Information Revelation and Privacy in Online Social Networks (The Facebook case)
by Ralph Gross and Alessandro Acquisti (+)
The article provides an excellent literature review and trust and intimacy in online networking and on the participant's strategies for representing themselves. In fact many of the users of such sites disclosure as much information as possible, including their email addresses, phone numbers, personal websites, etc. The authors conclude identify many factors like pragmatism (the expected cost of publishing information is smaller than the benefits; signaling hypothesis), peer pressure, and herding behavior as possible causes for these exhibitionism.
Social Network Theory and Privacy The authors note that the relation between privacy and personal networks is multi-faceted.
- people may want to disclosure information to a small group of friends, or
- they might be willing to reveal information to completely strangers, but not to their closest ones.
Networking theory, especially work done by Strahilevitz, demonstrated, that a relatively small number of hops is required to connect to even very remote people. This property of social networks often conflicts with the users' expectations on the number of people who potentially may access their data. The main reasons for this behavior are:
- differences between offline (fine grained kind of relationsships) vs. online (friends yes/no) social networks.
- often the indications as friends in online networks does not imply that they particularly know or trust this person. .
- people might be able to maintain a huge number of weak online ties, resulting in
- offline: up to docen of significant ties and 1000-1700 "acquaintances" versus
- online: hundreds of direct "friends" and 100.000 of "additional friends"
Markus Pincus - CEO of Tribe that net, sees social networking as a potential solution to intelligently manage how public you make yourself and why and who can contact you.
Privacy Implications
- Stalking (and cyber-stalking; compare: suicide of the girl at myspace)
- Re-identification: linkage of datasets without explicit identifiers. (a) demographics (US population: combination of ZIP code, gender and date of birth), (b) face re-identification, (c) social security number and identity theft.
- Digital dossier: continuously monitoring a user's profile
Evaluation The authors search and downloaded 4500 profiles from CMU (Carnegie Mellon University) members and analyzed them in regard to gender distribution, privacy settings, data quality (real names, ...) and the kind of data they reveal (day of birth, image (image detection), phone number, dating preferences, current relationship status, political views, interests, ...).