Grouping Friends for Access Control in Online Social Networks Blase Ur and Robert McGrath ur rmcgrath fas harvard edu 0 ABSTRACT We investigate the nature of friendships on Facebook a popular social networking site for college students and how friendships can be grouped to improve social networking access control We propose and implement two novel graphical user interfaces which allow users to drag and drop their friends into groups they create and then set privacy preferences for these groups using the viewpoint of what group members see We perform a 5 subject pilot usability study of our interface and ideas All 5 users create incompatible privacy preferences for 3 5 different groups whereas Facebook can currently handle only 2 types of groups Study subjects also suggest modifications and potential future uses for the interface we have created 1 INTRODUCTION Friends on social networking sites are a bit like friends in real life but also a bit different Friends in real life can be best friends forever acquantainces people we know from high school or a litany of other designations on the continuum of friendship However online two users are either friends or they are not friends Social networking sites don t allow users to be best Facebook friends or distant MySpace buddies As a result all of a user s friends on a social networking site generally have access to the same information However we look back to the group concept present in operating systems such as Unix and Multics and then update these concepts for social networking websites In particular we implement a graphical user interface that allows social networking users to categorize their friends as they desire and then choose privacy preferences for those groups of friends This interface requires only a web browser and Macromedia Flash plug in to run adding little overhead to the social networking site We expand this concept by implementing a client side cryptography scheme allowing users to post information on untrusted social networking sites and knowing that with very high probability this information will only be visible to the friends they specify We test our ideas and implementation in a 5 person pilot usability study designed to test the efficiency and usefulness of the ability to group social networking friends as well as the usability of our graphical user interface 1 1 SOCIAL NETWORKING Social networking websites are online communities built on top of users connections and personal information Users post content in the form of profiles or blogs and then send and accept invitations to add other users as friends The type of information posted on social networking sites varies based on the demographics of each site s audience as well as the structural features of the site For instance the generally younger audience on MySpace posts blog entries as well as limited profile information all under a pseudonym In contrast the mostly college age users of Facebook post biographical information their interests and photographs all of which is associated with their full name We focus our investigation particularly on Facebook for 3 major reasons First of all its privacy interfaces are more extensive than those of other social networking sites Improving on the standard bearer obviously raises the bar higher Secondly both the quantity and diversity of information shared by a typical Facebook user are unparalleled Finally Facebook has been the subject of previous privacy research Researchers at MIT and Carnegie Mellon looked at the types of information people were revealing and Blase investigated the intended audiences for the information users post and then made privacy recommendations based on his findings On Facebook users post information about themselves in a number of categories Basic Information i e birthdate hometown Contact Information i e cell phone number and personal info i e favorite music and movies are all series of fields entered by the user Users may also enter their educational and work histories as well as academic courses they are taking They can post photo albums join groups and display a wall which is an electronic bulletin board on which friends can leave public messages 1 2 PRIVACY ON FACEBOOK1 Privacy on Facebook is controlled through a series of related interfaces However a few overarching principles guide access control on Facebook above these interfaces A user s Facebook friends can always see his profile However users often allow others in their networks to see their profile as well A network is a group of users who share some sort of affiliation For example a university is a network So are places of employment as well as geographic areas Users can choose on a network by network basis whether other members of each network should be able to see their profile Facebook users can choose what information is visible to others in their networks through the Privacy tab In Facebook s main privacy controls users have individual control over their Contact Information photographs the wall their electronic bulletin board groups online status notes and courses These fields can be individually restricted to certain networks or just to that user s Facebook friends However these are the only parts of a profile which can be controlled in this way These privacy controls are seen in Figure 1 Appendix A Among friends Facebook users also have privacy controls By default all of a user s friends can see their full profile The only way to prevent a Facebook friend from viewing a user s full profile is to designate that 1 Parts of this section are based on material submitted as part of Blase s thesis he sees a limited profile Limited Profiles allow users to block parts of their profile from a particular group of friends The Limited Profile allows for controls on Basic Info Personal Info and Educational Info though its granularity extends only to the category level This interface can be seen in Figure 2 Appendix A 2 MOTIVATION Researchers have examined the concept of friendship in social networks and concluded that it is quite different than friendship in real life motivating our work danah boyd s ethnographic fieldwork is the primary source for understanding friends online She has studied and interviewed users of social networking sites extensively over the last few years particularly focusing on Friendster Her views on the articulation of friendship are particularly germane On one of her early papers on the subject she points