May 13, 2011

Privacy and safety in online social networks



The literature (1,2) indicates that despite the importance people place on online privacy (3), they continue to disclose personal information that can expose them to possible risks such as: identity theft, malicious online behavior, online stalking and associated offline criminal activity, damage to reputation (4) and loss of job or insurance claims (5).

The main reasons cited include:

  • Technological confidence in navigating the privacy settings (6) coupled with poor interface design (7), the complex and often undisclosed nature of flows between third party applications (8), and privacy and safety information being hard to find (9).
  • When users are presented with the relevant information, such as a privacy policy, the majority do not read it (10), which can be partly due to the complexity of the privacy policy (11).
  • An assumption by members that their social networking site is taking care of their privacy and safety (12).
  • Lack of social cues in the online environment which assist people to assess the level of trust accorded to individuals they interact with (13).
  • Lack of understanding of the extent of their online network, including the very tenuous weak ties (14).
  • Inadequate understanding and ability to assess the long term consequences of publishing certain types of information (15,16).
  • Lack of individual control over shared content, such as photos, tagging and comments (17,18).
  • Inability to recongnise false identity (19).

An additional consideration is the nature of Web 2.0, in particular online social networks (OSNs) which encourage conversations and connections. Within this communication ecology people will trade off a certain level of privacy for a perceived benefit (20,21), including feeling part of a group and getting positive feedback (22). For others however, participation in OSNs will be limited until they know their privacy can be managed (23); privacy practices and security of technology (24).

While the literature (25) indicates that many individuals, in particular younger people, are more concerned about protecting and controlling access to personal information which can be used to cause social discomfort (social privacy), than the use of their personal information by social networking site and partner organisations for purposes such as social marketing (institutional privacy), due consideration needs to be given to both areas of privacy vulnerability to improve privacy awareness and limit privacy risks.

Even with individuals taking steps to reduce privacy risks, in particular changing default privacy settings to give a deeper and broader level of security and privacy, OSNs need to be better designed for improved security and safety. The following areas for improvement are indicated in the literature (26):

  • Improved privacy control to make members aware of what is being shared with whom.
  • Provision of network visualisation tools that show a member’s complete social network including proximity indicators.
  • Mechanisms to encourage an individual to adopt better practice, such as displaying common privacy controls.
  • Applications that scan for fake user profiles.
  • Enhancement of mechanisms for managing shared content, in particular allowing a finer granularity of control.
  • A site architecture that preserves privacy during information exchange with third party applications, which would also include assured anonymisation of data.
It is also suggested that OSNs should be treated not only as an information service, but also as data controllers. This change in status would impose additional regulations on OSNs to ensure privacy, security and safety (27).

______________


Endnotes

  1. Williams, 2010, p. 42, para. 7.
  2. O’Murchu et al., 2004, section 3.5.
  3. “Privacy involves keeping information in its intended scope. Such a scope is defined by the size of the audience (breadth), by extent of usage allowed (depth), and duration (lifetime). When information is moved beyond its intended scope (be it accidentally or maliciously), privacy is breached. A breach can occur when information is shared with a party for whom it was not intended (disclosure). It can also happen when information is abused for a different purpose than was intended, or when information is accessed after its intended lifetime.” (Beye et al., 2010, p. 7, para. 2)
  4. James, 2010, p. 1.
  5. Williams, 2010, p. 42, para. 3.2.
  6. OFCOM, 2008, p. 8
  7. Williams, 2010. p. 43, para. 3.2.2.
  8. Williams, 2010, p. 43, paras. 3.3.5-3.3.7
  9. OFCOM, 2008, p. 9.
  10. O’Murchu et al., 2004, section 3.5.
  11. Williams, 2010, p. 44, para. 3.38.
  12. OFCOM, 2008, p. 8.
  13. Williams, 2010, p. 43, para. 3.2.1.
  14. Williams, 2010, p. 43, para. 3.3.1.
  15. OFCOM, 2008, p. 57, para. 3.
  16. Williams, 2010, p. 43f, para. 3.3.4.
  17. Raynes-Golden, section Understanding new privacy concerns, para. 3.
  18. Williams, 2010, p. 44, para. 3.3.10.
  19. O’Murchu et al., 2004, section 3.5, Fakesters.
  20. Raynes-Goldie, 2010, section Social costs and benefit
  21. Williams, 2010, p. 42, para. 3.1.
  22. OFCOM, 2008, p. 37, para. 5.
  23. Wenger, et al., 2009, p. 90, Table 6.7.
  24. Wenger et al., 2009, p. 106, para. 2.
  25. Raynes-Goldie, 2010, section Understanding new privacy concerns
  26. Williams, 2010, pp. 47-48
  27. Beye et al., 2010, para. 3.1.

References

Beye, M., Jeckmans, A., Erkin, Z., Hartel, P., Lagendijk, R., & Tang, Q. (2010). Literature overview - Privacy in online social networks. [Technical Report TR-CTIT-10-36] Centre for Telematics and Information Technology, University of Twente,Enschede. Retrieved from http://eprints.eemcs.utwente.nl/18648/

James, M. L. (2010). Cyber crime 2.0 versus the Twittering classes. [Briefing Note 2009-10]. Australian Parliamentary Library. Retrieved from http://www.aph.gov.au/Library/pubs/bn/sci/Cybercrime.pdf

O’Murchu, I., Breslin, J.G., & Decker, S. (2004). Online social and business networking communities. DERI Technical Report 2004-08-11. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.4055&rep=rep1&type=pdf

OFCOM. (2008). Social networking: A quantitative and qualitative research report into attitudes, behaviours and use. [Research Document]. April 2, 2008. London: Office of Communication. Retrieved from OFCOM website: http://stakeholders.ofcom.org.uk/market-data-research/media-literacy/medlitpub/medlitpubrss/socialnetworking/

Raynes-Goldie, K. (2010). Aliases, creeping, and wall cleaning: Understanding privacy in the age of Facebook. First Monday, 15(1). Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2775/2432

Wenger, E., White, N. & Smith, J.D. (2009). Digital habitats: stewarding technology for communities. Portland, OR: CPsquare.

Williams, J. (2010). Social networking applications in health care: threats to the privacy and security of health information. Proceedings of ACM/IEEE 32nd International Conference on Software Engineering, 39-49. doi:10.1145/1809085.1809091


Additional references

Australian Government initiative Stay Smart Online http://www.staysmartonline.gov.au/

Australian Government initiative Cybersmart http://www.cybersmart.gov.au/

Australian Mobile Telecommunications Association Cybersafety http://www.amta.org.au/pages/Cybersafety

Gate, G. (2010). Facebook privacy: a bewildering tangle of options [graphic]. The New York Times, 12 May 2010. Available from http://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html

Posted by at 10:01 PM
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)