook continue to see exponential growth
Keywords: social networking sites, privacy, security, literature review in their user base (Facebook 2010) as shown in Figure 1 .

I. INTRODUCTION

The daily use of Social Networking Sites (SNS’s) such as


Facebook, MySpace and Linkedin has become a routine for
the millions of users resulting in SNS’s moving away from
being just a niche phenomenon to a technology that is
mass adopted by society in large (Gross & Acquisti 2005).
There are now hundreds of different SNS’s which have all
been developed to cater for a wide arrange of different
types of users each with its own unique community and
culture surrounding it (Wikipedia 2010).

Although the target audience, service model and purpose


of each SNS varies, the main technical features remain Figure 1: Number of Active Facebook Users
consistent between sites, and most SNS’s share the
following 3 core features (Boyd & Ellison 2008): This poses an interesting question that this paper will try
and address: Why are SNS’s experiencing such an
1. Allows a user to construct a public or semi-public exponential growth rate in users, when there has been so
profile within a bound system. much literature from both academic and non-academic
2. Displays a list of other users who are networked perspectives which state that there are serious issues
with the person and is connected with through the surrounding SNE’s on the matters of privacy and security?
system.
3. Allow an individual to view and traverse between The approach this paper will take in addressing the
question above will be by providing a review of existing
different people within the bounds of his/her
literature in relation to Privacy & Security concerns over
network. SNS’s, and try to determine whether or not the concerns
raised over these issues are justified, or if the issues in
The relatively open and detailed nature of the information concern is just hype surrounding the lack of knowledge
presented in the user profiles, and the lack of privacy and surrounding SNS’s due to the rapid pace theses services
security control provided by SNS’s and the awareness of have spread throughout our societies.
these issue by users has led to concerns being raised by
large groups of people. In particular, there has been a
II. BACKGROUND & PREVIOUS LITERATURE
substantial amount of academic research focused on
identity presentation and privacy concerns surrounding the
use of SNS’s (e.g. Gross & Acquisti 2005; Stutzman 2006 There is no doubt that security and privacy issues do arise
etc.). from SNS’s, and there are legitimate claims and evidence to
2

support this fact (e.g. Zheleva & Getoor 2009, Gross & (Jones & Soltren 2005). Although surveys show that there
Acquisti 2005 etc). Hence, the nature of this paper is not to are more users who are blocking people outside of their
argue that there are no issues, but to critically examine network accessing their personal profiles, a considerable
how significant concerns over privacy and security actually amount of individuals (27%) continue to use the default
are, and what level of impact it may have for the users of settings provided by the service provider which have a
SNS’s. considerable amount of the attributes set to public sharing
(Webroot 2010, Jones & Soltren 2005).
In order for a conclusion to be drawn in regards to the
questions raised, there is a need for us to examine previous In summary, the issues surrounding privacy and security
literature related to privacy and security in SNS’s in depth, have been due to the following features of SNS’s:
and to critically examine the arguments set forth which
supports the view that users should be genuinely A. Personal online profiles which contain information
concerned about these issues when using SNS’s. about an individual (both referential and attributive) must
be created in order to participate in SNS.
2.1 Social Networking Sites B. Personal profiles contain information that can verify
and identify a particular individual, and have a close
As per the three core features identified by Boyd & Ellison resemblance to a person’s real life identity.
(2008) in the introduction, the main mechanism of how C. SNS’s encourage users to provide as much personal
SNS’s work is based on the online profile a user creates information as possible in order to enhance the user
when they first join a SNS. experience.

These profiles generally contain information about the D. Settings to limit the amount of information provided
specific attributes of an individual which is used to verify through online profiles are limited due to both the
the participant in the online community. Most SNS’s competency level of the individual and technical
encourage users to provide as much information about limitations.
their attributes as possible so that their public identities
match the profiles created online (Gross & Acquisti 2005). 2.2 Privacy Issues

These attributes are not only category-based Westin (2003) defines privacy as “the claim of an individual
representations of a person’s interests, hobbies or to determine what information about himself or herself
affiliation with a specific group or organization (e.g. School should be known to others”.
or Company), but can also be referential as well. Referential
attributes is information that directly refers to a specific The fact that a large amount of personal information
individual which allows a person to be specifically identified. presented in a SNS profile as explained in Section 2.1,
The real life name, gender, date of birth and images of a coupled with the fact that this information may be
person’s social or inner life are all referential attributes involuntarily shared with a vast amount of unknown
which can be used to identify a specific individual (Gross & strangers has raised serious questions surrounding privacy
Acquisti 2005, Riphagen 2008). implications associated with online networking through
SNS’s (Gross & Acquisti 2005). Furthermore, the use of this
All this personal data about a specific participant is given aggregated personal information collected by the SNS
self voluntarily by the user, thus allowing other users to be providers for commercial purposes has also caused room
able to verify, and identify a particular individual. for concern (Haque N 2008).
Furthermore, the data provided on these sites are mostly
genuine and accurate (Table 1) which implies that the This concern is also shared by Gross & Acquisti (2005) who
identity provided through SNS’s is generally accurate, and is state that there are two major privacy implications on SNS’s:
a very close resemblance to their offline identities
(Hargittai 2008), which is where the suspected risk Firstly, The SNS itself may use and spread personal
revolving around privacy and security has been identified. information to different parties in various forms and
methods, without the participant knowing this is occurring.
Table 1 (Gross & Acquisti 2005): Categorization of name quality A quick look through the terms & conditions of the most
of 100 profile names from Facebook. popular SNS’s (with the exception of LinkedIn) in Table 2
Category Percentage Facebook Profiles illustrates how SNS’s are able to share a user’s information
Real Name 89% willingly with third parties.
Partial Name 3%
Fake Name 8%

There are also concerns over the default privacy settings


used in SNS’s such as Facebook, and the difficulties that
participants face when trying to change these settings
3

Table 2: Use of personal information by SNS’s and group memberships which may be displayed through
Is information shared Sharing of Information to third the SNS.
SNS
with third parties? parties
“You understand that we may not
Facebook Yes (Facebook 2010b) always identify paid services and This causes an additional layer of risk surrounding privacy
communications as such.”
“MySpace also may share your PII
in SNS’s because privacy settings that SNS’s allow an
(Personal Identifiable Information) individual to set become nullified due to the fact that
Myspace Yes (MySpace 2010) with Affiliated Companies if it has a discreet information can be extracted through the
business reason to do so.”
“We do not sell, rent, or otherwise networks surrounding a specific individual. Furthermore,
Linkedin No (Linkedin 2010)
provide your personal identifiable the risk extends to not only a particular individual, but a
information to any third parties for
marketing purposes.”
group of participants which may cause a more serious
“We provide such information to privacy problem.
our subsidiaries, affiliated
* Orkut & companies or other trusted
Yes (Google 2010) businesses or persons for the In summary, SNS’s pose an issue surrounding privacy as (a)
Youtube
purpose of processing personal The personal data provided through an SNS can be
information on our behalf.”
“We may use the information
aggregated and be used for commercial or malicious
collected automatically…and to purposes by the SNS themselves or third parties; and (b)
customize Bebo’s content, layout
Privately disclosed information on SNS’s can be exposed by
Bebo Yes (Bebo 2010) and services. We may share this
information with third parties to collecting data on an individual based on the network
help us improve the Bebo Service surrounding the online profile and furthermore pose risks
and better serve our users.”
“We may share your personal on the network itself.
information with these third
parties, but only to the extent
necessary to perform these 2.3 Security
Twitter Yes (Twitter 2010) functions and provide such Security is defined as the “process that ensures data
services, and only pursuant to
obligations mirroring the
integrity and restricts access to those who have been
protections of this privacy policy’ granted it legitimately” (Hones & Soltren 2005). There is
*Both Orkut and Youtube both use Google’s Privacy Policy as they are both evidence to suggest that as the popularity of SNS’s
subsidiaries of Google Inc.
continues to rise, adversaries are increasingly focusing their
efforts on exploiting certain security flaws which exist on
Secondly, the relatively easiness of joining a SNS and social networking sites.
extending one’s network, coupled with the fact that there
is a lack of basic security measures (such as SSL logins) in A recent survey conducted by Webroot (2010) showed that
place makes it easy for third parties to access participants 61% of users displayed their birthdays, 52% showed their
data without the site’s direct collaboration. For example, a place of birth and 17% users showed their mobile phone
recent case in Australia which involved a major bank numbers on SNS’s – all sensitive personal data which could
creating false profiles on Facebook to befriend ANZ be exploited by criminals for malicious purposes such as
customers with bad credits in order to track down their identity theft. Not only that, but there have been numerous
current details voiced major concerns by various groups cases reported through the mass media in regards to child
and organizations over this supposed breach of privacy molestation and stalking incidents which have all stemmed
laws (Gerathy 2010). from criminals making contact with adolescence through
SNS’s (e.g. Roach 2010, Yeebo 2010 etc.).
Zheleva & Gatoor (2009) also identify further privacy issues
surrounding SNE’s. They state through their literature that As the networks and connections created on SNS’s revolve
not only does the voluntary / involuntary disclosure of around weaker social ties than in the real world, and the
personal information by SNE’s pose a threat, but because threshold to qualify as a friend on someone’s SNS network
every individual is bound within a specific group, entire is much easier to infiltrate that in the physical space (Gross
social networks also have the risk of being exposed by & Acquisti 2005), the security issues mentioned above are
potential threats. becoming increasingly common in SNS’s and pose a more
significant risk than similar issues which have been
According to Li et al (2007), this leads to two types of observed through other means such as email phishing in
privacy attacks on the data presented in user profiles: the past.
identity disclosure and attribute disclosure. Identity
disclosure refers to when an adversary is able to make a Furthermore, certain bugs and exploits surrounding the
link between the online profiles of an individual to a technical functions of SNS’s are also being targeted by
specific real-world entity through the attributes provided hackers as there are limited security measures deployed by
through a SNS. Attribute disclosure occurs when an most SNS’s. For example, no secure connection methods
adversary is able to determine information about a (e.g. SSL) are present on most SNS’s and basic measures
particular individual who wishes to keep certain elements including encryption are nonexistent. This opens up SNS’s
of their online profile discreet. This is done by making a to threats such as password interception, commercial data
connection between the public profiles, network of friends mining, database reverse-engineering which are all
4

technical issues that can cause severe damages to In the case of SNS’s, it must be understood that although
participants in SNS’s (Jones & Soltren 2005). the service providers of these sites may encourage users to
provide certain personal information about themselves, the
2.4 Summary majority of personal data is done on a voluntary nature,
From the literature reviewed on the issues surrounding and is not enforced upon the individual. Also, the level of
privacy and security in SNS’s, it is evident that there are information provided through SNS’s is different from user
legitimate reasons to be concerned when providing to user, and this implies that there is no one size fits all
personal information through online profiles which are at solution to the privacy issues surrounding SNS’s and that
the core of any SNS. everyone’s interpretation of privacy is different from one
another.
The first issue arises from how aggregated personal data
gathered from SNS is used which not only allows unknown For example, Westin (2003) continues the debate on the
third parties to access personal information for commercial issues surrounding privacy in his literature by stating that
purposes but also may lead to various security risks such as the continued negative coverage by the mass media on
identity theft and stalking. issues such as mail marketing and telemarketing in the
1990’s is the main reason why users have a generally
Secondly, the increasing number of users on SNS’s has negative attitude towards direct marketing and
attracted attention from adversaries who may look to advertisement. In the scope of SNS’s, this may mean that
exploit the easiness of joining a participants network as although the sharing of user information for commercial
well as trying to find various technical exploits that can also purposes does not seriously pose a significant threat to
cause severe security risks. individuals, it may be portrayed as privacy-intrusive
because of the social atmosphere created in the past.
However, the two main issues summarized above have not
stopped the ever increasing number of users to join and Furthermore, Westin (2003) also argues that high profiled
participate in SNS’s. In the following section, the aim will be cases around identity theft as well as stalking cases in
to provide a critical analysis on the points outlined above, business and government record systems have heightened
to see up to what extent these issues surrounding privacy the perceived risks associated with privacy and security
and security actually poses on participants of SNS’s. over recent years. In this regards, the social atmosphere
surrounding a society may change the attitude of users
III. CRITICAL ANALYSIS towards the issue of privacy and security, and since
previous literature reviewed only examined the issues at
The literature review conducted in the previous section
hand from a strictly individual perspective, there is room
outlines the fact that participants in SNS’s should limit the
for doubt as to how much of a threat the issues brought
amount of information provided through their online
forth really are.
profiles, due to the significant privacy and security issues
that it presents.
Secondly, research also suggests that the main purpose of
most SNS’s is to strengthen existing relationships formed
However, much of the literature which has examined the
offline, rather than create new ones online (Ellison et al
problems surrounding privacy and security within SNS’s fail
2007). This means that SNS users generally spend more
to take into consideration some important points that may
time ‘searching’ for people whom they already have a real
have been overlooked while conducting their research. This
life connection with, rather than ‘browsing’ through the site
may have provided a distorted view on the issues at hand,
to meet complete strangers (Lampe et al 2007).
and the purpose of this section is identify some of the
weaknesses set forth by the literature examined in the
This is further backed up by other scholars who state that
previous section in order to provide a more accurate
despite the potential for global networking through
picture as to the type of impact the issues surrounding
Internet related services such as SNS’s, most people’s
privacy and security actually has.
contact are local, with stronger ties centered on pre-
existing relationships, and interest in ‘strangers’ or distant
Firstly, the literatures that have been failed to examine
others are minimal (Livingstone 2008). Hence, the
privacy norms in depth, and defined privacy based on their
perceived risk surrounding malicious users joining specific
own interpretation of the topic. Westin (2003) states that
groups or networks to exploit participants may be deemed
the political, socio-cultural and the personal settings all
less of a threat than what is perceived.
need to be catered for in order to understand the true
meaning of privacy, and debates over privacy are never-
Finally, it is important to understand that despite the risks
ending due to the complexity it presents when trying to
perceived with privacy and security, there are significant
measure what is private or not for an individual. What this
benefits to be gained from the use of SNS’s in general. As
implies is that privacy is a complex condition, and cannot
mentioned in the previous section, SNS’s are used by most
be defined by others as it is a matter of personal choice by
users to strengthen existing ties in the real life world which
an individual as done in the literature reviewed.
allows for better relationships to be formed by participants.
5

Self-expression, sociability, community engagement, provided to an SNS to create an online profile; (b) The
creativity and new literacies are all benefits which can be easiness to join a SNS and the lack of security features
associated with the use of SNS’s (Livingstone 2008), and provided.
these benefits all impact the notion of Social Capital – “the
resources accumulated through the relationships among However, this paper suggested that these risks were not as
people” (Coleman 1998). prevalent as people believed, and most of the concerns
surrounding the issue were hyped due to the methods used
As shown in Figure 2, These resources can take the form of to present the case for privacy and security concerns in
useful information, better personal relationships or the SNS’s were flawed. This does not imply that certain issues
capacity to organize groups of particular interest by surrounding privacy and security did not exist, but the level
participants in SNS’s, and research suggests that despite of impact these issues may not be as significant as
the potential for privacy abuses and security issues, the perceived by certain groups and individuals.
benefits that an individual receives from using SNS’s is a
strong enough merit for users to continue on not only using It must be acknowledged that there are certain limitations
the service, but recommending it to others as well (Ellison to this paper, as the conclusion drawn may not be relevant
et al 2007). to all SNS’s due to the fact that not all SNS’s are the same
such as different privacy policies, functions & services, user
demographics and resources which can all affect the
outcome of the findings. .

Furthermore, the scope of the paper has only allowed us to


provide a generic overview as to the benefits that users can
derive from SNS’s, and the paper was unable to closer
examine important topics such as social capital and the
impact of mass media on user’s perception of privacy and
security which may have provided a more solid argument.

Hence, this paper recommends that future scholars should


look further into the matters of benefits vs. risks of SNS’s as
well as how socio-cultural, political and personal settings on
privacy as defined by Westin can impact the way users
engage in SNS’s.

Figure 2: Sources, mechanisms and outcomes of social capital


(Ruuskanen 2001)

Furthermore, as Social Capital allows for better


collaboration and social support within a SNS community,
the perceived security threats from technical exploits may
also be lowered as well, as participants may coordinate
security measures amongst themselves through means
such as alerting each other to certain dangers, as well as
reporting the threats to those in charge who may be
quicker to respond to fixing the problem at hand.

IV. CONCLUSION
The main aim of this paper was to review the current
issues surrounding privacy security in SNS’s, and to
understand why the participation of SNS by participants
continued to increase despite the issues at hand.

The paper identified that there were two main reasons


why privacy and security were considered such a risk in
SNS’s: (a) The level of voluntary personal information
6

REFERENCES intimacy, privacy and self-expression’, New Media Society, 10, pp.
st 393-411
Bebo (2010, ‘Privacy Policy’, Bebo, Accessed 1 November 2010
from http://www.bebo.com/Privacy2.jsp st
Myspace (2010), ‘Privacy’, Myspace, Accessed 1 November 2010
from
Boyd D & Ellison N (2008), ‘Social Network Sites: Definition,
http://www.myspace.com/index.cfm?fuseaction=misc.privacy
History, and Scholarship’, Journal of Computer-Mediated
Communication, 13, pp.210-230
Riphagen D (2008), ‘Privacy Risks for users of Social Network Sites’,
Delft University of Technology, Netherlands
Coleman J (1988), ‘Social capital in the creation of human capital’,
American Journal of Sociology, 94, S95-120 Roach E (2010, ‘Child pornography trafficked on Facebook’,
st
Baptist Press, Accessed 1 November 2010 from
Ellison N, Steinfield C & Lampe C (2007), ‘The Benefits of Facebook
http://www.bpnews.net/BPnews.asp?ID=33960
“Friends:” Social Capital and College Students’ Use of Online Social
Network Sites’, Journal of Computer-Mediated Communication,
Ruuskanen P (2001), ‘Social Capital and Innovations in Small and
12, pp.1143-1168
Medium Sized Enterprises’, DRUID Summer Conference, pp. 1-28,
Elsinore, Denmark
Facebook (2010), ‘Facebook Timeline’, Facebook, Accessed 30th
October 2010 from Twitter (2010), ‘Twitter Privacy Policy, Twitter, Accessed 1
st
http://www.facebook.com/press/info.php?statistics#!/press/info.
November 2010 from http://twitter.com/privacy
php?timeline
Webroot (2010), ‘ One year later, Social Networkers are savvier
Facebook (2010b), ‘Statement of Rights and Responsibilities’,
about keeping information private, but still take risks’, Webroot,
Facebook, Accessed 1st November 2010 from st
Accessed 1 November 2010 from http://pr.webroot.com/threat-
http://www.facebook.com/?ref=logo#!/terms.php
research/cons/social-networking-identity-theft-033010.html
Gerathy S (2010), ‘Fake ANZ Facebook profile may breach laws’,
Westin A (2003), ‘Social and Political Dimensions of Privacy’,
ABC, Accessed 1st November 2010 from Journal of Social Issues, 59:2, pp. 431-453
http://www.abc.net.au/news/stories/2010/05/26/2910320.htm
Wikipedia (2010), ‘List of Social Networking Sites’, Wikipedia,
Google (2010), ‘Privacy Policy’, Google Privacy Center, Accessed th
Accessed 30 October 2010 from
1st November 2010 from
http://en.wikipedia.org/wiki/List_of_social_networking_websites
http://www.google.com/privacypolicy.html
Yeebo Y (2010), ‘ Manhattan teacher Fired for Allegedly Stalking
Gross R & Acquisti A (2005), ‘Information Revelation and Privacy st
Students on Facebook’, DNAinfo, Accessed 1 November 2010
in Online Social Networks’, WPES’05- Virginia USA, pp. 71- 80
from http://www.dnainfo.com/20101018/manhattan/manhattan-
teacher-fired-for-allegedly-stalking-students-on-facebook
Hargittai E. (2008), ‘Whose Space? Differences Among users and
Non-Users of Social Network Sites’, Journal of Computer –
Zheleva E & Getoor Lise (2009), ‘To Join or Not to Join: The Illusion
Mediated Communication, 13, pp.276-296
of Privacy In Social Networks with Mixed Public and Private User
Profiles’, WWW 2009, pp.531-540, Madrid, Spain
Haque N (2008), ‘How social networks make money. Listen up
st
Facebook’, Wikinomics, Accessed 1 November 2010 from
http://www.wikinomics.com/blog/index.php/2008/04/29/how-
social-networks-make-money-listen-up-facebook/

Jones H & Soltren J (2005), ‘Facebook: Threats to Privacy’, MIT,


2005

Lampe C, Ellison N & Steinfield C (2006), ‘A Face(book) in the


crowd: Social searching vs. Social browsing’, Proceedings of the
th
2006 20 Anniversary Conference on Computer Supported
Cooperative Work, pp.167-170, New York

Lange P (2008), ‘Publicly Private and Privately Public: Social


Networking on Youtube’, Journal of Computer Mediated
Communication, 13, pp. 361-380

Li N, Li T & Venkatasubramanian S (2007), ‘T-Closeness: Privacy


beyond k-anon and l-diversity’, ICDE, 2007
st
Linkedin (2010), ‘Privacy Policy’, Linkedin, Accessed 1 November
2010 from http://www.linkedin.com/static?key=privacy_policy

Livingstone S (2008), ‘Taking risky opportunities in youthful


content creation: teenagers’ use of social networking sites for