Study Finds Privacy Faults in Popular Social Networking Sites

Competition between social networking sites is compromising the protection of users’ data, a Cambridge University study says.

The survey covered 45 global social networks, ranging from popular sites such as MySpace and Facebook to lesser-known foreign networks. Its authors report “serious concerns” about the extent to which these sites fail to keep users’ personal information private.

The report, by researchers in the University’s Computer Laboratory, is being made freely available online. It found that some 90 percent of sites needlessly required a full name or date of birth for permission to join. Eighty percent failed to use standard encryption protocols to protect sensitive user data from hackers. And 71 percent reserved the right to share user data with third parties in their privacy policies.

80% of popular social networks failed to use standard encryption protocols to protect sensitive user data from hackers.

The study also argues that privacy is being compromised by rigorous competition for users. Researchers argue that open discussion of privacy on social networking sites puts off the average user, which discourages the owners from producing explicit or accessible privacy guidelines.

“Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data,” co-researcher Joseph Bonneau notes. “Even sites with good privacy feel that they can’t promote it, so users have no idea of what they’re getting.”

The researchers only covered sites that are available in English, signing up to each using a Yahoo e-mail account and the pseudonym “Upton Sinclair.”

The report calls for an opt-out approach to privacy, in which users’ details are kept private until otherwise stated. It also calls for stronger across-the-board regulation, and suggests that sites could offer premium membership schemes that allow users to handle their privacy settings in greater detail if they so wish, a scheme known as “privacy negotiations.”

The full report along with the original dataset can be downloaded at: http://preibusch.de/publ/privacy_jungle.

Leave a reply