Conference PaperPDF Available

Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook



Content may be subject to copyright.
22nd Bled eConference
Facilitating an Open, Effective and Representative eSociety
June 14 - 17, 2009; Bled, Slovenia
Users’ Awareness of Privacy on Online Social Networking
Sites – Case Facebook
Virpi Kristiina Tuunainen 1
Olli Pitkänen 2
Marjaana Hovi 3
1 Helsinki School of Economics, Finland
2 Helsinki Institute for Information Technology HIIT, Finland
3 Trainer’s House Oyj, Finland
Online social networking offers a new, easy and inexpensive way to maintain already
existing relationships and present oneself to others. However, the increasing number of
actions in online services also gives a rise to privacy concerns and risks. In an attempt
to understand the factors, especially privacy awareness, that influence users to disclose
or protect information in online environment, we view privacy behavior from the
perspectives of privacy protection and information disclosing. In our empirical study,
we present results from a survey of 210 users of Facebook. Our results indicate, that
most of our respondents, who seem to be active users of Facebook, disclose a
considerable amount of private information. Contrary to their own belief, they are not
too well aware of the visibility of their information to people they do not necessarily
know. Furthermore, Facebook’s privacy policy and the terms of use were largely not
known or understood by our respondents.
Keywords: Privacy, Social Networking Sites, Data Protection
1 Introduction
A social network is a set of people or other social entities such as organizations
connected by a set of socially meaningful relationships (Wellman, 1997). Social
networking sites (SNS) are a type of online communities that have grown tremendously
in popularity over the past years. For example, the social networking site MySpace
Tuunainen, Pitkänen, Hov
( is ranked tenth in overall web traffic, with over 47 million unique
US visitors each month (, 2008). Lately, especially the social
networking service Facebook ( has been receiving a lot of media
attention all over the world, particularly because of privacy issues.
Facebook is now one of the biggest social networking sites. It was founded in 2004 in
the USA by a former Harvard student Mark Zuckerberg. In the beginning, it was created
only for students’ use, but now it is open for everyone who has a valid email address.
The success and growth of Facebook has been incredible: after the first year, it had
already one million users, and five years later, in February 2009, Facebook had already
more than 175 million active users. More than half of Facebook users are outside of
college, and the fastest growing demographic is those 30 years old and older. Facebook
had a powerful entry also to the Finnish market in the summer and early fall of 2007. In
the spring of 2008, the Finnish Facebook network had over 399 000 users
Members of a social network connect to others by sending a “Friend” message or
request, which usually must be accepted by the receiving party in order to establish a
link. By becoming “Friends”, the members allow each other to access their profile
information, and add each other to their corresponding social networks. However, users
can always determine how visible their profile and profile information are. They can
restrict the viewing of their profiles from people not part of their network, or they can
keep the profile open for everyone.
In this study, we have mainly considered information disclosure in terms of profiles, i.e.
what users reveal themselves in their profiles, but disclosing personal information may
also occur in participation of discussions, writing messages in other users’ pages,
‘walls’ and so on.
Earlier research (see e.g. Boyd & Ellison, 2007; Dwyer et al., 2007; Lehtinen, 2007)
suggests that the main motivation to use online social networking sites is to
communicate and to maintain relationships. Lehtinen (2007) found that different
interaction rituals are performed on an SNS for reconstructing the established social
networks. Popular activities include updating personal information and whereabouts
(“status”), sharing photos and archiving events, getting updates on activities by friends,
displaying a large social network, presenting an idealized persona, sending messages
privately, and posting public testimonials (Dwyer et al., 2007).
Several studies have attempted to determine implications of privacy concerns and
awareness of privacy to users’ online practices and behavior (see e.g. Dinev & Hart,
2006; Dwyer et al., 2007; Goettke & Christiana, 2007; Govani & Pashley, 2005; Gross
& Acquisti, 2005). The real privacy risks are believed to arise when users disclose
identifiable information about themselves online to people who they do not know or
normally (that is, offline, in real life) would not trust (see e.g. Brooks, 2007). This is
assumed to stem from the users’ lack of privacy concerns (Gross & Acquisti, 2005).
Govani and Pashley (2005) investigated student awareness of the privacy issues and the
available privacy protection provided by Facebook. They found that the majority of the
students are indeed aware of possible consequences of providing personally identifiable
information to an entire university population (such as, risk of identity theft or stalking),
but nevertheless, feel comfortable enough in providing their personal information. Even
though they are aware of ways to limit the visibility of their personal information, they
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
did not take any initiative to protect the information (Govani & Pashley, 2005). In
another study, Tow at al. (2008) conclude that users are often simply not aware of the
issues or feel that the risk to them personally is very low, and have have a naïve sense
that online communities are safe.
Social networking sites have a lot of users who have “an open profile” with
considerable amount of personal information (e.g. photos, contact information, current
“whereabouts status”, and so on). Do these users feel comfortable with sharing all their
personal information with a large number of strangers? Or do they actually know who
can access their profile information? Are they concerned about their privacy?
In this study, we look at users’ awareness of privacy on online social networking sites.
Furthermore, we are interested in whether the awareness (or lack of it) influences users’
privacy behavior.
We highlight two privacy perspectives: protection and disclosure. The two viewpoints
are analyzed and we attempt to understand what influence users to disclose or protect
information on Facebook.
This paper is organized as follows: We will next review earlier literature on online
social networking, especially issues related to privacy and legal matters. We will then
introduce our empirical study. After discussing the results of the study, conclusions are
2 Online Social Networking and Privacy
Social networking sites (SNS) are online environments in which people create self-
descriptive profiles and then make links with other people they know on the site (i.e.,
creating a network of personal connections). On many of the large SNSs, participants
are not necessarily "networking" or looking to meet new people, but they are primarily
communicating with people who are already a part of their extended social network
(Boyd & Ellison, 2007).
Most SNSs provide a mechanism for users to leave public messages on their Friends'
profiles. This feature typically involves leaving "comments," although sites employ
various labels for this feature (Boyd & Ellison, 2007). In addition, SNSs often also have
a private messaging feature, similar to webmail. SNSs can also offer discussion forums,
groups or other communication features between users with same interests.
The public display of connections is a central component of social networking sites.
After joining a social network site, users are prompted to identify others in the system
with whom they have a relationship. The label for these relationships differs depending
on the site, popular terms include "Friends," "Contacts," and "Fans." Most SNSs require
bi-directional confirmation for Friendship, but some do not. The one-directional ties are
sometimes labeled as "Fans" or "Followers," but many sites call these Friends, as well.
The term "Friends" can be misleading, because the connection does not necessarily
mean friendship in the same way it is used in everyday language, and the reasons people
connect are varied (Boyd, 2004).
While SNSs have implemented a wide variety of technical features, their backbone
consists of visible profiles that display an articulated list of Friends who are also users
of the system. Profiles are unique pages where user can present her/himself as real or
Tuunainen, Pitkänen, Hov
“want to be”. After joining an SNS, an individual is asked to fill out forms containing a
series of questions. The profile is generated using the answers to these questions, which
typically include descriptors such as age, location, interests, and an "about me" section.
Most sites also encourage users to upload a profile photo. Some sites allow users to
enhance their profiles by adding multimedia content or modifying their profile's look
and feel. Others, such as Facebook, allow users to add modules, “applications,” that
enhance their profile.
The visibility of a profile varies by site and according to user discretion. By default,
profiles on Friendster ( and ( are found by
Internet search engines, making them visible to anyone, regardless of whether or not the
viewer has an account. Alternatively, LinkedIn ( controls what a
viewer may see, based on whether she or he has a paid account. Sites like MySpace
allow users to choose whether they want their profile to be public or “for Friends only."
(Dwyer et al., 2007) On Facebook, users who are part of the same "network", can by
default view each other's profiles, unless the profile owner has decided to deny
permission to those in their network.
2.1 Legal aspects of Privacy on SNSs
Today people communicate more and more using digital technology, such as e-mails,
instant messengers, and social networking sites. When using different online services,
for instance, e-shopping or the Internet forums, the users generate a wealth of data about
themselves. These electronic footprints enable third parties to build up a picture of the
users’ behavior. Even if technology and information systems are a part of everyday life
for most people in developed countries, modern information and communications
systems are very complex and can be confusing: the users commonly have no idea what
sort of data is being gathered about them, how much, where it is held, how long it will
be held, and what it will be used for (German Federal and State Data Protection
Commissioners, 1997).
From the legal viewpoint, privacy is mainly protected by general human and
constitutional rights, and by more specific data protection rules. The European Union
has been leading the development of the data protection law, which has arguably
resulted sometimes even too strict rules. However, with respect to new kind of services,
such as SNSs, the laws still fail to cover them adequately. The data protection law is
designed to protect individuals against malicious criminals and overactive businesses,
but it hardly stipulates social relationships between human beings.
In general, the European law restricts the processing of private data. For example, there
has to be an acceptable purpose to process personal data and it is not allowed to use the
data against that purpose. However, if the person gives consent, then almost any
processing is allowed. In an SNS, people upload their private data into the service
themselves. Therefore, arguably, the processing of that data is in accordance with their
consent – as long as they have understood what kind of processing and usage of the data
can take place. Thus, it is central what the end-user knows and understands about the
privacy policy of an SNS and the principles according to which the data is processed.
Just by publishing information, the end-user has probably not given consent to such
processing that was unknown to him or her.(Kosta & Dumortier, 2008)
It should be noted that usually it is quite possible to develop all the services in a way
that they comply with the data protection law. However, the legal construction of data
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
protection rules is quite complex. The rules governing privacy with respect to an SNS
cannot be found in one law, but they are spread out in numerous statutes. Thus, it is also
easy to develop services that do not follow the law, if the data protection law is
neglected while designing the new service. (Pitkänen, 2006; Kosta & Dumortier, 2008)
It is important to realize that the data protection law is not prohibiting businesses and
services, like an SNS, to avail of personal data. On the contrary, it tries to define a legal
framework which enables business. Yet, new services, like SNSs, may find laws
2.2 Access to user’s personal information
An important aspect on privacy risk is the question, who has an access to users’
personal information shared on the internet and in the social networking site. Definition
of personal identifiable information or personally identifying information (PII) is
relevant when discussing online and internet privacy threats and risks. Personally
identifiable information is any piece of information which can potentially be used to
uniquely identify, contact, or locate a single person. Understanding the concept of PII
has become much more important as information technology and the Internet have made
it easier to collect that information. (Kosta & Dumortier, 2008)
According to Gross and Acquisti (2005), three groups of stakeholders can access
participants’ personal information in an online social network: the hosting site, the
network, and third parties.
The hosting site has access to participants’ information, of course. The hosting site may
use and extend the information in different ways. The information could be both
knowingly and unknowingly revealed by the participant. (Gross & Acquisti, 2005)
The information is also available within the network itself. The network’s extension in
time (i.e. data durability) and in space (i.e. membership extension) may not be fully
known or knowable by the participants. (Gross & Acquisti, 2005)
Third parties can access participants’ information without the site’s direct collaboration
(Gross & Acquisti, 2005). The easiness to join and extend one’s network, and the lack
of basic security measures (such as cryptographic protocols for providing secure
communications on the Internet, e.g. TLS/SSL logins) in most networking sites makes it
easy also for malicious third parties, such as identity thieves, to access and misuse the
users’ information. In the case of Facebook, third parties with permission, that is, third
party application providers, have a right to access users’ data when a user adds their
When personal information is accessed by malicious third parties, additional risks
associated with privacy become real. The nature of the risk depends on the type and the
amount of information that has been provided: the information may, in certain cases, be
extensive and very intimate. These online privacy risks range from identity theft to both
online and physical stalking; and from embarrassment to price discrimination and
blackmailing (Gross & Acquisti, 2005).
Unauthorized access to private information may cause economic losses to the
individual. However, the SNS related privacy concerns are even more significant to
both one’s self-image and public identity. Loss of privacy and control over personal
information may cause damages that are socially irreparable: losing face among friends,
revealing secret information, making social blunders, or simply giving a wrong
Tuunainen, Pitkänen, Hov
impression. What makes these threats serious is that often the audience includes people
with whom one has to interact everyday in the physical world. From the individual’s
perspective, therefore, these threats can have very serious consequences. For example,
losing face among colleagues can be much worse than losing one’s credit card number.
These kinds of social problems have not, to our best knowledge, been studied earlier,
and will remain an interesting avenue for future research.
2.3 Privacy policy of an SNS
As a response to the online privacy risks and threats, many website privacy policies
specifically address the collection of personal information. Also the above mentioned
data protection laws limit the distribution and accessibility of personal identifiable
information. As discussed earlier, the privacy policy may clarify to which processing
the user has given consent, when he or she has uploaded personal information into the
service. Therefore, the relationship between the data protection law and the privacy
policy is important.
A privacy policy is a notice on a website providing information about the use of user’s
personal identifying information by the website owner (particularly personal
information collected via the website). Privacy policies usually contain details of what
personal information is collected, how the personal information may be used, to whom
the personal information may be disclosed, the security measures taken to protect the
personal information, and whether the website uses cookies and/or web bugs
(, 2007). The exact contents of a privacy policy will depend upon
the applicable law. For instance, there are significant differences between the European
and the US data protection laws. At the moment, there are no well-known and generally
used international privacy policy standards, yet. However, for example Google
( has brought up discussion about international privacy standards
which work to protect everyone’s privacy on the Internet
Privacy features are technical implementation of privacy controls on websites. Privacy
settings or tools are also generally used terms. A site should maintain standards of
privacy and enable user friendly profile control and set-up to encourage safe
Facebook and other SNS have been criticized for the fact that users’ profiles are by
default visible to an audience as wide as possible. If the users do not change their
privacy settings, the information is available not only to their friends, but in the worst
case also to everybody on same networking service. Gross and Acquisti (2005) have
also present that the service provider’s own user interface might be reason why people
adjust settings so little. Anyhow, privacy features have no meaning, if the end-user does
not use them. The study of Gross and Acquisti (2005) shows that only a small number
of Facebook members change the default privacy references, which are set to maximize
the visibility of the users’ profiles. Cranor et al. (2006) noted that despite efforts to
develop usable interfaces and features, most users rarely change the default settings on
many of the software packages they use. The reason for why users do not change the
settings can be the aspect of time consumption, confusion, or user’s fear of risk to
“messing up” their settings.
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
2.4 Privacy behavior of SNS users
Earlier research has shown that people have little knowledge about the real privacy risks
in the online environment, and that they are unaware of the amount of personally
identifiable information they have provided to an indefinite number of people (see e.g.
Cranor et al., 2006; German Federal and State Data Protection Commissioners, 1997;
Goettke & Christiana, 2007). Cross and Acquisti (2005) also suggest, that users may
have relaxed attitude towards (or lack of interest in) personal privacy and myopic
evaluation of the associated privacy risks.
For example, Facebook privacy policy tells that third parties can access and share
certain personal information about the user (excluding contact information).
Nevertheless, earlier studies have shown that users do not put effort to actually read the
online social services’ privacy policies and the terms of use (see e.g. Acquisti & Gross,
2006; Gross & Acquisti, 2005; Jones & Soltren, 2005). Cranor et al. (2006) noticed that
users find learning about privacy and reading the website privacy policies to be difficult
and time consuming.
Quite many users are aware of privacy features and know how to use them, but they do
not take initiative to protect their information (see e.g. Acquisti & Gross, 2006; Dwyer,
2007; Govani & Pashley, 2005; Gross & Acquisti, 2005; Jones & Soltren, 2005). For
example Acquisti and Gross (2006) show in their study that the majority of Facebook
members claim to know about ways to control the visibility and searchability of their
profiles, but only a significant minority (30% of students in their sample), are unaware
of those tools and options. Jones and Soltren (2005) put the figures for students in their
sample at 74% being familiar with the privacy feature, of which only 62% actually
using the features to some degree.
Gross and Acquisti (2005) used Signaling Theory to analyze the types and amount of
information disclosed on Facebook profiles. Signaling theory, which originates from
evolutionary biology, has been lately been used to explain why a user shares personal
information on SNSs. According to a number of studies (see e.g. Donath, 2007; Dwyer,
2007; Gross & Acquisti, 2005; Lampe et al., 2007), the users feel the need to present
themselves and make a good impression on their peers. The study of Gross and Acquisti
(2005) showed that the users (in this case students of Carnegie Mellon University) of
Facebook provide astonishing amount of information, for example, their real name,
photo(s), date of birth, phone number, current residence, and relationship status. “Users
may be pragmatically publishing personal information because the benefits they expect
from public disclosure surpass it perceived costs.” (Gross & Acquisti, 2005, p. 80)
3 Empirical study
The target of the empirical part of the study is to collect data and analyze how much and
to whom, Facebook users disclose information in their profiles and is there some certain
influence factors. Also, the other objective is collect data of users’ attitudes and
awareness of Facebook privacy and explore do they affect users information disclosing.
3.1 Research methodology
The empirical data was gathered with a web questionnaire. This method was natural
choice because of research subject (users’ behavior on the Internet). The first aim of the
questionnaire was to find out background information of respondents and then collect
Tuunainen, Pitkänen, Hov
the actual data about users’ information disclosing in profiles, users’ privacy and
security concerns and finally their awareness of privacy on Facebook. Variables were
measured with categorical, scale, and non-metric variables. Also some open questions
were used for feedback questions. The questionnaire consisted of five main parts: 1)
background information; 2) User’s personals information and friends on Facebook; 3)
User’s privacy controlling / setting; 4) User’s privacy and security concerns; and, 5)
User’s awareness of Facebook Privacy Policy (and open feedback question). For the
lack of available space, the full questionnaire is omitted from this paper, but can be
acquired from the authors.
160 Facebook users were invited to answer this questionnaire via Facebook. Invitation
receivers had the possibility to invite more users to answer the questionnaire. The
questionnaire was available for eleven days. As a second method, a convenience sample
was used to ask people to answer the questionnaire via e-mail. E-mail was sent to 20
people. All of these people were Facebook users, but normally log in Facebook very
rarely. These users had also the possibility to send the invitation forward. Using the
snowball effect a total number 210 acceptable responses were received.
3.2 The Social Networking Site under study: Facebook
Facebook was established in February 2004 and by the end of the same year it already
had one million users. At the time of our survey in April 2007, Facebook had over
seventy million active users all over the world. Facebook had a powerful entry to the
Finnish markets in the summer and early fall of 2007, and by Spring of 2008, the
Finnish Facebook network had over 399 000 users. Probably there are much more
Finnish users, because all Finnish users do not join to Finland-network (or any other
network). Our empirical study, in which this paper is based on, focused on this Finnish
Facebook user group.
A Facebook profile is like one’s own page and the user can manage its information.
Normally users create a Facebook profile with real name and profile picture, because
nature of SNS. In addition, users can share a multitude of different types of data with
other users. These types of data include for example contact information, personal
information like gender, birth date, hometown, education and work information,
information regarding interest movies, music, clubs, books, relationship status and
partner’s name, and political orientation. Users can in fact choose to fill in any of this
information fields and update their information at any time. Users can also share photos
and videos with other users.
Users can communicate with others by using “profiles’ walls” or private message
features. Writing something to others wall is normally visible to everybody who can see
this profile and information in it. Users also can comment photos, videos or other posted
elements. With using “status updates” users can also tell the others what they are doing,
where they are, and so on.
Facebook has a various scales of privacy features. Users can control their profiles’
visibility and also separate information fields in their profiles. Visibility options (who
can see one’s profile or other information) are normally “no one”, “only my friends”,
“some of my networks and all my friends”, and “all my networks and all my friends”.
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
4 Findings
We will first introduce the sample and the background information of the respondents in
general. Then users’ information disclosing in profiles is presented. Afterwards, the
privacy concerns and the awareness of privacy protection are discussed. Finally, some
findings on privacy behavior are discussed.
Total number of 210 people responded to the questionnaire. Of these 56 % were
females, 43 % males, and 1 % did not disclose their gender. 88% of the respondents
were under 30 years old but over 18 years. Most of the respondents (74%) were students
and only 26 % non students; The large number of HSE (Helsinki School of Economics
in Helsinki, Finland) students (more than half of respondents) stems from the fact that
the request was sent primarily to the friend list of the primary researcher, and more than
half of them were HSE students.
Facebook is a fairly new phenomenon, also in Finland, and therefore it is natural that
most of the responders (67%) had had a profile less than half year. Almost everybody
(92 %) had stated their reason to join Facebook as “friend suggested it”. The second
common reason was to “make easier to keep in touch” (60 % had check this option).
“Find classmates”, “Everyone I know is on Facebook”, and “to network in general”
were also common reasons to join Facebook. These results show that networking in
general and communication are main causes to create a profile and in effect to disclose
The respondents’ number of friends varies a lot: 17 % have 50 or less, while 9 % have
more than 350 friends. Mostly the respondents have invited their “close friends” (92%)
or “friends” (96%) to become Facebook Friends with them, enforcing existing strong
connections. However, well more than half (65%) of the respondents have also invited
“people they just know” to their Friends, as well as “people they have just met once
(12%) and “people whom you haven’t met” (3%). Similar figures are true for accepting
invitations from others.
All of the respondents log into Facebook at least once a week, 86 % once or more than
once a day. 55 % of all respondents update their “status” (once a week or more than
once a week, while 23 % of respondents never update their status on Facebook.
4.1 Information disclosing
The respondents share a large number of information about themselves on Facebook.
Only two respondents of 210 informed that they did not appear with their real names on
Facebook. More than 90 % of respondents had a profile picture on their profiles. More
than 80 % had information like one’s hometown, the date of birth, e-mail address and
education info. 75 % of respondents had pictures of them and more than 60% had
pictures of their friends. Almost 60 % of respondents presented their relationship status
on the profile. (See table 1. for a summary of the information provided by the
respondents.) With the maximum of 17 different items, the respondents had, on average,
checked 9.4 items.
Tuunainen, Pitkänen, Hov
Table 1: Personal information on profile
Questionnaire item n %
Real name 208 99
Profile picture 206 98
Birthday 186 89
Home town 186 89
E-mail address 174 83
Education information 169 80
Photos of one’s self 158 75
Photos of one’s friends 130 62
Relationship status 124 59
Sexual orientation (“interested in”) 103 49
Favorite music, movies, etc. 70 33
Contact phone number 69 33
Activities / interests 67 32
Partner’s name 55 26
Street address 38 18
Website 25 12
Political views 20 10
Presented in the order of frequency
Furthermore, the general rule seems to be that, the more details is provided in the
profile, the more active user of Facebook the respondent is: a greater number of Friends,
more groups joined, and more active status updating behavior.
When examining users information disclosing the question is not only “how much
information is disclosed”, but also “whom the information is disclose to”. Users of
Facebook can limit the visibility of the profile by choosing between the three options
“my friends and my networks (or some of networks)”, “only my friends”, or “only me /
no one”. The majority of respondents have allowed access only for their friends (63%).
Still, there are many (34%) who keep their profiles open to all the users part of the same
network. There does not seem to be a great difference between the number of different
items displayed on the profile between those whose profile is open and those whose
profile is visible to Friends only.
4.2 Privacy protection
It seems that the respondents are slightly worried about their privacy when using the
Internet. Also using credit card within the Internet seems to bring concerns. The
respondents do not seem to have many concerns about other people on the Internet, but
they rather seem to trust the other users on the Internet. They still think that an identity
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
theft could be a real privacy risk. The respondents are also pretty familiar with data
protection and security while using the Internet in general (see Table 2.).
Table 2: Privacy and data security concerns in general
Questionnaire item Avg. Mode SD n
I worry about my privacy and data security while using the
internet 4,5 5,0 1,6 209
I worry that if I use my credit card to buy something on the
internet my credit card number will be obtained /
intercepted by someone else
4,3 5,0 1,7 210
I worry about people online not being who they say they
are 3,7 2,0 1,5 210
I feel that identity theft could be real privacy risk 4,5 5,0 1,6 210
I worry that if I use internet with my mobile phone and
someone steals it, he/she can find out some of my personal
information or data
3,2 2,0 1,8 210
I'm familiar with data protection and securing while using
the Internet in general 4,8 5,0 1,6 210
Measured on 1-7 scale (1 = strongly disagree, 7= strongly agree)
Results of privacy concerns on Facebook reveal that the respondents do not have
notable concerns about privacy and data security while using Facebook (see Table 3.).
Table 3: Privacy and data security concerns on Facebook
Questionnaire item Avg. Mode SD n
I worry about my privacy and data security while using
Facebook 4,0 2,0 1,7 210
I feel that the privacy of my personal information is
protected by Facebook 3,9 5,0 1,5 210
I trust that Facebook will not use my personal
information for any other purpose 4,3 6,0 1,6 210
I feel comfortable writing messages on my friends' walls 5,2 6,0 1,4 210
I worry that I will be embarrassed by wrong information
others post about me on Facebook 3,5 2,0 1,7 209
Measured on 1-7 scale (1 = strongly disagree, 7= strongly agree)
Compared to responses about privacy concerns in general, the respondents seem to be
more worried about privacy when using the Internet in general, than when using
Tuunainen, Pitkänen, Hov
Facebook in particular. Also, it seems that, by and large, the respondents trust Facebook
with their private information.
Majority of the users (75%) say that they know who can see their profile in it, while 29
% either do not know or are not sure (see Table 4.)
Table 4: Visibility of profile information
Questionnaire item Yes % No % Not
sure %
Do you know who can see your profile and the
information in it? 158 75 8 8 44 21
Response: Yes/No/I am not sure (total n=210)
Almost all of the respondents (94 %) are aware that the privacy settings can be
modified, and the majority (84 %) say that they have done so (see Table 5). Also, the
respondents claim to be knowledgeable about the fact that without modifying their
privacy settings, their profile will be visible to the members of all new networks they
Table 5: Privacy settings
Questionnaire item Yes % No % n
Are you aware that you can change your privacy
settings? 197 94 12 6 209
Have you ever used your privacy setting? 164 84 32 16 196
Are you aware that if you have joined some network
and you haven't changed your privacy setting, all
members of same network can see your profile?
160 76 50 24 210
Response: Yes/No
The possibility for third parties to access users’ profile information is not as well
acknowledged (see Table 6): over half (55 %) of the respondents did not know that if a
user adds an application, the developer of the application has a right to access the user’s
information. Furthermore, the majority (73 %) is not aware, that Facebook can,
according to their privacy policy share the users’ information with outside parties for
marketing purposes.
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
Table 6: Sharing information with third parties
Questionnaire item Yes % No % n
Are you aware that when you add a new application
(e.g. Entourage/Fun wall), you give the organization
that supplies the application, the right to access your
profile information?
93 45 115 55 208
Are you aware that Facebook can share your
information with people or organisations outside of
Facebook for marketing purpose as their privacy
57 27 153 73 210
Response: Yes/No
Then again, only 21 % of the respondents have read the Facebook privacy policy, and
even fewer (15 %) have read the Facebook terms of use (see Table 7).
Table 7: Privacy settings
Questionnaire item Yes % No % n
Have you read the Facebook terms of use? 31 15 179 85 210
Have you read the Facebook privacy policy? 57 21 153 79 210
Response: Yes/No
Interestingly enough, over half (61%) of those who say they have read the Facebook
privacy policy, are not aware of Facebook’s right to share their information with third
At the end of the questionnaire the respondents were asked if they thought that
participating in the survey would affect their behavior on Facebook in any way. About
two thirds (62%) thought it will. Of these 130 respondents, 109 took the time to answer
to the “If yes, how?” question. Most comments are along the lines of “being more
careful in the future” and “certainly now adjusting my privacy settings”. As many as 31
mention specifically the Facebook add-on applications, and admit not having realized
the information access they have provided to third parties. This indicates that increasing
awareness of privacy might and will affect the user behavior: clear and compact
information about privacy issues, features and practices makes users think about privacy
and might result in more careful behavior in online environment.
5 Discussion
Online social networking offer new opportunities for interaction and communication.
The online environment is an easy and inexpensive way to maintain already existing
relationships and present oneself to others. However, the increasing number of actions
in online services also gives a rise to privacy concerns and risks.
Tuunainen, Pitkänen, Hov
Our study shows, that the users of Facebook seem to disclose a large amount of
information on themselves to a large amount of both strong and weak connections,
sometimes to people totally strangers to them. As in most similar studies, our subjects
are mostly young adults and students. The results show that they do not have significant
privacy concerns, but claim to be fairly aware of privacy risks. Overall, the privacy risks
are perceived to be smaller on Facebook than on the Internet in general. One reason for
this can be the fact that “the Internet” is something vast and vague, while Facebook is
perceived to be a more manageable “network of friends”. It is very likely, that a great
number of people, who do not use social networking services, do so exactly because of
privacy concerns. However, as our sample only included (active) users of Facebook,
that question remains to be looked at in future research.
As discussed above, privacy policies seem to be important. That is not only because
they inform the users about the processing of private data, but also because they partly
define consent that the users have given, when they have uploaded their private data
into the service. Therefore, an interesting question for future research is why the users
do not read privacy policies of SNS’s. Like also other studies (e.g. Acquisti & Gross,
2006; Gross & Acquisti, 2005; Jones & Soltren, 2005) have shown, privacy policies and
the terms of use just do not get the attention of the users. There might be several reasons
for this: it is perceived to take too much effort, they are difficult to understand, or the
users trust the service provider so much that they feel they do not have to read policies.
Nevertheless, as our study shows, even reading the privacy policy does not seem to
increase awareness of service provider practices.
Most of the users are – or claim to be – aware of privacy features on SNSs and they
have also used them. However, default settings can seem confusing and some particular
actions, for instance, joining a new network, might change settings without users
realizing it. Furthermore, there are still many users whose profiles are highly visible to
all the members of a particular network, which might include hundreds of thousands of
strangers. Therefore, it remains an interesting question to which processing of private
data the user has knowingly given his or her consent.
6 Summary and Conclusions
In this paper, we have reviewed earlier research on privacy issues related to social
networking sites, and presented the results of our empirical study among users of a
particular SNS, Facebook.
We have viewed privacy behavior from two perspectives: privacy protection and
information disclosing. Both of these aspects were analyzed and used in attempt to
understand the factors, especially privacy awareness, that influence users to disclose or
protect information on Facebook.
In our empirical study, we surveyed users of Facebook, and acquired 210 usable
responses. Our results indicate, that most of respondents, who seem to be active users of
Facebook, do disclose a considerable amount of private information of themselves, and
contrary to their own belief, are not too well aware of the visibility of their information
to people they do not necessarily know. Furthermore, the privacy policy and terms of
use of Facebook were largely not known or understood by our respondents. This was
particularly true as regard to Facebook’s policy of allowing third party application
Users’ Awareness of Privacy on Online Social Networking sites – Case Facebook
providers access to the users’ information. Encouragingly, however, many of the
respondents were awakened by the survey, and resolved to pay more attention to their
privacy settings in the future.
As the whole online environment and social networks in particular are fairly new
phenomena, number of issues are not fully understood by the users, who might even
appear to behave irrationally. Privacy is a complex construct and, as such, difficult to
understand. Accordingly, there are many different factors that affect privacy behavior.
Hence, more research into privacy awareness and related behavior on social networking
sites is clearly called for.
In the next step of our study, we will perform a deeper analysis of our empirical data to
better understand how the users interpret the construct of privacy, both conceptually and
in practice.
Acquisti, A. and Gross, R., Imagined communities: awareness, information sharing, and
privacy on the Facebook. From PET 2006. (Cambridge, June 28--30, 2006,
Boyd D., “Friendster and publicly articulated social networking”, in the Proceeding of
Conference on Human Factors and Computing Systems (CHI 2004), Vienna,
Austria, April 24-29, 2004.
Boyd, D., and Ellison, N., “Social network sites: Definition, history, and scholarship”,
Journal of Computer-Mediated Communication, 13(1), 2007.
Brooks, G. 2007. “Secret society“, New Media Age, 13 December, p. 10.
Clark, H.H. Using Language, Cambridge University Press, Cambridge, UK, 1996.
Cranor L., Gudruru P. and Arjula M., “User Interfaces for Privacy Agents”, ACM
Transactions on Computer-Human Interaction, Vol. 13, No. 2, June 2006, pp.
Dinev, T. & Hart, P. 2006. “Internet Privacy Concerns and Social Awareness as
Determinants of Intention to Transact“, International Journal of Electronic
Commerce, Vol. 10, No. 2, pp 7-29.
Donath, J., “Signals in social supernets”, Journal of Computer-Mediated
Communication, 13(1), 2007.
Dwyer, C., “Digital Relationships in the 'MySpace' Generation: Results From a
Qualitative Study”, in the Proceedings of the 40th Hawaii International
Conference on System Sciences (HICSS), Hawaii, 2007.
Dwyer C., Hiltz R., and Passerini K., “Trust and Privacy concern within social
networking sites: A comparison of Facebook and MySpace”, in the Proceedings
of AMCIS 2007, Keystone, CO, 2007.
German Federal and State Data Protection Commissioners, Privacy-enhancing
technologies, Working Group on "privacy enhancing technologies" of the
Committee on "Technical and organisational aspects of data protection" of the
German Federal and State Data Protection Commissioners, 1997.
Tuunainen, Pitkänen, Hov
Goettke R. and Christiana J., “Privacy and Online Social Networking Websites”,, 5 Nov, 2007)
Govani, T., and Pashley, H.,” Student Awareness of the Privacy Implications while
Using Facebook” Unpublished manuscript retrieved 1 Nov 2007 from, 2005
Gross, R. and Acquisti, “Information Revelation and Privacy in Online Social Networks
(The Facebook case)”, in the Proceedings of the 2005 ACM workshop on
Privacy in the electronic society, 2005, pp. 71 – 80.
Jones, H., and Soltren, J.H., Facebook: Threats to Privacy, MIT, Dec. 2005.
Kosta, E. and Dumortier, J.,” Searching the man behind the tag: privacy implications of
RFID technology”, International Journal of Intellectual Property Management
(IJIPM), Special Issue on: “Identity, Privacy and New Technologies”, 2008.
Lampe C., Ellison N., and Steinfield C., A, “Familiar Face(book): Profile Elements a
Signals in an Online Social Network”, in the Proceedings of the SIGCHI
conference on Human factors in computing systems CHI '07, March 2007, pp.
435 – 444.
Lehtinen, V., Maintaining and Extending Social Networks in IRCgalleria, University of
Helsinki, Faculty of Social Sciences, Department of Social Psychology, Master's
Thesis, May 2007.
Newk-Fon Hey Tow, W., Dell, P., Venable, J.R. (2008), “Understanding Information
Disclosure Behaviour in Australian Facebook Users”, the 19th Australasian
Conference on Information Systems (ACIS) 2008, Christchurch, New Zealand,
December 3-5, 2008.
Pitkänen, O., “Technology-Based Research Agenda on the Data Protection Law”, in the
Proceedings of LawTech 2006, Cambridge, MA, USA, 2006.
Wellman, B., “An Electronic Group Is Virtually A Social Network”. In Kiesler, S.,
Culture of the Internet, New Jersey: Lawrence Erlbaum Associates, 1997, pp.
... As the privacy calculus theory is based on the cost-benefit analysis, privacy can be interpreted in one's economic choice by evaluating between the benefits and the risks of disclosing one's information (Adjerid et al., 2018;Dinev & Hart, 2006). Although researchers have contributed by identifying antecedents of perceived privacy and privacy concern from the risk and beneficial perspectives (Trepte and Masur 2017;Tuunainen et al., 2009), little research investigates the driving factors, that lead self-disclosure behavior of a SNS user, in a broad perspective as well as their relationship especially from the perspectives of the experience, self-controlling capability, and privacy consciousness as well as from the cultural perspective. At the early stage of SNS adoption, each individual might calculate potential risks and benefits based on her/his rationale. ...
... This self-disclosure behavior is more noticeable among Facebook users than Myspace users (Tufekci, 2008). Although people started to become concerned and more cautious about disclosing their private information than before, they generally trusted Facebook with their private information at the time (Tuunainen et al., 2009). ...
... Researchers contributed by noticing that users were willing to disclose themselves on the beginning stage of SNS development (e.g., Gross and Acquisti, 2005;Tufekci, 2008;Tuunainen et al., 2009). After that, researchers identified that users' paradoxical behavior, which they still disclose their information while they concern on privacy (e.g., Blank et al., 2014;Boyd, 2011;Debatin et al., 2009). ...
People disclose themselves on Social Networking Sites (SNSs) even though there are various risks such as privacy intrusion and cyberbullying. Through this comparative study, the influencing factors toward voluntarily sharing personal information on SNSs are identified and analyzed. A theoretically driven research model is developed and tested with German and South Korean participants. Based on an online survey (n = 266), a structural equation model (SEM) is empirically validated. The results indicate that there are similarities and differences. Two factors (perceived social benefit and perceived privacy risk) influence self-disclosure behavior in the both countries. Furthermore, three factors (collectivism, perceived cyberbullying risk, and perceived awareness of privacy issues) do not influence on self-disclosure behavior in both countries. However, the remaining six factors (protective experience, gossiping culture, perceived information benefit, perceived information control, perceived anonymity control, and concern of being intruded) influence self-disclosure behavior in one country but not in the other country. Extending the privacy calculus theory, this research provides a broad and unified model when studying on the privacy paradox.
... The risk faced by the user in the scenario of user-TPA sharing can be reduced by either limiting the share of sensitive attributes to TPA; or by sharing a less sensitive form of the sensitive attribute. The solutions like User to application policy Model [4], Creating awareness among the users [5][6][7], fine grained access control [6][7][8] and managing privacy setting [9] complements each other and limits the data shared to TPA. ...
... The Internet is a globally connected computer network system using the Internet protocol suite (TCP/IP) to connect all devices in the world [1,2]. The internet allows users to meet anyone from various users in the world whose motives and backgrounds are unknown [3]. Positive internet is a term commonly used to name the blocking activities of websites deemed unfit for loading by the government in Indonesia [4,5,6]. ...
Full-text available
The purpose of this activity is to provide an understanding for parents of students and children to monitor internet use and find out its positive and negative impacts. Service activities only involve 2 stages of activity, the first is socialization and the second is discussion. This community service activity is intended so that parents and the community can understand and monitor the use of the internet for children. Activities that have been carried out are in the form of socializing positive internet use for children with 70 participants from Banda Aceh City. The usefulness of this community service activity is evaluated through a questionnaire with a benefit test. The results of the questionnaire show a percentage of 67% which states that the socialization of internet use in children is very useful to be applied in real life today.
... Similarly, the essays in this thesis examine only hypothetical settings where consumers are asked directly for their personal data. Depending on the regulation of the country and the situation, consumers are not always asked in an easily understandable and transparent way for their data in everyday life (Gindin, 2009;Tuunainen, Pitkänen and Hovi, 2009), or are not willing to read the privacy policies carefully (LINK Institut and SRG SSR, 2018;Latzer, Büchi and Festic, 2019). Thus, maybe they are not fully aware that they are about to disclose data and that this data is shared in a DSC. ...
Due to the advances of digitalization, firms are able to collect more and more personal consumer data and strive to do so. Moreover, many firms nowadays have a data sharing cooperation with other firms, so consumer data is shared with third parties. Accordingly, consumers are confronted regularly with the decision whether to disclose personal data to such a data sharing cooperation (DSC). Despite privacy research has become highly important, peculiarities of such disclosure settings with a DSC between firms have been neglected until now. To address this gap is the first research objective in this thesis. Another underexplored aspect in privacy research is the impact of low-cognitive-effort decision-making. This is because the privacy calculus, the most dominant theory in privacy research, assumes for consumers a purely cognitive effortful and deliberative disclosure decision-making process. Therefore, to expand this perspective and examine the impact of low-cognitive-effort decision-making is the second research objective in this thesis. Additionally, with the third research objective, this thesis strives to unify and increase the understanding of perceived privacy risks and privacy concerns which are the two major antecedents that reduce consumers’ disclosure willingness. To this end, five studies are conducted: i) essay 1 examines and compares consumers’ privacy risk perception in a DSC disclosure setting with disclosure settings that include no DSC, ii) essay 2 examines whether in a DSC disclosure setting consumers rely more strongly on low-cognitive-effort processing for their disclosure decision, iii) essay 3 explores different consumer groups that vary in their perception of how a DSC affects their privacy risks, iv) essay 4 refines the understanding of privacy concerns and privacy risks and examines via meta-analysis the varying effect sizes of privacy concerns and privacy risks on privacy behavior depending on the applied measurement approach, v) essay 5 examines via autobiographical recall the effects of consumers’ feelings and arousal on disclosure willingness. Overall, this thesis shines light on consumers’ personal data disclosure decision-making: essay 1 shows that the perceived risk associated with a disclosure in a DSC setting is not necessarily higher than to an identical firm without DSC. Also, essay 3 indicates that only for the smallest share of consumers a DSC has a negative impact on their disclosure willingness and that one third of consumers do not intensively think about consequences for their privacy risks arising through a DSC. Additionally, essay 2 shows that a stronger reliance on low-cognitive-effort processing is prevalent in DSC disclosure settings. Moreover, essay 5 displays that even unrelated feelings of consumers can impact their disclosure willingness, but the effect direction also depends on consumers’ arousal level. This thesis contributes in three ways to theory: i) it shines light on peculiarities of DSC disclosure settings, ii) it suggests mechanisms and results of low-effort processing, and iii) it enhances the understanding of perceived privacy risks and privacy concerns as well as their resulting effect sizes. Besides theoretical contributions, this thesis offers practical implications as well: it allows firms to adjust the disclosure setting and the communication with their consumers in a way that makes them more successful in data collection. It also shows that firms do not need to be too anxious about a reduced disclosure willingness due to being part of a DSC. However, it also helps consumers themselves by showing in which circumstances they are most vulnerable to disclose personal data. That consumers become conscious of situations in which they are especially vulnerable to disclose data could serve as a countermeasure: this could prevent that consumers disclose too much data and regret it afterwards. Similarly, this thesis serves as a thought-provoking input for regulators as it emphasizes the importance of low-cognitive-effort processing for consumers’ decision-making, thus regulators may be able to consider this in the future. In sum, this thesis expands knowledge on how consumers decide whether to disclose personal data, especially in DSC settings and regarding low-cognitive-effort processing. It offers a more unified understanding for antecedents of disclosure willingness as well as for consumers’ disclosure decision-making processes. This thesis opens up new research avenues and serves as groundwork, in particular for more research on data disclosures in DSC settings.
... Additionally, the survey included questions on attitudes (see Table 3), Internet Privacy and Data Security concerns (see Table 5), and Facebook Privacy and Data Security concerns (see Table 6) derived from the work of Tuunainen, Pitkanen and Hovi (2009). Each item was measured on a five point Likert-type scale where 1 represents "Strongly Disagree" and 5 represents "Strongly Agree." ...
Full-text available
This study examines the predictive power of critical life event, perceived social support and organizational climate on turnover intention of Bank workers. Five hundred and forty workers participants (mean age 35.4) selected from 108 banks through stratified and simple random sampling techniques from the 18 senatorial districts in the six states (Ogun, Oyo, Osun, Ondo, Ekiti, Lagos) of south-west Nigeria. Four instruments, Turnover Intention Scale, Impact of Event Scale, Organizational Climate Descriptive Questionnaire and Duke-UNC Functional Social Support Questionnaire were utilized in the study. Multiple regression(stepwise) and t-test statistics were used for analysis. Findings showed that the three predictor variables (critical life event, organizational climate and social support) when taken together, predicted the criterion variable (turnover intention). it was also revealed that critical life event was the most potent contributor to the prediction of turnover intention of bank workers. The implications of these findings for the government , policy makers and employers of labor, who are interested in effective functioning and retention of workers were discussed.
... For example, a study [46] on college students showed that many leverage their account profile settings to protect themselves against possible privacy violations. However, many online users, such as users with active Facebook accounts, tended to share more sensitive data without any awareness of how their information was viewable by unintended audiences and how existing tools could be leveraged to limit access to such data [47], [48]. Other studies discussed how users manage their privacy concerns by limiting access to their data [49], or by stopping the use of such platforms [50], [51]. ...
Full-text available
Online service providers are aggressively evolving the digital systems around us into surveillance platforms. From voice assistants that listen to every conversation, to apps that share sensitive location information, privacy experts have raised concerns about how such data is being abused. This comes at a time when advertisement campaigns can target users through social media platforms according to political party affiliations, reproductive health, and even religious beliefs. Such behavior raises concerns about how service providers leverage privacy policies to legitimately appropriate private data. In this work, we examine the user attitudes and perceptions towards privacy policies. We analyze user perceptions based on data collected from 655 participants. We use this information to identify different motivators and blockers that can influence the user’s willingness towards reading privacy policies. We also examine the impact of previous user experiences such as cyber attacks, as well as, online data sharing practices on reading such policies. Furthermore, we evaluate the ability of users to comprehend the content presented in privacy policies and the impact technical jargon has on the readability of such documents. Our study reveals that although less than 19% of our participants reported having some difficulty in understanding privacy policies, our study shows that more than half of the participants did not understand the content. Finally, we evaluate the implication of using different interfaces for conveying privacy policy content. We use this information to extract various pain points that could be used to assist researchers in improving the usability of privacy policies.
Conference Paper
Nowadays, the identity of individuals has expanded to the cyber world. Users' virtual identity is exposed to different applications evolving quickly, and interactions with various social networking sites have become essential in our daily lives. Behavioral biometrics have shown to be an effective solution for better security, but on the other hand, technological advancements always establish a pathway to implications and challenges. This article elaborates on behavioral biometrics features and their massive use in various fields. The research is placed in the context of trust and security in nowadays societies. Therefore, we shed light on the challenges and security concerns. We conclude that behavioral biometrics supersede physical biometrics in terms of security assurance. Behavioral biometrics have the potential to grow and provide a state-of-the-art solution for cybersecurity.
Full-text available
People may be unaware of the privacy risks of uploading an image online. In this paper, we present an image privacy classifier that uses scene information and object cardinality as cues for the prediction of image privacy. Our Graph Privacy Advisor (GPA) model simplifies a state-of-the-art graph model and improves its performance by refining the relevance of the content-based information extracted from the image. We determine the most informative visual features to be used for the privacy classification task and reduce the complexity of the model by replacing high-dimensional image-based feature vectors with lower-dimensional, more effective features. We also address the biased prior information by modelling object co-occurrences instead of the frequency of object occurrences in each class.
People disclose themselves on Social Networking Sites (SNSs) even though there are various risks such as privacy intrusion and cyberbullying. Through this comparative study, the influencing factors toward voluntarily sharing personal information on SNSs are identified and analyzed. A theoretically driven research model is developed and tested with German and South Korean participants. Based on an online survey (n=266), a structural equation model (SEM) is empirically validated. The results indicate that there are similarities and differences. Two factors (perceived social benefit and perceived privacy risk) influence self-disclosure behavior in the both countries. Furthermore, three factors (collectivism, perceived cyberbullying risk, and perceived awareness of privacy issues) do not influence on self-disclosure behavior in both countries. However, the remaining six factors (protective experience, gossiping culture, perceived information benefit, perceived information control, perceived anonymity control, and concern of being intruded) influence self-disclosure behavior in one country but not in the other country. Extending the privacy calculus theory, this research provides a broad and unified model when studying on the privacy paradox
Mobile device growth is rapid, and it has a significant impact on our private and professional lives. All mobile users want to be guaranteed that their data is safe, which is why biometrics exists for mobile devices. Countless surveys have been performed on the adoption of biometric verification techniques, however, only a limited number of these surveys have concentrated on mobile device-based biometrics, including this current research. This quantitative study’s overall model was put to test on 302 mobile users via survey questionnaire distribution and analyzed utilizing the Statistical Package for Social Science (SPSS). Validity and reliability tests were performed and the model proved to be fit. The findings showed that the SSN variable of the proposed model was not supported, indicating that more research is required. In addition, the research model’s functional elements have a greater impact on the participants’ desire to use the mobile biometric system than the social elements. The study adds to academic knowledge by proposing new constructs that combine MBTAM to assess the likelihood of mobile device users adopting biometric verification techniques.
Full-text available
This publication contains reprint articles for which IEEE does not hold copyright. Full text is not available on IEEE Xplore for these articles.
Conference Paper
Full-text available
A qualitative study was conducted to explore how subjects use social networking sites and instant messenger to engage in interpersonal relationships. The results were used to develop a preliminary framework that models how attitudes towards privacy and impression management, when mediated by technology, translate into social interactions. This paper begins with a review of relevant literature, then describes the experimental design, summarizes the results, introduces the framework, and finishes with a discussion of conclusions and implications for future research. This paper describes the collection and analysis of qualitative data, and its use to inform a preliminary theoretical framework that can support future research into the design of systems that support social interactions
Conference Paper
Full-text available
Using data from a popular online social network site, this paper explores the relationship between profile structure (namely, which fields are completed) and number of friends, giving designers insight into the importance of the profile and how it works to encourage connections and articulated relationships between users. We describe a theoretical framework that draws on aspects of signaling theory, common ground theory, and transaction costs theory to generate an understanding of why certain profile fields may be more predictive of friendship articulation on the site. Using a dataset consisting of 30,773 Facebook profiles, we determine which profile elements are most likely to predict friendship links and discuss the theoretical and design implications of our findings.
Conference Paper
Full-text available
It is not well understood how privacy concern and trust influence social interactions within social networking sites. An online survey of two popular social networking sites, Facebook and MySpace, compared perceptions of trust and privacy concern, along with willingness to share information and develop new relationships. Members of both sites reported similar levels of privacy concern. Facebook members expressed significantly greater trust in both Facebook and its members, and were more willing to share identifying information. Even so, MySpace members reported significantly more experience using the site to meet new people. These results suggest that in online interaction, trust is not as necessary in the building of new relationships as it is in face to face encounters. They also show that in an online site, the existence of trust and the willingness to share information do not automatically translate into new social interaction. This study demonstrates online relationships can develop in sites where perceived trust and privacy safeguards are weak.
The emergence of Radio Frequency Identification (RFID) technology provides the potential for vast and varied applications, bringing with it both promise and peril. RFID tags used as the medium for the collection and transmission of personal data, as well as tracing devices for the location of natural persons, open a Pandora's box regarding the privacy rights of individuals. The goal of this paper is to present the main privacy threats that arise from the widespread use of RFID technology and to illustrate the issues that have to be taken into consideration at the designing phase of an RFID application. The legislative initiative on RFID in the European Union (EU) will be presented and finally, a brief overview of the situation in the USA will be given.
End-users share a wide variety of information on Facebook, but a discussion of the privacy implications of doing so has yet to emerge. We examined how Facebook aects privacy, and found serious a ws in the system. Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook. We based our end- user ndings on a survey of MIT students and statistical analysis of Facebook data from MIT, Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of Fair Information Practices as recommended by the Federal Trade Commission. In light of the information available and the system that protects it, we used a threat model to analyze specic privacy risks. Specically , university administrators are using Facebook for disciplinary purposes, rms are using it for marketing purposes, and intruders are exploiting security holes. For each threat, we analyze the ecacy of the current protection, and where solutions are inadequate, we make recommendations on how to address the issue.
This study focuses on antecedents to Internet privacy concerns and the behavioral intention to conduct on-line transactions. Perceptions of privacy are socially constructed through communication and transactions with social entities over a networked environment, a process that involves a certain level of technical skill and literacy. The research model specifies that social awareness and Internet literacy are related to both Internet privacy and intention to transact. Survey data collected from 422 respondents were analyzed using structural equation modeling (SEM) with LISREL and provided support for the hypothesized relationships. Social awareness was positively related and Internet literacy was negatively related to Internet privacy concerns. Moreover, Internet privacy concerns were negatively related and Internet literacy positively related to intention to transact on-line. This research explores the two alternative antecedents to Internet privacy concerns and intention to engage in e-commerce activity and contributes to our understanding of Internet privacy and its importance in the global information environment. The construct of social awareness can be broadened to develop a much-needed construct of awareness in MIS research related to the voluntary usage of information technology. A segmentation of Internet users with respect to privacy concerns is also proposed.
Conference Paper
Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. These networks oer attractive means for inter- action and communication, but also raise privacy and security concerns. In this study we survey a representative sample of the members of the Facebook (a social network for colleges and high schools) at a US academic institution, and compare the survey data to information retrieved from the net- work itself. We look for underlying demographic or behavioral dierences between the communities of the network's members and non-members; we analyze the impact of privacy concerns on members' behavior; we compare members' stated attitudes with actual behavior; and we document the changes in behavior subsequent to privacy-related information exposure. We find that an individual's privacy concerns are only a weak predictor of his membership to the network. Also privacy concerned individ- uals join the network and reveal great amounts of personal information. Some manage their privacy concerns by trusting their ability to control the information they provide and the external access to it. However, we also find evidence of members' misconceptions about the online community's actual size and composition, and about the visibility of members' profiles.
Conference Paper
Participation in social networking sites has dramatically increased in recent years. Services such as Friendster, Tribe, or the Facebook allow millions of individuals to create online profiles and share personal information with vast networks of friends - and, often, unknown numbers of strangers. In this paper we study patterns of information revelation in online social networks and their privacy implications. We analyze the online behavior of more than 4,000 Carnegie Mellon University students who have joined a popular social networking site catered to colleges. We evaluate the amount of information they disclose and study their usage of the site's privacy settings. We highlight potential attacks on various aspects of their privacy, and we show that only a minimal percentage of users changes the highly permeable privacy preferences.