Facebook: Threats to Privacy Harvey Jones, Jos´e Hiram Soltren December 14, 2005 Abstract End-users share a wide variety of information on Facebook, but a discussion of the privacy implications of doing so has yet to emerge. We examined how Facebook affects privacy, and found serious flaws in the system. Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook. We based our end-user findings on a survey of MIT students and statistical analysis of Facebook data from MIT, Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of Fair Information Practices as recommended by the Federal Trade Commission. In light of the information available and the system that protects it, we used a threat model to analyze specific privacy risks. Specifically, university administrators are using Facebook for disciplinary purposes, firms are using it for marketing purposes, and intruders are exploiting security holes. For each threat, we analyze the efficacy of the current protection, and where solutions are inadequate, we make recommendations on how to address the issue. 1Contents 1 Introduction 4 2 Background 5 2.1 Social Networking and Facebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Information that Facebook stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3 Previous Work 6 4 Principles and Methods of Research 7 4.1 Usage patterns of interest. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2 User surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4.3 Direct data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4.4 Obscuring personal data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4.5 A brief technical description of Facebook from a user perspective . . . . . . . . . . . 10 4.6 Statistical significance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5 End-Users’ Interaction with Facebook 13 5.1 Major trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.2 Facebook is ubiquitous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.3 Users put time and effort into profiles . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.4 Students join Facebook before arriving on campus . . . . . . . . . . . . . . . . . . . 15 5.5 A substantial proportion of students share identifiable information . . . . . . . . . . 16 5.6 The most active users disclose the most . . . . . . . . . . . . . . . . . . . . . . . . 16 5.7 Undergraduates share the most, and classes keep sharing more . . . . . . . . . . . . 18 5.8 Differences among universities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 5.9 Even more students share commercially valuable information . . . . . . . . . . . . . 20 5.10 Users are not guarded about who sees their information . . . . . . . . . . . . . . . . 20 5.11 Users Are Not Fully Informed About Privacy . . . . . . . . . . . . . . . . . . . . . . 20 5.12 As Facebook Expands, More Risks Are Presented . . . . . . . . . . . . . . . . . . . 21 5.13 Women self-censor their data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.14 Men talk less about themselves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.15 General Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6 Facebook and “Fair Information Practices” 22 6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6.2 Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6.3 Choice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 26.4 Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.5 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . …
View Full Document