The great Facebook privacy debate
The risk of sociability seems to be a sacrifice in privacy, but what are we doing about it? And can you ever really maintain your privacy on Facebook et al?
Social networks are a phenomenon. Facebook now has more than 300 million users and is making money and, as more and more of us connect to the internet, such networks are becoming as much a part of our day as mobile phones and television.
There are many perfectly understandable reasons why users might want to connect to social networks it's a place where people can go online to discover others with common interests, reunite with old friends and also connect with their professional peers.
Thanks to the ability to forge and build relationships with individuals and/or communities, information transfer between groups becomes easy. Although teenagers have always been known to populate the networks, more growth is actually occurring among those over 35.
Privacy and security of social networks
But there are huge issues over privacy and the security of personal information on online sites, with people having profiles that are both public and private, displaying the identities of their creators.
As other people see these profiles, they can be used and abused. Users have been fired for things that they have posted online, and old online pictures have been used to undermine people and even affect political careers.
In one of the worst cases, a British woman called Hayley Jones was murdered by her ex-boyfriend for changing her relationship status from married to single.
There was also much controversy over a Facebook advertisement system called Beacon that allowed data from users' browsing habits on external sites such as when they bought a DVD to be fed into Facebook and shown publicly on a news feed.
This proved so controversial that, a month after the launch, Facebook had to switch Beacon into an opt-in policy rather than the previous opt-out policy, where users were automatically using the feature until they declared otherwise.
Facebook will have to get rid of Beacon completely, after settling a year-long lawsuit from users who felt that the scheme was forced upon them.
Even Facebook apps see a lot of your personal data. For instance, taking part in this quiz will show you that an app creator can see all the information on your profile, even if you have put in high privacy settings.
There are no default privacy settings and no developer screening, which means that anybody can build Facebook applications and mine data.
On a more fundamental level there are other issues with social networks. Users do not know their audience and who is reading what they are writing.
Information also seems to be stored forever. That's not exactly surprising given that the real value of a social network lies in its size and the amount of information it keeps.
This Idiot of Ants sketch illustrates how odd this new social reality is, and how much information users are happily giving to complete strangers.
A July study carried out by Cambridge University researchers, which analysed 45 global social networking sites including Facebook and MySpace, revealed some eye-opening figures about the sites that we are using day in, day out for both work and play.
Around 90 per cent of sites required a full name or date of birth for permission to join, which the social network didn't actually need. Eight out of 10 failed to use standard encryption protocols, while 71 per cent reserved the right to use user data in privacy policies.
Many of the websites didn't have privacy policies at all, which the study suggested was due to an acknowledgement that the open discussion of privacy policies on social networking sites put off the average user.
"Sites want users to be relaxed and having fun, but when privacy is mentioned users feel less comfortable sharing data," said one of the study's researchers Joseph Bonneau.
He added: "Even sites with good privacy feel they can't promote it, so users have no idea of what they're getting."
Attempts at social network privacy controls
However, social networks are now very complex, and it could prove tricky in practice to make them follow policies that were originally aimed at e-commerce and banking sites.
Another attempt to put in some kind of privacy for a social network was the Platform for Privacy Preferences Project (P3P) set up by the World Wide Web Consortium (W3).
This is a framework for automated privacy discussions where websites like social networks disclose their privacy practices in a standard machine-readable format like XML.
Web browsers could then automatically retrieve P3P privacy policies and compare them to the user's own privacy preferences.
However, some social networks tried to implement the policy but failed to do it properly because of its complexity. Websites were also not obligated to use the policy and neither were users.
There's also the problem of enforcement. There weren't any legal ramifications if the social network used the data it collects for functions other than stated, for example.
Why do we stay on social networks?
With all the apparent security issues on using a social network, why don't we just vote with our feet and leave?
There is no simple explanation as to why we find social networks so alluring, but Professor Ronald Leenes of the University of Tilburg, says that there are three partial underlying reasons.
Firstly, some users don't understand the risks of using a social network, and consider that they are safe because they believe that nobody would go to the bother of looking them up.
"This is a bit nave by users," Leenes said. "There are plenty of people interested in what people do. Parents, teachers, employers, governments"
He added: "If ignorance is the case then we have to teach them about the risks. Sites should publish user-friendly community guidelines rather than terms and services."
Ignorance might be true for some, but Leenes claimed that users by and large knew the privacy issues of social networking.
Many users also believe that they are addressing their friends rather than outsiders on the social network, and expect privacy in doing so, according to Leenes.
"It is a call for the re-establishment of the social more that you stay out of people's conversations, unless you were invited to participate," he said.
The third reason suggested by Leenes is that users feel they have no choice, as leaving a social network could be social suicide'. Sites like Facebook become a community where people get in touch with other, make friends and organise events so removing yourself from such a network could do more harm than good to some.
Leaving the social network could turn them into the outsider with no friends, according to Leenes. "They think social rather than logical," he said.
Is more technology the answer?
Social networks don't look like they are going to stop growing any time soon, so what are the solutions, if any, to ensure some level of privacy?
Education and awareness could be an answer. Adding random strangers to your Facebook 'friends' list, for example, could be risky as you have no knowledge about who they really are.
This also comes with confidential data. It's obviously not sensible to put details like addresses, phone numbers or any information that somebody could use to steal your identity into the realms of social network-based public forums.
However, there is also another option. Leene suggests that some may want to reject the social network model in favour of something more secure.
Unlike some commentators, Leene believes that there are some technical controls that users could adopt to deliver some degree of privacy in a social network without affecting its sociability.
"By developing technical tools to support concepts like audience segregation and contextual integrity," he said.
Social networks are built on the data mined from us. Leenes claims that if there was no data to mine, it would lose its value and users would, once again, be safe.
"Of course this may affect the business opportunity of platform providers, but hey, that's not my problem," he added.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now