Privacy and Social Networks

Privacy and Social Networks

Steve Allen

Marc Greco

Michael Dennis

Social networking web sites, such as MySpace, Facebook, Friendster, Match, and EHarmony have now become established websites for keeping in contact with old friends and meeting new ones. Users online can create their own web page and post details about themselves, such as where they went to school, their favorite movie titles, hobbies, and their relationship status. While these web sites are useful tools for exchanging information, there has been growing concern over privacy issues caused by these social networking services. Many users feel that their personal details are being circulated far more widely than they would like. In recent years these social networking sites have grown tremendously and now include millions of users. “ The social software Weblog now groups hundreds of social networking sites in nine categories, including business, common interests, dating, face-to-face facilitation, friends, pets, and photos”(Acquisti & Gross 2005).

Social networking sites give their users an easy way to share information about themselves. However, many users are quickly finding that the information they intend to share with their friends can easily find its way into the hands of the authorities, strangers, the press, and the public. For example, job recruiters are looking to these sites in addition to performing more traditional background checks on potential employees. Performing a search using these sites may provide a lot of personal information about a person.

Many sites restrict who can join a site, and therefore access a user's information. Friendster, for example, requires that all its users be over 16, and this requirement is stated on the registration form. Other web sites only include age restrictions in their terms of use. Facebook requires a user to show that he or she is a member of a given community, for example a college or city, before adding them to that network of users. However others can easily access this information on the social network. MySpace allows anyone to search its database of members, using search terms such as a name, e-mail address, or school. This search can be narrowed down to a particular country or even to a neighborhood. If users included in the search results have not changed their privacy settings from the default settings, searchers can view their full profiles. These profiles may include personal information such as occupation, hometown, sexual orientation, ethnicity, and religion, as well as photos of users, and their friends or family.

Facebook has a more restrictive search feature. Users must be registered with the site to conduct a search and can only view the profiles of those in their network or of those already on their list of friends. Some profiles may include personal things such as cell phone numbers and postal addresses. Users who expect their information to be viewed only by people they know may be surprised how far across the internet their personal information is shared. Once information is published online, users have little control over it. Social networks allow for someone’s online friends to access the same amount of information about them as their friends in real life would.

The default privacy settings on individual accounts allow a great deal of information to be displayed to anyone who views a profile. Personal features such as “posts” or “blogs” can be easily accessed by anyone viewing a profile page. If the default settings were set at a higher level, users immediately have more control. A user who does not want every detail of their profile available to people outside their network of friends would have to opt-out in their privacy settings. This can create the possibility that any one of a user's several hundred "friends" can download their information and use it wherever and however they wish. In fact, access can go beyond friends and members. Users need to realize that prospective employers, job recruitment agencies, law enforcement, and members of academic staff can gain access to information posted on profile pages regardless of if this information reflects the image the user would like to portray to the world outside their network.

As the future of social networking continues to move forward it has also brought about the development of online dating services such as Match.com and EHarmony. With the break through of online dating services user’s no longer have to worry about wasting their time going on blind dates, getting dressed up, or paying for dinner. Now people can search for other singles across the world from the comfort of their own home. Online dating can help save the user time by searching for people who have the same interests and hobbies as themselves but there are some draw backs as well. When they sign up to join an online dating service users are required to give them personal information about themselves. When you join Match.com their privacy page states that “We may collect information that can identify you (“personal information”), such as your name and email address, (i) when you (or other users) provide it to us when using our website or in some other manner, or (ii) from other IAC businesses, from our business partners, and from other third parties. We may combine the personal information that we receive from different sources” (Match.com). When you sign up to join Match.com they are not only going to collect the information about you that you give them, but also from a variety of other sources. For example, if you did not want to give Match.com your address, but another site released that information, they will collect it and store it. Their privacy page states that once they have your personal information, they may share it with authorized service providers that perform certain services on their behalf. “These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, supporting our website functionality, and supporting contests, sweepstakes, surveys and other features offered through our website. We may also share your name, contact information, and credit card information with our authorized service providers who process credit card payments. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes” (Match.com). These claims are very broad so Match.com can share personal information with just about anyone they choose; they can even provide other companies with your credit information. They also state that they can share information about you with their business partners, direct mail partners, and other IAC businesses. According to Match.com there are over twenty IAC businesses they are associated with including Ask.com, College Humor, and Lending Tree. With the initial goal of finding a date or new friend, a user’s personal information gets spread to over twenty different companies. Match.com does provide you with the chance to opt-out of having your information shared with their IAC family, but people who do not read the privacy agreement would never know to do this.

Another one of the most popular online dating social networks is eHarmony. Like Match.com you are required to provide them with personal information to access their site, but their privacy policy states that “None of the information collected by eHarmony as part of the intake questionnaire used by the matching engine or personality profile is made accessible to the public, other users of the site, or anyone not employed by eHarmony directly. This information is held strictly confidential and can be deleted at the user’s request. Information collected during the intake questionnaire which may be shared with other users of eHarmony will be displayed in a strictly anonymous manner with no personally identifying details, and will only be shown to potential match candidates. Non-subscribing visitors to eHarmony are not allowed access to this information in any way” (eHarmony.com). They have a much more secure privacy policy and they also state that any credit card information used to purchase something on their site is strictly used to process the order and that’s it. They do say they use third party advertising, but your information is kept completely anonymous.

Other social networking websites are also becoming more and more popular. According to a study conducted in 2004 there are seven million people registered to Friendster and two million registered to Facebook. Since this study was conducted three years ago the numbers have probably at least doubled. Since there are so many social networking sites out there we are going to focus on Facebook’s privacy policies. Facebook has reached out to over 573 campuses and has over 2.4 million users. It attracts at least 80% of a campus’s undergraduate population (Acquisti & Gross 2005). When most people sign up for a social networking website they want to sign up as quickly as possible therefore they don’t always read everything they are agreeing to. It would take the normal person at least thirty minutes to read through all of these policies. We decided to sit down and read all the policies of Facebook and you may be surprised what you are agreeing to when you sign up for a social network.

First off, the privacy policy states that it collects the browser type and IP address for everyone who visits Facebook. It also states that when you update your information, they keep a backup copy of the prior version for a reasonable period of time. This raises a concern some since the policy doesn’t state how long the information is retained. A “reasonable period of time” is a very broad term that could have different meanings to different people. One person may think a reasonable period of time is a couple weeks, while someone else could argue that it is a couple of years. There is no specific time frame listed on the policy, so Facebook could technically keep this information for as long as they would like. This may not seem like a big deal to most people but what if a user’s profile contained something that they didn’t want anyone else to find out about so they deleted it? The user would assume the information is gone forever since they didn’t read the privacy policy, but it is actually stored on a database somewhere. The policy goes on to say “you understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages” (Facebook.com 2007). This means that people may still be able to access information long after it is deleted.

User’s may not even have to post information about themselves for Facebook to obtain it. Their privacy policy states, “we may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers, and other users of Facebook to supplement your profile” (Facebook.com 2007). We don’t like the idea that Facebook goes out and looks for information about its users. When people sign up for an account, they give Facebook all the information they need to easily find just about anything they want about them. As we have discussed in class, there are digital dossiers with almost every piece of information about us out in cyberspace. Since Facebook already knows basic things about us from what we tell them when we register, they can easily find out much more personal information by accessing digital dossiers that contain more details about us. There only explanation for this is that it is used to supplement our profiles. The privacy policy is already over fifteen pages long, so why couldn’t they have specifically stated what types of info they plan to collect and exactly how they plan to use it?

The last part of the privacy policy we would like to discuss deals with Facebook handing out our personal information to third parties such as marketers and the government. The policy says “we share your information with third parties only in limited circumstances where we believe such sharing is either reasonably necessary to offer the service, legally required, or permitted by you” (Facebook.com 2007). This wouldn’t be so bad except for the fact that the word “reasonably” is used again. This word is very open to interpretation as stated earlier. They might reasonably think it is ok to share information if a marketer offers to pay them a large sum of money for it. They could argue it is reasonable since they stated in the policy that they could share the info if it is “reasonably necessary to offer the service.” If they are in need of money to keep their servers running, they could technically sell their user’s information without being reprimanded for it. These are only a few issues with the privacy policies of social networks; they can be very loosely interpreted allowing the companies to share your information without worrying about being prosecuted for it.

We believe the proper way for people to find out about these things is to omit the word “reasonably” in their policies and make user’s more aware of how important it is to read the policies before signing up for the service. We think social networks should be required to make their privacy policies shorter while at the same time making them more specific. They could still offer their fifteen page policy, but they should also have a shorter version which is easier understood. This would make users aware things such as the information they provide will be stored on a server long after its deleted, their information will be shared with third parties in certain circumstances, and that Facebook will gather information about them from various databases. Facebook could also put a timer on the sign up page requiring the user to read the policy for a set amount of time before they can proceed to the next page. Some people still wouldn’t read the policies, but we feel this may help a bit. The more informed people are about how their information is shared, the more careful they will become when posting information about themselves online.