From Wikipedia, the free encyclopedia
Since the arrival of early
social networking sites in the early 2000s, online social networking platforms have expanded exponentially, with the biggest names in
social media in the mid-2010s being
Facebook,
Instagram,
Twitter and
SnapChat.
The massive influx of personal information that has become available
online and stored in the cloud has put user privacy at the forefront of
discussion regarding the database’s ability to safely store such
personal information. The extent to which users and social media
platform administrators can access user profiles has become a new topic
of ethical consideration, and the legality, awareness, and boundaries of
subsequent privacy violations are critical concerns in the advance of
the technological age.
A
social network is a
social structure made up of a set of
social actors (such as individuals or organizations), sets of dyadic ties, and other
social interactions between actors.
Privacy concerns with social networking services is a subset of
data privacy, involving the right of mandating personal
privacy
concerning storing, re-purposing, provision to third parties, and
displaying of information pertaining to oneself via the Internet. Social
network security and privacy issues result from the astronomical
amounts of information these sites process each day. Features that
invite users to participate in—messages, invitations, photos, open
platform
applications and other applications are often the venues for others to
gain access to a user's private information. In addition, the
technologies needed to deal with user's information may intrude their
privacy. More specifically, In the case of Facebook.
Adrienne Felt, a Ph.D. candidate at Berkeley, made small headlines last year when she exposed a potentially devastating hole in the framework of Facebook's third-party application programming interface
(API). It made it easier for people to lose their privacy. Felt and her
co-researchers found that third-party platform applications on Facebook
are provided with far more user information than it is needed. This
potential privacy breach is actually built into the systematic framework
of Facebook.[citation needed]
Unfortunately, the flaws render the system to be almost indefensible.
"The question for social networks is resolving the difference between
mistakes in implementation and what the design of the application
platform is intended to allow", said David Evans, Assistant Professor of
Computer Science at
the University of Virginia.
Moreover, there is also the question of who should be held responsible
for the lack of user privacy? According to Evan, the answer to the
question is not likely to be found, because a better regulated API would
be required for Facebook "to break a lot of applications, [especially
when] a lot of companies are trying to make money off [these]
applications". Felt agrees with her conclusion, because "there are
marketing businesses built on top of the idea that third parties can get
access to data and user information on Facebook".
The advent of the
Web 2.0 has caused
social profiling and is a growing concern for
internet privacy.
[1]
Web 2.0 is the system that facilitates participatory information
sharing and collaboration on the Internet, in social networking media
websites like
Facebook and
MySpace.
[1]
These social networking sites have seen a boom in their popularity
beginning in the late 2000s. Through these websites many people are
giving their personal information out on the internet.
These social networks keep track of all interactions used on their sites and save them for later use.
[2] Issues include
cyberstalking, location disclosure, social profiling, 3rd party personal information disclosure, and government
use of social network websites in investigations without the safeguard of a
search warrant.
History
Before
social networking sites exploded over the past decade, there were
earlier forms of social network technologies that included: online
multiplayer games, blog sites, newsgroups, mailings lists and dating
services. They created a backbone for the new modern sites. Yet, since
the start there existed an issue of privacy. In 1996, a young woman in
New York City was on a first date with an online acquaintance and later
sued for sexual harassment, after her date tried to play out some of the
sexual fantasies they had discussed while online. This is just an early
example of many more issues to come regarding internet privacy.
[3]
In the past, social networking sites primarily consisted of the
capability to chat with others in a chat room, which was far less
popular than social networks today. People using these sites were seen
as "techies" unlike users in the current era. One of the early privacy
cases was in regards to
MySpace,
due to "stalking of minors, bullying, and privacy issues", which
inevitably led to the adoption of "age requirements and other safety
measures".
[4] It is very common in society now for events such as stalking and "
catfishing" to occur.
According to Kelly Quinn, “the use of social media has become
ubiquitous, with 73% of all U.S. adults using social network sites today
and significantly higher levels of use among young adults and females."
Social media sites have grown in popularity over the past decade, and
they only continue to grow. A majority of the United States population
uses some sort of social media site.
[5]
Causes
There are several causes that contribute to the
invasion of privacy
throughout social networking platforms. It has been recognized that “by
design, social media technologies contest mechanisms for control and
access to personal information, as the sharing of user-generated content
is central to their function." This proves that social networking
companies need private information to become public so their sites can
operate. They require people to share and connect with each other.
[5]
This may not necessarily be a bad; however, one most just be aware of
the privacy concerns. Even with privacy settings, posts on the internet
can still be shared with people beyond a user's followers or friends.
One reason for this is that “English law is currently incapable of
protecting those who share on social media from having their information
disseminated further than they intend." Information always has the
chance to be unintentionally spread online. Once something is posted on
the internet, it becomes public and is no longer private. Users can turn
privacy settings on for their accounts;however, that does not guarantee
that information will not go beyond their intended audience. Pictures
and posts can be saved and posts may never really get deleted. “In 2013,
the Pew Research Center found that 60% of teenage Facebook users have
private profile;” this proves that privacy is definitely something that
people still wish to obtain.
[6]
A person's life becomes much more public because of social
networking. Social media sites have allowed people to connect with many
more people than with just in person interactions. People can connect
with users from all across the world that they may never have the chance
to meet in person. This can be a positive aspect; however, this also
arises many concerns about privacy. Information can be posted about a
person that they do not want getting out. In the novel
It’s Complicated,
the author explains that some people “believe that a willingness to
share in public spaces—and, most certainly, any act of exhibitionism and
publicity—is incompatible with a desire for personal privacy." Once
something is posted on the internet, it becomes accessible to multiple
people and can even be shared beyond just assumed friends or followers.
Many employers now look at a person's social media before hiring them
for a job or position. Social media has become a tool that people use to
find out information about a person's life. Someone can learn a lot
about a person based on what they post before they even meet them once
in person. The ability to achieve privacy is a never ending process. Boyd describes that “achieving privacy requires the ability to control
the social situation by navigating complex contextual cues, technical
affordances , and social dynamics." Society is constantly changing;
therefore, the ability to understand social situations to obtain privacy
regularly has to be changed.
[7]
Various levels of privacy offered
Social
networking sites vary in the levels of privacy offered. For some social
networking sites like Facebook, providing real names and other personal
information is encouraged by the site (onto a page is known as a
'Profile'). This information usually consists of the birth date, current
address, and telephone number(s). Some sites also allow users to
provide more information about themselves such as interests, hobbies,
favorite books or films, and even relationship status. However, there
are other social network sites, such as
Match.com,
where most people prefer to be anonymous. Thus, linking users to their
real identity can sometimes be rather difficult. Nevertheless,
individuals can sometimes be identified with face re-identification.
Studies have been done on two major social networking sites, and it is
found that by overlapping 15% of the similar photographs, profile
pictures with similar pictures over multiple sites can be matched to
identify the users.
[8]
People concern
“According
to research conducted by the Boston Consulting Group, privacy of
personal data is a top issue for 76 percent of global consumers and 83
percent of U.S. consumers.”
[9]
For sites that do encourage information disclosure, it has been noted
that majority of the users have no trouble disclosing their personal
information to a large group of people.
[8] In 2005, a study was performed to analyze data of 540 Facebook profiles of students enrolled at
Carnegie Mellon University. It was revealed that 89% of the users gave genuine names, and 61% gave a photograph of themselves for easier identification.
[8]
Majority of users also had not altered their privacy setting, allowing a
large number of unknown users to have access to their personal
information (the default setting originally allowed friends, friends of
friends, and non-friends of the same network to have the full view of a
user's profile). It is possible for users to block other users from
locating them on Facebook, but this must be done by individual basis,
and would, therefore, appear not to be commonly used for a wide number
of people. Most users do not realize that while they may make use of the
security features on Facebook the default setting is restored after
each update. All of this has led to many concerns that users are
displaying far too much information on social networking sites which may
have serious implications on their privacy. Facebook was criticized due
to the perceived laxity regarding privacy in the default setting for
users.
[10]
The
“Privacy Paradox”
is a phenomenon that occurs when individuals, who state that they have
concerns about their privacy online, take no action to secure their
accounts.
[11]
Furthermore, while individuals may take extra security steps for other
online accounts, such as those related to banking or finance, this does
not extend to social media accounts.
[11]
Some of these basic or simple security steps would include deleting
cookies, browser history, or checking one’s computer for spyware.
[11] Some may attribute this lack of action to “third-person bias”. This
occurs when people are aware of risks, but then do not believe that
these risks apply or relate to them as individuals.
[11]
Another explanation is a simple risk reward analysis. Individuals may
be willing to risk their privacy to reap the rewards of being active on
social media.
[11]
Oftentimes, the risk of being exploited for the private information
shared on the internet is overshadowed by the rewards of exclusively
sharing personal information that bolsters the appeal of the social
media user.
[12]
In the study by Van der Velden and El Emam, teenagers are described
as “active users of social media, who seem to care about privacy, but
who also reveal a considerable amount of personal information.”
[13] This brings up the issue of what should be managed privately on social media, and is an example of the
Privacy Paradox. This study in particular looked at teenagers with mental illness and how they interact on
social media.
Researchers found that “it is a place where teenage patients stay
up-to-date about their social life—it is not seen as a place to discuss
their diagnosis and treatment.”
[13]
Therefore, social media is a forum that needs self-protection and
privacy. Privacy should be a main concern, especially for teens who may
not be entirely informed about the importance and consequences of public
versus private use. For example, the “discrepancy between stated
privacy concerns and the disclosure of private information.”
[13]
User awareness in social networking sites
Users
are often the targets as well as the source of information in social
networking. Users leave digital imprints during browsing of social
networking sites or services. It has been identified from few of online
studies conducted, that users trust websites and social networking
sites. As per trust referred,
[14]
"trust is defined in (Mayer, Davis, and Schoorman, 1995) as "the
willingness of a party to be vulnerable to the actions of another party
based on the expectation that the other will perform a particular action
important to the
trustor, irrespective of the ability to monitor or control that other party" (p. 712)". A survey
[15]
was conducted by Carnegie Mellon University, a majority of users
provided their living city, phone numbers among other personal
information, while user is clearly unaware of consequences of sharing
certain information. Adding to this insight, is the social networking
users are from various cities, remote villages, towns, cultures,
traditions, religions, background, economic classes, education
background, time zones and so on that highlight the significant gap in
awareness.
The survey results of the paper
[15]
suggest, "These results show that the interaction of trust and privacy
concern in social networking sites is not yet understood to a sufficient
degree to allow accurate modeling of behavior and activity. The results
of the study encourage further research in the effort to understand the
development of relationships in the online social environment and the
reasons for differences in behavior on different sites."
As per reference, a survey conducted among social networking users at
Carnegie Mellon University was indicative of following as reasons for
lack of user awareness:
1) People's disregard of privacy risks due to trust in privacy and protection offered on social networking sites.
2) Availability of user's personal details to third-party tools/applications.
3) APIs and Frameworks also enable any user, who has the fair amount of knowledge to extract the user's data.
4) Cross-site forgery and other possible website threats.
There is hence a dire need for improving User's awareness swiftly, in
order to address growing security and privacy concerns caused due to
merely user's unawareness. Social networking sites themselves can take a
responsibility and make such awareness possible by means of
participatory methods by virtual online means.
[16]
Data access methods
There
are several ways for third parties to access user information. Flickr
is an example of a social media website that provides geotagged photos
that allows users to view the exact location of where a person is
visiting or staying. Geotagged photos make it easy for third party users
to see where an individual is located or traveling to.
[17]
Share it with third parties
Nearly
all of the most popular applications on Facebook—including Farmville,
Causes, and Quiz Planet—have been sharing users' information with
advertising and tracking companies.
[18] Even though
Facebook's privacy policy
says they can provide "any of the non-personally identifiable
attributes we have collected" to advertisers, they violate this policy.
If a user clicked a specific ad in a page, Facebook will send the
address of this page to advertisers, which will directly lead to a
profile page. In this case, it is easy to identify users' names.
[19]
For example, Take With Me Learning is an app that allows teachers and
students to keep track of their academic process. The app requires
personal information that includes, school name, user’s name, email, and
age. But Take With Me Learning was created by company that was known
for illegally gathering student’s personal information without their
knowledge and selling it to advertisement companies. This company had
violated the Child Online Privacy Protection Act (COPPA), used to keep
children safe from identity theft while using the internet.
[20] Most recently, Facebook has been scrutinized for the collection of users' data by
cambridge analytica.
Cambridge Analytica was collecting data from Facebook users’ after they
agreed to take a psychology questionnaire. Not only could cambridge
analytica access the data of the person who took the survey, they could
also access all of the data of that person’s Facebook friends. This data
was then used to hopefully sway people's’ beliefs in hopes that they
would vote for a certain politician. While what cambridge analytica did
by collecting the data may or may not be illegal, they then transferred
the data they acquired to third parties so that it could be used to sway
voters.
[21]
API
Application programming interface
(API) is a set of routines, protocols, and tools for building software
applications. By using query language, sharing content and data between
communities and applications became much easier. APIs simplify all that
by limiting outside program access to a specific set of features—often
enough, requests for data of one sort or another. APIs clearly define
exactly how a program will interact with the rest of the software
world—saving time.
[22]
An API allows software to “speak with other software.”
[23]
Furthermore, an API can collect and provide information that is not
publicly accessible. This is extremely enticing for researchers due to
the greater number of possible avenues of research.
[23]
The use of an API for data collection can be a focal point of the
privacy conversation, because while the data can be anonymous, the
difficulty is understanding when it becomes an invasion of privacy.
[23]
Personal information can be collected en masse, but the debate over
whether it breaches personal privacy is due to the inability to match
this information with specific people.
[23]
There have however been some concerns with API because of the recent
scandal between Facebook and the political consulting firm,
Cambridge Analytica.
What happened was “Facebook allowed a third-party developer to engineer
an application for the sole purpose of gathering data. And the
developer was able to exploit a loophole to gather information on not
only people who used the app but all their friends — without them
knowing.”
[24]
Search engines
Search engines
are an easy way to find information without scanning every site
yourself. Keywords that are typed into a search box will lead to the
results. So it is necessary to make sure that the keywords typed are
precise and correct. There are many of such search engines, some of
which may lead the user to fake sites which may obtain personal
information or are laden with viruses. Furthermore, some search engines,
like
DuckDuckGo, will not violate the user's privacy.
[25]
Location Data
On
most social media websites, user’s geographical location can be
gathered either by users (through voluntary check-in applications like
Foursquare and Facebook Places) or by applications (through technologies
like IP address geolocation, cellphone network triangulation, RFID and
GPS). The approach used matters less than the result which holds that
the content produced is coupled with the geographical location where the
user produced it. Additionally, many applications attach the contents
of other forms of information like OS language, device type and capture
time. The result is that by posting, tweeting or taking pictures, users
produce and share an enormous amount of personal information.
[26]
Benefit from data
This accessible data along with
data mining technology, users' information can be used in different ways to improve
customer service.
According to what you retweet, what you like and the
hashtag, Twitter can recommend some topics and advertisements. Twitter's suggestions for who to follow
[27] is done by this
recommendation system. Commerce, such as
Amazon,
make use of users' information to recommend items for users. Recommendations are based on at least prior purchases, shopping cart,
and wishlist.
Affinity analysis is a data mining technique that used to understand the purchase behavior of customers.
By using
machine learning method, whether a user is a potential follower of Starbucks can be predicted.
[28]
In that case, it is possible to improve the quality and coverage of
applications. In addition, user profiles can be used to identify similar
users.
More than 1,000 companies are waiting in line to get access to
millions of tweets from users that are using the popular social
networking website. Companies believe that by using data mining
technologies they would be able to gather important information that can
be used for marketing and advertising.
[29]
According to
Gary Kovacs's
speech about Tracking our online trackers, when he used the internet to
find an answer to a question, "We are not even 2 bites into breakfast
and there are already nearly 25 sites that are tracking me", and he was
navigated by 4 of them.
[30]
Privacy concerns
Studies
have shown that people's right to the belief in privacy is the most
pivotal predictor in their attitudes concerning online privacy.
[31]
Social profiling and 3rd party disclosure
The
Privacy Act of 1974 states:
-
- "No agency shall disclose any record which is contained in a system
of records by any means of communication to any person, or to another
agency, except pursuant to a written request by, or with the prior
written consent of, the individual to whom the record pertains [subject
to 12 exceptions]." 5 U.S.C. § 552a(b).
Disclosure in this context refers to any means of communication, be
it written, oral, electronic or mechanical. This states that agencies
are forbidden to give out, or disclose, the information of an individual
without being given consent by the individual to release that
information. However, it falls on the individual to prove that a
wrongful disclosure, or disclosure in general, has occurred.
[32] Because of this social networking sites such as Facebook ask for
permission when a third-party application is requesting the user's
information.
Although The
Privacy Act of 1974 does a lot to limit privacy invasion through third party disclosure, it
does list a series of twelve exceptions that deem disclosure permissible:
-
- 1. For members of an agency who need such information "in the performance of their duties".
- 2. If the Freedom of Information Act requires such information
- 3. If the information that is disclosed "is compatible with the purpose for which it was collected".
- 4. If the Bureau of Census needs such information to complete a particular census.
- 5. If the third party explicitly informs the individual that the
information collected will serve only as a form of "statistical
research" and is not "individually identifiable".
- 6. If it is historically relevant to be added to the National Archives and Records Administration.
- 7. If such information was requested by a law enforcement agency.
- 8. If such information is deemed beneficial to the "health or safety of an individual".
- 9. If such information is requested by the House of Congress or by one of its subcommittees.
- 10. If such information is requested by the head of the Government
Accountability Office or by one "of his authorized representatives".
- 11. If such information is requested through a court order.
- 12. If such information is requested through the Debt Collection Act.[32]
Social profiling allows for Facebook and other social networking
media websites of filtering through the advertisements, assigning
specific ones to specific age groups, gender groups, and even
ethnicities.
[1]
Data aggregation sites like Spokeo have highlighted the feasibility
of aggregating social data across social sites as well as integrating it
with public records. A 2011 study
[33]
highlighted these issues by measuring the amount of unintended
information leakage over a large number of users with the varying number
of social networks. It identified and measured information that could
be used in attacks against what-you-know security.
Studies
[34][35]
have also pointed to most social networks unintentionally providing 3rd
party advertising and tracking sites with personal information. It
raises the issue of private information inadvertently being sent to 3rd
party advertising sites via Referrer strings or cookies.
Civil libertarians worry that social networking sites, particularly
Facebook, have greatly diminished user confidentiality in numerous ways.
[36]
For one thing, when social media platforms store private data, they
also have complete access to that material as well. To sustain their
profitability, applications like Facebook examine and market personal
information by logging data through
cookies,
small files that stockpile the data on someone’s device. Companies,
such as Facebook, carry extensive amounts of private user information on
file, regarding individuals’ , “likes, dislikes, and preferences”,
which are of high value to marketers.
[37]
As Facebook reveals user information to advertising and marketing
organizations, personalized endorsements will appear on news feeds based
on “surfing behavior, hobbies, or pop culture preferences”.
[36]
For those reasons, Facebook’s critics fear that social networking
companies may seek business ventures with stockholders by sharing user
information in the exchange of profits. Additionally, they argue that
since Facebook demonstrates an illusion of privacy presented by a
“for-friends-only” type of platform, individuals find themselves more
inclined to showcase more personal information online. According to the
critics, users might notice that the sponsorships and commercials are
tailored to their disclosed private data, which could result in a sense
of betrayal.
[36]
Companies
On
Facebook, there is one way to ensure protection against applications
sharing personal information. On the privacy settings page, you can
remove or turn off unwanted or spam applications.
[18]
Twitter
has admitted that they have scanned and imported their user's phone
contacts onto the website database so that they can learn more about
their users. Most users were unaware that Twitter is created this way
for new users to search for their friends. Twitter has stated that they
will have their privacy guidelines illustrated more clearly in the
future.
[38]
In 2015, after
Facebook bought
Instagram
there was an option that Instagram could use its own users photos for
ad purposes. This new policy was hidden in their user agreement. Users
could opt out but the only way was to delete their account at before a
certain deadline. Hiding this in their user agreement privacy agreement
they were able to fool lots of people who did not understand what to
look for. This is disclosure of information to
third parties[disambiguation needed] because Instagram is branching out our information to others.
[39]
Institutional
A
number of institutions have expressed concern over the lack of privacy
granted to users on social networking sites. These include
schools,
libraries, and Government agencies.
Libraries
Libraries
in the particular, being concerned with the privacy of individuals,
have debated on allowing library patrons to access social networking
sites on public library computers. While only 19% of librarians
reportedly express real concern over social networking privacy, they
have been particularly vocal in voicing their concerns.
[40]
Some have argued that the lack of privacy found on social networking
sites is contrary to the ethics supported by Library organizations, and
the latter should thus be extremely apprehensive about dealing with the
former.
[40] Supporters of this view present their argument from the code of ethics held by both the
American Library Association and the UK based
Chartered Institute of Library and Information Professionals, which affirms a commitment to upholding privacy as a fundamental right.
[40]
In 2008, a study was performed in fourteen public libraries in the UK
which found that 50% blocked access to social networking sites.
[41]
Many school libraries have also blocked Facebook out of fear that
children may be disclosing too much information on Facebook. However, as
of 2011, Facebook has taken efforts to combat this concern by deleting
profiles of users under the age of thirteen.
[42]
Potential dangers
Identity theft
As there is so much information provided other things can be deduced, such as the person's
social security number, which can then be used as part of
identity theft.
[43]
In 2009, researchers at Carnegie Mellon University published a study
showing that it is possible to predict most and sometimes all of an
individual's 9-digit Social Security number using information gleaned
from social networks and online databases. (See Predicting Social
Security Numbers from Public Data by Acquisti and Gross).
[44]
In response, various groups have advised that users either do not
display their number, or hide it from Facebook 'friends' they do not
personally know.
[45] Cases have also appeared of users having photographs stolen from social networking sites in order to assist in identity theft.
[46]
There is little evidence that users of social networking sites are
taking full measures to protect themselves from identity theft. For
example, numerous celebrities have claimed their
Twitter accounts have been hacked.
[47] According to the Huffington Post, Bulgarian IT consultant Bogomil Shopov claimed in a
recent blog
to have purchased personal information on more than 1 million Facebook
users, for the shockingly low price of USD$5.00. The data reportedly
included users' full names, email addresses, and links to their Facebook
pages.
[48]
The following information could be used to steal the users'
identities : Full names including middle name, date of birth, hometown,
relationship status, residential information, other hobbies and
interest.
Preteens and early teenagers
Among
all other age groups, in general, the most vulnerable victims of
private-information-sharing behavior are preteens and early teenagers.
There have been age restrictions put on numerous websites but how
effective they are is debatable.
[need quotation to verify]
Findings have unveiled that informative opportunities regarding
internet privacy as well as concerns from parents, teachers, and peers,
play a significant role in impacting the internet user's behavior in
regards to online privacy.
[49][50]
Additionally, other studies have also found that the heightening of
adolescents' concern towards their privacy will also lead to a greater
probability that they will utilize privacy-protecting behaviors.
[51]
In the technological culture that society is developing into, not only
should adolescents' and parent's awareness be risen, but society as a
whole should acknowledge the importance of online privacy.
Preteens and early teenagers are particularly susceptible to social
pressures that encourage young people to reveal personal data when
posting online. Teens often post information about their personal life,
such as activities they are doing, sharing their current locations, who
they spend time with, as well their thoughts and opinions. They tend to
share this information because they do not want to feel left out or
judged by other adolescents who are practicing these sharing activities
already. Teens are motivated to keep themselves up to date with the
latest gossip, current trends, and trending news and, in doing so they
are allowing themselves to become victims of cyberbullying, stalking,
and in the future, could potentially harm them when pursuing job
opportunities, and in the context of privacy, become more inclined to
share their private information to the public. This is concerning
because preteens and teenagers are the least educated on how public
social media is, how to protect themselves online, and the detrimental
consequences that could come from sharing too much personal information
online. As more and more young individuals are joining social media
sites, they believe it is acceptable to post whatever they are thinking,
as they don't realize the potential harm that information can do to
them and how they are sacrificing their own privacy.
[52] "Teens are sharing more information about themselves on social media sites than they did in the past."
[53]
Preteens and teenagers are sharing information on social media sites
such as Facebook, Snapchat, Instagram, Twitter, Pinterest, and more by
posting pictures and videos of themselves unaware of the privacy they
are sacrificing.
[54] Adolescents post their real name, birthdays, and email addresses to their social media profiles.
[54]
Children have less mobility than they have had in the past. Everything
these teenagers do online is so they can stay in the loop of social
opportunities, and the concern with this is that they do this in a way
that is not only traceable but in a very persistent environment that
motivates people to continue sharing information about themselves as
well.
[54]
California is also taking steps to protect the privacy of some social
media users from users’ own judgments. In 2013, California enacted a
law that would require social media sites to allow young registered
users to erase their own comments from sites.
[55] This is a first step in the United States toward the “
right to be forgotten” that has been debated around the world over the past decade.
[56]
Sexual predators
Most
major social networking sites are committed to ensuring that use of
their services are as safe as possible. However, due to the high content
of personal information placed on social networking sites, as well as
the ability to hide behind a pseudo-identity, such sites have become
increasingly popular for sexual predators [online].
[57] Further, lack of age verification mechanisms is a cause of concern in these social networking platforms.
[58] However, it was also suggested that the majority of these simply transferred to using the services provided by Facebook.
[59]
While the numbers may remain small, it has been noted that the number
of sexual predators caught using social networking sites has been
increasing, and has now reached an almost weekly basis.
[60]
In worst cases children have become victims of pedophiles or lured to
meet strangers.They say that sexual predators can lurk anonymously
through the wormholes of cyberspace and access victim profiles online.
[61] A number of highly publicized cases have demonstrated the threat posed for users, such as
Peter Chapman who, under a false name, added over 3,000 friends and went on to rape and murder a 17-year-old girl in 2009.
[62]
In another case, a 12-year-old, Evergreen girl was safely found by the
FBI with the help of Facebook, due to her mother learning of her
daughter's conversation with a man she had met on the popular social
networking application.
Stalking
The potential ability for
stalking
users on social networking sites has been noted and shared. Popular
social networking sites make it easy to build a web of friends and
acquaintances and share with them your photos, whereabouts, contact
information, and interests without ever getting the chance to actually
meet them. With the amount of information that users post about
themselves online, it is easy for users to become a victim of stalking
without even being aware of the risk. 63% of Facebook profiles are
visible to the public, meaning if you Google someone's name and you add
"+Facebook" in the search bar you pretty much will see most of the
person profile.
[63]
A study of Facebook profiles from students at Carnegie Mellon
University revealed that about 800 profiles included current resident
and at least two classes being studied, theoretically allowing viewers
to know the precise location of individuals at specific times.
[43] AOL
attracted controversy over its instant messenger AIM which permits
users to add 'buddies' without their knowing, and therefore track when a
user is online.
[43]
Concerns have also been raised over the relative ease for people to
read private messages or e-mails on social networking sites.
[64]
Cyberstalking is a criminal offense that comes into play under state
anti-stalking laws, slander laws, and harassment laws. A cyberstalking
conviction can result in a restraining order, probation, or even
criminal penalties against the assailant, including jail.
[63]
Some applications are explicitly centered on "cyber stalking." An
application named "Creepy" can track a person's location on a map using
photos uploaded to Twitter or Flickr. When a person uploads photos to a
social networking site, others are able to track their most recent
location. Some smartphones are able to embed the longitude and latitude
coordinates into the photo and automatically send this information to
the application. Anybody using the application can search for a specific
person and then find their immediate location. This poses many
potential threats to users who share their information with a large
group of followers.
[65]
Facebook "Places," is a Facebook service, which publicizes user
location information to the networking community. Users are allowed to
"check-in" at various locations including retail stores, convenience
stores, and restaurants. Also, users are able to create their own
"place," disclosing personal information onto the Internet. This form of
location tracking is automated and must be turned off manually. Various
settings must be turned off and manipulated in order for the user to
ensure privacy. According to epic.org, Facebook users are recommended
to: (1) disable "Friends can check me in to Places," (2) customize
"Places I Check In," (3) disable "People Here Now," and (4) uncheck
"Places I've Visited.".
[66]
Moreover, the Federal Trade Commission has received two complaints in
regards to Facebook's "unfair and deceptive" trade practices, which are
used to target advertising sectors of the online community. "Places"
tracks user location information and is used primarily for advertising
purposes. Each location tracked allows third party advertisers to
customize advertisements that suit one's interests. Currently, the
Federal Trade Commissioner along with the Electronic Privacy Information
Center are shedding light on the issues of location data tracking on
social networking sites.
[66]
Unintentional fame
Unintentional
fame can harm a person’s character, reputation, relationships, chance
of employment, and privacy- ultimately infringing upon a person’s right
to the pursuit of happiness. Many cases of unintentional fame have led
its victims to take legal action. The right to be forgotten is a legal
concept that includes removing one’s information from the media that was
once available to the public.
[56]
The right to be forgotten is currently enforced in the European Union
and Argentina, and has been recognized in various cases in the United
States, particularly in the case of Melvin v. Reid.
[56]
However, there is controversy surrounding the right to be forgotten in
the United States as it conflicts with the public's right to know and
the Constitution’s First Amendment, restricting one’s “right to freedom
of speech and freedom of expression” (Amendment I).
[67]
Privacy concerns have also been raised over a number of high-profile
incidents which can be considered embarrassing for users. Various
internet memes have been started on social networking sites or been used
as a means towards their spread across the internet. In 2002, a
Canadian teenager became known as the
Star Wars Kid after a video of him using a golf club as a
light sabre
was posted on the internet without his consent. The video quickly
became a hit, much to the embarrassment of the teenager, who claims to
have suffered as a result.
[68]
Along with other incidents of videos being posted on social networking
sites, this highlights the ability for personal information to be
rapidly transferred between users.
Employment
Issues
relating to privacy and employment are becoming a concern with regards
to social networking sites. As of 2008, it has been estimated by
CareerBuilder.com
that one in five employers search social networking sites in order to
screen potential candidates (increasing from only 11% in 2006).
[69]
For the majority of employers, such action is to acquire negative
information about candidates. For example, 41% of managers considered
information relating to candidates' alcohol and drug use to be a top
concern.
[69]
Other concerns investigated via social networking sites included poor
communication skills, inappropriate photographs, inaccurate
qualifications and bad-mouthing former employers/colleagues.
[69]
However, 24% manager claimed that information found on a social
networking site persuaded them to hire a candidate, suggesting that a
user image can be used in a positive way.
While there is little doubt that employers will continue to use
social networking sites as a means of monitoring staff and screening
potential candidates, it has been noted that such actions may be illegal
under in jurisdictions. According to Workforce.com, employers who use
Facebook or Myspace could potentially face legal action:
If a potential employer uses a social networking site to check out a
job candidate and then rejects that person based on what they see, he or
she could be charged with discrimination.
[70]
On August 1, 2012, Illinois joined the state of Maryland (law passed in
March 2012) in prohibiting employer access to social media web sites of
their employees and prospective employees. A number of other states
that are also considering such prohibitory legislation (California,
Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New
York, Ohio, South Carolina and Washington), as is the United States
Congress. In April 2012, the Social Networking Online Protection Act
(2012 H.R. 5050) was introduced in the
United States House of Representatives, and the Password Protection Act of 2012 (2012 S. 3074) was introduced in the
United States Senate in May 2012, which prohibit employers from requiring access to their employees' social media web sites.
[71]
With the recent concerns about new technologies, the United States is
now developing laws and regulations to protect certain aspects of
people’s information on different medias.[CR4] For example, 12 states in
the US currently have laws specifically restricting employers from
demanding access to their employees’ social media sites when those sites
are not fully public.
[72]
(The states that have passed these laws are Arkansas, California,
Colorado, Illinois, Maryland, Michigan, New Jersey, New Mexico, Nevada,
Oregon, Utah, and Washington.)
[73]
Monitoring of social networking sites is not limited to potential
workers. Issues relating to privacy are becoming an increasing concern
for those currently in employment. A number of high-profile cases have
appeared in which individuals have been sacked for posting comments on
social networking which have been considered disparaging to their
current employers or fellow workers. In 2009, sixteen-year-old Kimberley
Swann was sacked from her position at Ivell Marketing and Logistics
Limited after describing her job as 'boring'.
[74]
In 2008, Virgin Atlantic sacked thirteen cabin crew staff, after it
emerged they used had criticized the company's safety standards and
called passengers 'chavs' on Facebook.
[75]
There is no federal law that we are aware of that an employer is
breaking by monitoring employees on social networking sites. In fact,
employers can even hire third-party companies to monitor online employee
activity for them. According to an
article by Read Write Web
employers use the service to "make sure that employees don't leak
sensitive information on social networks or engage in any behavior that
could damage a company's reputation."
[44]
While employers may have found such usages of social networking sites
convenient, complaints have been put forward by civil liberties groups
and trade unions on the invasive approach adopted by many employers. In
response to the Kimberley Swann case, Brendan Barber, of the
TUC union stated that:
"Most employers wouldn't dream of following their staff down the pub
to see if they were sounding off about work to their friends," he said.
"Just because snooping on personal conversations is possible these days,
it doesn't make it healthy."
Monitoring of staff's social networking activities is also becoming
an increasingly common method of ensuring that employees are not
browsing websites during work hours. It was estimated in 2010 that an
average of two million employees spent over an hour a day on social
networking sites, costing potentially £14 billion.
[76]
Online victimization
Social
networks are designed for individuals to socially interact with other
people over the Internet. However, some individuals engage in
undesirable online social behaviors, which negatively impacts other
people's online experiences. It has created a wide range of online
interpersonal
victimization. Some studies have shown that social network victimization appears
largely in adolescent and teens, and the type of victimization includes
sexual advances and harassment.
[77] Recent research has reported approximately 9% of online victimization involves social network activities.
[77] It has been noted that many of these victims are girls who have been sexually victimized over these social network sites.
[77]
Research concludes that many of social network victimizations are
associated with user behaviors and interaction with one another.
Negative social behaviors such as aggressive attitudes and discussing
sexual related topics motivate the offenders to achieve their goals.
[77] All in all, positive online social behaviors is promoted to help reduce and avoid online victimization.
Surveillance
While
the concept of a worldwide communicative network seems to adhere to the
public sphere model, market forces control access to such a resource.
In 2010, investigation by The Wall Street Journal found that many of the
most popular applications on Facebook were transmitting identifying
information about users and their friends to advertisers and internet
tracking companies, which is a violation of Facebook's privacy policy.
[78]
The Wall Street Journal analyzed the ten most popular Facebook apps,
including Zynga's FarmVille with 57 million users, and Zynga's Mafia
Wars with 21.9 million users, and found that they were transmitting
Facebook user IDs to data aggregators.
[78] Every online move leaves cyber footprints that are rapidly becoming
fodder for research without people ever realizing it. Using social media
for academic research is accelerating and raising ethical concerns
along the way, as vast amounts of information collected by private
companies — including Google, Microsoft, Facebook and Twitter — are
giving new insight into all aspects of everyday life. Our social media
"audience" is bigger than we actually know; our followers or friends
aren't the only ones that can see information about us. Social media
sites are collecting data from us just by searching something such as
"favorite restaurant" on our search engine. Facebook is transformed from
a public space to a behavioral laboratory," says the study, which cites
a Harvard-based research project of 1,700 college-based Facebook users
in which it became possible to "deanonymize parts of the data set," or
cross-reference anonymous data to make student identification possible.
[79] Some of Facebook's research on user behavior found that 71% of people drafted at least one post that they never posted.
[79]
Another analyzed 400,000 posts and found that children's communication
with parents decreases in frequency from age 13 but then rises when they
move out.
[79]
Law enforcement prowling the networks
The FBI has dedicated undercover agents on Facebook, Twitter, MySpace,
LinkedIn.
One example of investigators using Facebook to nab a criminal is the
case of Maxi Sopo. Charged with bank fraud, and having escaped to
Mexico, he was nowhere to be found until he started posting on Facebook. Although his profile was private, his list of friends was not, and
through this vector, they eventually caught him.
[80]
In recent years, some state and local law enforcement agencies have
also begun to rely on social media websites as resources. Although
obtaining records of information not shared publicly by or about site
users often requires a subpoena, public pages on sites such as Facebook
and MySpace offer access to personal information that can be valuable to
law enforcement.
[81]
Police departments have reported using social media websites to assist
in investigations, locate and track suspects, and monitor gang activity.
[82][83]
On October 18, 2017, the Department of Homeland Security (DHS) was
scheduled to begin using personal information collected using social
media platforms to screen immigrants arriving in the U.S. The department
made this new measure known in a posting to the Federal Register in
September 2017, noting that “...social media handles, aliases,
associated identifiable information and search results...” would be
included in an applicant’s immigration file.
[84]
This announcement, which was made relatively quietly, has received
criticism from privacy advocates. The Department of Homeland Security
issued a statement in late September 2017 asserting that the planned use
of social media is nothing new, with one department spokesperson saying
DHS has been using social media to collect information for years.
According to a statement made to National Public Radio, DHS uses
“...social media handles, aliases, associated identifiable information,
and search results” to keep updated records on persons of interest.
[85]
According to the DHS, the posting to the Federal Register was an effort
to be transparent regarding information about social media that is
already being collected from immigrants.
Government use of SMMS or “Social media monitoring software can be
used to geographically track us as we communicate. It can chart out our
relationships, networks, and associations. It can monitor protests,
identify the leaders of political and social movements, and measure our
influence.”
[86] SMMS is also a growing industry. SMMS “products like XI Social
Discovery, Geofeedia, Dataminr, Dunami, and SocioSpyder (to name just a
few) are being purchased in droves by Fortune 500 companies,
politicians, law enforcement, federal agencies, defense contractors, and
the military. Even the CIA has a venture fund, In-Q-Tel, that invests
in SMMS technology.”
[86]
Mob rule
The
idea of the 'mob rule' can be described as a situation in which control
is held by those outside the conventional or lawful realm. In response
to the
News International phone hacking scandal involving
News of the World in the
United Kingdom, a report was written to enact new media privacy regulations.
The British author of the
Leveson Report on the ethics of the British press,
Lord Justice Leveson,
has drawn attention to the need to take action on protecting privacy on
the internet. This movement is described by Lord Justice Leveson as a
global megaphone for gossip: "There is not only a danger of trial by
Twitter, but also of an unending punishment, and no prospect of
rehabilitation, by Google".
[87]
Location updates
Foursquare,
Facebook, Loopt are application which allow users to check- in and
these capabilities allows a user to share their current location
information to their connection. Some of them even update their travel
plans on social networking applications.However, the disclosure of
location information within these networks can cause privacy concerns
among mobile users. Foursquare defines another framework of action for
the user. It appears to be in the interest of Foursquare that users
provide many personal data that are set as public. This is illustrated,
among others, by the fact that, although all the respondents want high
control over the (location) privacy settings, almost none of them ever
checked the Foursquare privacy settings before.
[88]
Although there are algorithms using encryption, k-anonymity and noise
injection algorithms, its better to understand how the location sharing
works in these applications to see if they have good algorithms in place
to protect location privacy.
[89]
Invasive privacy agreements
Another
privacy issue with social networks is the privacy agreement. The
privacy agreement states that the social network owns all of the content
that users upload. This includes pictures, videos, and messages are all
stored in the social networks database even if the user decides to
terminate his or her account.
[90]
Privacy agreements oftentimes say that they can track a user's
location and activity based on the device used for the site. For
example, the privacy agreement for Facebook states that "all devices
that a person uses to access Facebook are recorded such as IP addresses,
phone numbers, operating system and even
GPS locations".
[91]
One main concern about privacy agreements are the length, because they
take a lot of time to fully read and understand. Most privacy agreements
state the most important information at the end because it is assumed
that people will not read it completely.
The ethical dilemma lies in that upon the agreement to register for
SNSs, the personal information disclosed is legally accessible and
managed by the sites privately established online security operators and
operating systems; leaving access of user data to be "under the
discretion" of the site(s) operators. Giving rise to the moral
obligation and responsibility of the sites operators to maintain private
information to be within user control. However, due to the legality of
outsourcing of user data upon registration- without prior discretion,
data outsourcing has been frequented by SNSs operating systems-
regardless of user privacy settings.
[92]
Data outsourcing has been proven to be consistently exploited since
the emergence of SNSs. Employers have often been found to hire
individuals or companies to search deep into the SNSs user database to
find "less than pleasant" information regarding applicants during the
review process.
[93]
Reading a privacy statement in terms and conditions
One
of the main concerns that people have with their security is the lack
of visibility that policies and settings have in the social networks. It
is often located in areas hard to see like the top left or right of the
screen. Another concern is the lack of information that users get from
the companies when there is a change in their policies. They always
inform users about new updates, but it is difficult to get information
about these changes.
[94]
Most social networking sites require users to agree to Terms of Use
policies before they use their services. Controversially, these Terms of
Use declarations that users must agree to often contain clauses
permitting social networking operators to store data on users, or even
share it with third parties. Facebook has attracted attention over its
policies regarding data storage, such as making it difficult to delete
an account, holding onto data after an account is de-activated and being
caught sharing personal data with third parties.
[95]
This section explains how to read the privacy statement in terms and conditions while signing up for any social networking site.
[96]
What to look for in the privacy policy:
- Who owns the data that a user posts?
- What happens to the data when the user account is closed?
- How does changes in the privacy policy be made aware to its users?
- The location of the privacy policy that is effective
- Will the profile page be completely erased when a user deletes the account?
- Where and how can a user complain in case of any breach in privacy?
- For how long is the personal information stored?
The answers to these questions will give an indication of how safe the social networking site is.
Key points to protect social networking privacy
Realize the threats that will always exist
There
are people out there who want—and will do just about anything—to get
someone's private information. It's essential to realize that it's
difficult to keep your privacy secured all the time.
[97] Among other factors, it has been observed that data loss is correlated
positively with risky online behavior and forgoing the necessary
antivirus and anti spyware programs to defend against breaches of
private information via the internet.
[98]
Be thorough all the time
Always
log out. It is dangerous to keep your device logged on since others may
have access to your social profiles while you are not paying attention.
[99]
Keep your full name and address to yourself. Children's safety may be
compromised if their parents post their whereabouts in a site where
others know who their real identities are.
[100]
The majority 93% of online users share personal information, 70% of
online users share photos and videos of their own children, and 45% of
online users share private videos and photos of people other than
themselves. Being thorough before posting online can create a safer
internet experience for children and adults.
[101]
Know the sites
Read
the social networking site's fine prints. Many sites push its users to
agree to terms that are best for the sites—not the users.
[97]
Users should be aware about the terms in case of emergencies. Exactly
how to read the terms are explained above at "Reading a Privacy
Statement in Terms and Conditions" part
Make sure the social networking site is safe before sharing information.
Users shouldn't be sharing information if they don't know who are using
the websites since their personally identifiable information could be
exposed to other users of the site.
[100]
Be familiar with the privacy protection provided. Users should take the
extra time to get to know the privacy protection systems of various
social networks they are or will be using. Only friends should be
allowed to access their information.
[99] Check the privacy or security settings on every social networking site that they might have to use.
[102]
Protect devices
Encrypt
devices. Users should use complex passwords on their computers and cell
phones and change them from time to time. This will protect users'
information in case these devices are stolen.
[99]
Install Anti-virus software. Others would be able to use viruses and
other ways to invade a user's computer if he or she installed something
unsafe.
[103]
Be careful about taking drastic actions
The users' privacy may be threatened by any actions. Following actions needs special attention.
(1) Adding a new friend. Facebook reports 8.7% of its total profiles are
fake. A user should be sure about who the person is before adding it as
a new friend.
[99]
(2) Clicking on links. Many links which looks attractive like gift cards
are specially designed by malicious users. Clicking on these links may
result in losing personal information or money.
[99]
(3) Think twice about posting revealing photos. A revealing photo could attract the attention of potential criminals.
[97]
Social networks
Facebook
Facebook
has been scrutinized for a variety of privacy concerns due to changes
in its privacy settings on the site generally over time as well as
privacy concerns within Facebook applications. Mark Zuckerberg, CEO of
Facebook, first launched Facebook
[104]
in 2004, it was focused on universities and only those with .edu
address could open an account. Furthermore, only those within your own
university network could see your page. Some argue that initial users
were much more willing to share private information for these reasons.
As time went on, Facebook became more public allowing those outside
universities, and furthermore, those without a specific network, to join
and see pages of those in networks that were not their own. In 2006
Facebook introduced the News Feed, a feature that would highlight recent
friend activity. By 2009, Facebook made "more and more information
public by default". For example, in December 2009, "Facebook drastically
changed its privacy policies, allowing users to see each others' lists
of friends, even if users had previously indicated they wanted to keep
these lists private". Also, "the new settings made photos publicly
available by default, often without users' knowledge".
[105]
Facebook recently updated its profile format allowing for people who
are not "friends" of others to view personal information about other
users, even when the profile is set to private. However, As of January
18, 2011 Facebook changed its decision to make home addresses and
telephone numbers accessible to third party members, but it is still
possible for third party members to have access to less exact personal
information, like one's hometown and employment, if the user has entered
the information into Facebook . EPIC Executive Director Marc Rotenberg
said "Facebook is trying to blur the line between public and private
information. And the request for permission does not make clear to the
user why the information is needed or how it will be used."
[106]
Breakup Notifier
is an example of a Facebook "cyberstalking" app that has recently been
taken down. Essentially, the application notifies users when a person
breaks up with their partner through Facebook, allowing users to
instantly become aware of their friend's romantic activities. The
concept became very popular, with the site attracting 700,000 visits in
the first 36 hours; people downloaded the app 40,000 times. Just days
later, the app had more than 3.6 million downloads and 9,000 Facebook
likes.
[107]
It was only in 2008, four years after the first introduction of
Facebook, that Facebook decided to create an option to permanently
delete information. Until this point in time, it was only an option to
deactivate a Facebook which still left the user's information within
Facebook servers. After thousands of users complaints, Facebook obliged
and created a tool which was located in the Help Section but later
removed. To locate the tool to permanently delete a user's Facebook, he
or she must manually search through Facebook's Help section by entering
the request to delete the Facebook in the search box. Only then will a
link be provided to prompt the user to delete his or her profile.
[108]
These new privacy settings enraged some users, one of whom claimed,
"Facebook is trying to dupe hundreds of millions of users they've spent
years attracting into exposing their data for Facebook's personal gain."
However, other features like the News Feed faced an initial backlash
but later became a fundamental and very much appreciated part of the
Facebook experience. In response to user complaints, Facebook continued
to add more and more privacy settings resulting in "50 settings and more
than 170 privacy options." However, many users complained that the new
privacy settings were too confusing and were aimed at increasing the
amount of public information on Facebook. Facebook management responded
that "there are always trade offs between providing comprehensive and
precise granular controls and offering simple tools that may be broad
and blunt."
[105]
It appears as though users sometimes do not pay enough attention to
privacy settings and arguably allow their information to be public even
though it is possible to make it private. Studies have shown that users
actually pay little attention to "permissions they give to third party
apps."
[109]
Most users are not aware that they can modify the privacy settings
and unless they modify them, their information is open to the public. On
Facebook privacy settings can be accessed via the drop down menu under
account in the top right corner. There users can change who can view
their profile and what information can be displayed on their profile.
[90]
In most cases profiles are open to either "all my network and friends"
or "all of my friends." Also, information that shows on a user's profile
such as birthday, religious views, and relationship status can be
removed via the privacy settings.
[110] If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.
[90]
Although Zuckerberg, the Facebook CEO, and others in the management
team usually respond in some manner to user concerns, they have been
unapologetic about the trend towards less privacy. They have stated that
they must continually "be innovating and updating what our system is to
reflect what the current social norms are." Their statements suggest
that the Internet is becoming a more open, public space, and changes in
Facebook privacy settings reflect this. However, Zuckerberg did admit
that in the initial release of the News Feed, they "did a bad job of
explaining what the new features were and an even worse job of giving
you control of them."
[105]
Facebook's privacy settings have greatly evolved and are continuing
to change over time. Zuckerberg "believes the age of privacy is 'over,'
and that norms have evolved considerably since he first co-founded the
social networking site".
[111]
Additionally, Facebook has been under fire for keeping track of one's
Internet usage whether users are logged into the social media site or
not. A user may notice personalized ads under the 'Sponsored' area of
the page. "The company uses cookies to log data such as the date, time,
URL, and your IP address whenever you visit a site that has a Facebook
plug-in, such as a 'Like' button."
[112]
Facebook claims this data is used to help improve one's experience on
the website and to protect against 'malicious' activity. Another issue
of privacy that Facebook uses is the new facial recognition software.
This feature includes the software to identify photos that users are
tagged in by developing a template based on one's facial features.
[2]
Similar to Rotenberg's claim that Facebook users are unclear of how
or why their information has gone public, recently the Federal Trade
Commission and Commerce Department have become involved. The Federal
Trade Commission has recently released a report claiming that Internet
companies and other industries will soon need to increase their
protection for online users. Because online users often unknowingly opt
in on making their information public, the FTC is urging Internet
companies to make privacy notes simpler and easier for the public to
understand, therefore increasing their option to opt out. Perhaps this
new policy should also be implemented in the Facebook world. The
Commerce Department claims that Americans, "have been ill-served by a
patchwork of privacy laws that contain broad gaps,".
[113]
Because of these broad gaps, Americans are more susceptible to identity
theft and having their online activity tracked by others.
Internet privacy and Facebook advertisements
The
illegal activities on Facebook are very widespread, in particular,
phishing attacks, allowing attackers to steal other people's passwords.
The Facebook users are led to land on a page where they are asked for
their login information, and their personal information is stolen in
that way. According to the news from
PC World Business Center
which was published on April 22, 2010, we can know that a hacker named
Kirllos illegally stole and sold 1.5 million Facebook IDs to some
business companies who want to attract potential customers by using
advertisements on Facebook. Their illegal approach is that they used
accounts which were bought from hackers to send advertisements to
friends of users. When friends see the advertisements, they will have
opinion about them, because "People will follow it because they believe
it was a friend that told them to go to this link," said Randy Abrams,
director of technical education with security vendor Eset.
[114] There were 2.2232% of the population on Facebook that believed or followed the advertisements of their friends.
[115]
Even though the percentage is small, the amount of overall users on
Facebook is more than 400 million worldwide. The influence of
advertisements on Facebook is so huge and obvious. According to the blog
of Alan who just posted advertisements on the Facebook, he earned $300
over the 4 days. That means he can earn $3 for every $1 put into it.
[116]
The huge profit attracts hackers to steal users' login information on
Facebook, and business people who want to buy accounts from hackers send
advertisements to users' friends on Facebook.
A leaked document from Facebook has revealed that the company was
able to identify "insecure, worthless, stressed or defeated" emotions,
especially in teenagers, and then proceeded to inform advertisers.
[117] While similar issues have arisen in the
past, this continues to make individuals’ emotional states seem more like a commodity.
[117] They are able to target certain age groups depending on the time that their advertisements appear.
[117]
Recently, there have been allegations made against
Facebook
accusing the app of listening in on its users through their
smartphone’s microphone in order to gather information for advertisers.
These rumors have been proven to be false as well as impossible. For
one, because it does not have a specific buzzword to listen for like the
Amazon Echo,
Facebook would have to record everything its users say. This kind of
“constant audio surveillance would produce about 33 times more data
daily than Facebook currently consumes”.
[118]
Additionally, it would become immediately apparent to the user as their
phone’s battery life would be swiftly drained by the amount of power it
would take to record every conversation. Finally, it is clear that
Facebook doesn’t need to listen in on its users’ conversations because
it already has plenty of access to their data and internet search
history through
cookies.
Facebook friends study
A
study was conducted at Northeastern University by Alan Mislove and his
colleagues at the Max Planck Institute for Software Systems, where an
algorithm was created to try and discover personal attributes of a
Facebook user by looking at their friend's list. They looked for
information such as high school and college attended, major, hometown,
graduation year and even what dorm a student may have lived in. The
study revealed that only 5% of people thought to change their friend's
list to private. For other users, 58% displayed university attended, 42%
revealed employers, 35% revealed interests and 19% gave viewers public
access to where they were located. Due to the correlation of Facebook
friends and universities they attend, it was easy to discover where a
Facebook user was based on their list of friends. This fact is one that
has become very useful to advertisers targeting their audiences but is
also a big risk for the privacy of all those with Facebook accounts.
[119]
Facebook Emotion Study
Recently, Facebook, knowingly agreed and facilitated a controversial
experiment; the experiment blatantly bypassed user privacy and
demonstrates the dangers and complex ethical nature of the current
networking management system. The "one week study in January of 2012"
where over 600,000 users were randomly selected to unknowingly partake
in a study to determine the effect of "emotional alteration" by Facebook
posts.
[120]
Apart from the ethical issue of conducting such a study with human
emotion in the first place, this is just one of the means in which data
outsourcing has been used as a breach of privacy without user
disclosure.
[121][93]
Several issues pertaining to Facebook are due to privacy concerns. An
article titled "Facebook and Online Privacy: Attitudes, Behaviors, and
Unintended Consequences" examines the awareness that Facebook users have
on privacy issues. This study shows that the gratifications of using
Facebook tend to outweigh the perceived threats to privacy. The most
common strategy for privacy protection—decreasing profile visibility
through restricting access to friends—is also a very weak mechanism; a
quick fix rather than a systematic approach to protecting privacy.
[122]
This study suggests that more education about privacy on Facebook would
be beneficial to the majority of the Facebook user population.
The study also offers the perspective that most users do not realize
that restricting access to their data does not sufficiently address the
risks resulting from the amount, quality and persistence of data they
provide. Facebook users in our study report familiarity and use of
privacy settings, they are still accepting people as "friends" that they
have only heard of through other or do not know at all and, therefore,
most have very large groups of "friends" that have access to widely
uploaded information such as full names, birthdates, hometowns, and many
pictures.
[122]
This study suggests that social network privacy does not merely exist
within the realm of privacy settings, but privacy control is much within
the hands of the user. Commentators have noted that online social
networking poses a fundamental challenge to the theory of privacy as
control. The stakes have been raised because digital technologies lack
"the relative transience of human memory," and can be trolled or data
mined for information.
[123]
For users who are unaware of all privacy concerns and issues, further
education on the safety of disclosing certain types of information on
Facebook is highly recommended.
Instagram
Instagram
tracks users' photos even if they do not post them using a geotag. The
app geotags an uploaded image regardless of whether the user chose to
share its location or not. Therefore, anybody can view the exact
location where an image was uploaded on a map. This is concerning due to
the fact that most people upload photos from their home or other
locations they frequent a lot, and the fact that locations are so easily
shared raises privacy concerns of stalking and sexual predators being
able to find their target in person after discovering them online.
[124]
The new Search function on Instagram combines the search of places,
people, and tags to look at nearly any location on earth, allowing them
to scout out a vacation spot, look inside a restaurant, and even to
experience an event like they were there in person.
[125]
The privacy implications of this fact is that people and companies can
now see into every corner of the world, culture, and people's private
lives. Additionally, this is concerning for individual privacy, because
when someone searches through these features on Instagram for a specific
location or place, Instagram shows them the personal photos that their
users have posted, along with the likes and comments on that photo
regardless of whether the poster's account is private or not. With these
features, completely random people, businesses, and governments can see
aspects of Instagram users' private lives. The Search and Explore pages
that collect data based on user tagging illustrates how Instagram was
able to create value out of the databases of information they collect on
users throughout their business operations.
[125]
Swarm
Swarm is a
mobile app that lets users check-in to a location and potentially make
plans and set up future meetings with people nearby. This app has made
it easier for people in online communities to share their locations, as
well as interact with others in this community through collecting
rewards such as coins and stickers through competitions with other
users.
[126]
If a user is on Swarm, their exact location may be broadcast even if
they didn't select their location to be "checked-in." When users turn on
their "Neighborhood Sharing" feature, their location is shared as the
specific intersection that they are at, and this location in current
time can be viewed simply by tapping their profile image.
[124]
This is concerning because Swarm users may believe they are being
discreet by sharing only which neighborhood they are in, while in fact
they are sharing the exact pinpoint of their location.
[124]
The privacy implications of this is that people are inadvertently
sharing their exact location when they do not know that they are. This
plays into the privacy concerns of social media in general, because it
makes it easier for other users as well as the companies this location
data is shared with to track Swarm members. This tracking makes it
easier for people to find their next targets for identity theft,
stalking, and sexual harassment.
Spokeo
Spokeo
is a "people-related" search engine with results compiled through data
aggregation. The site contains information such as age, relationship
status, estimated personal wealth, immediate family members and home
address of individual people. This information is compiled through what
is already on the internet or in other public records, but the website
does not guarantee accuracy.
Spokeo has been faced with potential class action lawsuits from
people who claim that the organization breaches the Fair Credit
Reporting Act. In September, 2010, Jennifer Purcell claimed that the
FCRA was violated by Spokeo marketing her personal information. Her case
is pending in court. Also in 2010, Thomas Robins claimed that his
personal information on the website was inaccurate and he was unable to
edit it for accuracy. The case was dismissed because Robins did not
claim that the site directly caused him actual harm.
[127] On February 15, 2011, Robins filed another suit, this time stating Spokeo has caused him "imminent and ongoing" harm.
[128]
In
January 2011, the US government obtained a court order to force the
social networking site, Twitter, to reveal information applicable
surrounding certain subscribers involved in the WikiLeaks cases. This
outcome of this case is questionable because it deals with the user's
First Amendment rights. Twitter moved to reverse the court order, and
supported the idea that internet users should be notified and given an
opportunity to defend their constitutional rights in court before their
rights are compromised.
[129]
Twitter's privacy policy states that information is collected through
their different web sites, application, SMS, services, APIs, and other
third parties. When the user uses Twitter's service they consent to the
collection, transfer, storage, manipulation, disclosure, and other uses
of this information. In order to create a Twitter account, one must give
a name, username, password, and email address. Any other information
added to one's profile is completely voluntary.
[130] Twitter's servers automatically record data such as
IP address,
browser type, the referring domain, pages visited, mobile carrier,
device and application IDS, and search terms. Any common account
identifiers such as full IP address or username will be removed or
deleted after 18 months.
[131]
Twitter allows people to share information with their followers. Any
messages that are not switched from the default privacy setting are
public, and thus can be viewed by anyone with a Twitter account. The
most recent 20 tweets are posted on a public timeline.
[132]
Despite Twitter's best efforts to protect their users privacy, personal
information can still be dangerous to share. There have been incidents
of leaked tweets on Twitter. Leaked tweets are tweets that have been
published from a private account but have been made public. This occurs
when friends of someone with a private account retweet, or copy and
paste, that person's tweet and so on and so forth until the tweet is
made public. This can make private information public, and could
possibly be dangerous.
[133]
Another issue involving privacy on Twitter deals with users
unknowingly disclosing their information through tweets. Twitter has
location services attached to tweets, which some users don't even know
are enabled. Many users tweet about being at home and attach their
location to their tweet, revealing their personal home address. This
information is represented as a latitude and longitude, which is
completely open for any website or application to access.
[134]
WeKnowYourHouse is an example of a website that has taken this
information and posted it online for anyone to see. They provide Twitter
user's names and personal addresses. The owner of the site stated that
he created it as a warning to show how easy it is to find and reveal
personal information without the right precautions.
[134]
People also tweet about going on vacation and giving the times and
places of where they are going and how long they will be gone for. This
has led to numerous break ins and robberies.
[135] Twitter users can avoid location services by disabling them in their privacy settings.
Teachers and MySpace
Teachers' privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association
[136] that if they have a MySpace account, it should be deleted. Eschool News warns, "Teachers, watch what you post online."
[137]
The ONA also posted a memo advising teachers not to join these sites.
Teachers can face consequences of license revocations, suspensions, and
written reprimands.
The
Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder.
[138] She was a student of
Millersville University of Pennsylvania
who was denied her teaching degree because of an allegedly
unprofessional photo posted on MySpace, which involved her drinking with
a pirate's hat on and a caption of "Drunken Pirate". As a substitute,
she was given an English degree.
Other sites
Sites such as
Sgrouples and
Diaspora have attempted to introduce various forms of privacy protection into their networks, while companies like
Safe Shepherd have created software to remove personal information from the net.
[139]
Certain social media sites such as Ask.fm, Whisper, and Yik Yak allow
users to interact anonymously. The problem with websites such as these
is that “despite safeguards that allow users to report abuse, people on
the site believe they can say almost anything without fear or
consequences—and they do." This is a privacy concern because users can
say whatever they choose and the receiver of the message may never know
who they are communicating with. Sites such as these allow for a large
chance or cyberbullying or cyberstalking to occur. People seem to
believe that since they can be anonymous, they have the freedom to say
anything no matter how mean or malicious.
[140]
Internet privacy and Blizzard Entertainment
On
July 6, 2010, Blizzard Entertainment announced that it would display
the real names tied to user accounts in its game forums. On July 9,
2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal
of the decision to force posters' real names to appear on Blizzard's
forums. The reversal was made in response to subscriber feedback.
[141]
Snapchat
Snapchat is a mobile application created by Stanford graduates Evan Spiegel and Bobby Murphy in September 2011.
[142]
Snapchat's main feature is that the application allows users to send a
photo or video, referred to as a "snap", to recipients of choice for up
to ten seconds before it disappears.
[143]
If recipients of a snap try and screenshot the photo or video sent, a
notification is sent to the original sender that it was screenshot and
by whom. Snapchat also has a "stories" feature where users can send
photos to their "story" and friends can view the story as many times as
they want until it disappears after twenty-four hours. Users have the
ability to make their snapchat stories viewable to all of their friends
on their friends list, only specific friends, or the story can be made
public and viewed by anyone that has a snapchat account.
[142]
In addition to the stories feature, messages can be sent through
Snapchat. Messages disappear after they are opened unless manually saved
by the user by holding down on the message until a "saved" notification
pops up. There is no notification sent to the users that their message
has been saved by the recipient, however, there is a notification sent
if the message is screenshot.
[144]
2015 Snapchat Privacy Policy Update
In
2015, Snapchat updated their privacy policy, causing outrage from users
because of changes in their ability to save user content.
[145]
These rules were put in place to help Snapchat create new and cool
features like being able to replay a Snapchat, and the idea of “live”
Snapchat stories. These features require saving content to snapchat
servers in order to release to other users at a later time. The update
stated that it has the rights to reproduce, modify, and republish
photos, as well as save those photos to Snapchat servers. Users felt
uncomfortable with the idea that all photo content was saved and the
idea of “disappearing photos” advertised by Snapchat didn’t actually
disappear. There is no way to control what content is saved and what
isn’t. Snapchat responded to backlash by saying they needed this license
to access our information in order to create new features, like the
live snapchat feature.
[145]
Live Stories
With
the 2015 new update of Snapchat, users are able to do “Live Stories,”
which are a “collection of crowdsourced snaps for a specific event or
region.”
[146]
By doing that, you are allowing snapchat to share your location with
not just your friends, but with everyone. According to Snapchat, once
you pick the option of sharing your content through a Live Story, you
are providing to the company "unrestricted, worldwide, perpetual right
and license to use your name, likeness, and voice in any and all media
and distribution channels."
[146]
Privacy Concerns with Snapchat
On
snapchat, there is a new feature that was incorporated into the app in
2017 called Snap Maps. Snap Maps allows users to track other users’
locations, but when people “first use the feature, users can select
whether they want to make their location visible to all of their
friends, a select group of connections or to no one at all, which
Snapchat refers to as ‘ghost mode.’”
[147]
This feature however has raised privacy concerns because “‘It is very
easy to accidentally share everything that you've got with more people
than you need too, and that's the scariest portion,’ cyber security
expert Charles Tendell told ABC News of the Snapchat update.”
[148]
For protecting younger users of Snapchat, “Experts recommend that
parents stay aware of updates to apps like Snapchat. They also suggest
parents make sure they know who their kids' friends are on Snapchat and
also talk to their children about who they add on Snapchat.”
[148]
Snapchat Spectacles
In
2016, Snapchat released a new product called “Snapchat Spectacles,”
which are sunglasses featuring a small camera that allow users to take
photos and record up to 10 seconds of footage.
[149]
The cameras in the Spectacles are connected to users’ existing Snapchat
accounts, so they can easily upload their content to the application.
This new product has received negative feedback because the Spectacles
do not stand out from normal sunglasses beyond the small cameras on the
lenses. Therefore, users have the ability to record strangers without
them knowing. and could potentially otherwise unwilling of the glasses
may not even realize they are any different than a basic pair of shades.
Critics of Snapchat Spectacles argue that this product is an invasion
of privacy for the people who do not know they are being recorded by
individuals who are wearing the glasses. Proponents disagree, saying
that the glasses are distinguishable enough that users and people around
them will notice them. Another argument in favor of the glasses is that
people are already exposing themselves to similar scenarios by being in
public.
[149]
2016 Amnesty International Report
In October 2016,
Amnesty International
released a report ranking Snapchat along with ten other leading social
media applications, including Facebook, iMessage, FaceTime, and Skype on
how well they protect users’ privacy.
[150] The report assessed Snapchat’s use of encryption and found that it ranks poorly in how it uses
encryption
to protect users’ security as a result of not using end-to-end
encryption. Because of this, third parties have the ability to access
Snapchats while they are being transferred from one device to another.
The report also claimed that Snapchat does not explicitly inform users
in its privacy policy of the application’s level of encryption or any
threats the application may pose to users’ rights, which further reduced
its overall score.
[150] Regardless of this report, Snapchat is currently considered the most trustworthy social media platform among users.
[151]
The FTC
In
2014, allegations were made against Snapchat by the Federal Trade
Commission "FTC" for deceiving users on its privacy and security
measures. Snapchat's main appeal is its marketed ability to have users'
photos disappear completely after the one to ten second time
frame—selected by the sender to the recipient—is up. However, the FTC
made a case claiming this was false, making Snapchat in violation of
regulations implemented to prevent deceptive consumer information. One
focus of the case was that the reality of a "snap" lifespan is longer
than most users perceive; the app's privacy policy stated that Snapchat
itself temporarily stored all snaps sent, but neglected to offer users a
time period during which snaps had yet to be permanently deleted and
could still be retrieved. As a result, many third party applications
were easily created for consumers that hold the ability to save "snaps"
sent by users and screenshot "snaps" without notifying the sender.
[152]
The FTC also claimed that Snapchat took information from its users such
as location and contact information without their consent. Despite not
being written in their privacy policy, Snapchat transmitted location
information from mobile devices to its analytics tracking service
provider.
[153]
Although "Snapchat's privacy policy claimed that the app collected only
your email, phone number, and Facebook ID to find friends for you to
connect with, if you're an IOS user and entered your phone number to
find friends, Snapchat collected the names and phone numbers of all the
contacts in your mobile device address books without your notice or
consent."
[154]
It was disclosed that the Gibsonsec security group warned Snapchat of
potential issues with their security, however no actions were taken to
reinforce the system. In early 2014, 4.6 million matched usernames and
phone numbers of users were publicly leaked, adding to the existing
privacy controversy of the application.
[155]
Finally, the FTC claimed that Snapchat failed to secure its "find
friends" feature by not requiring phone number verification in the
registration process. Users could register accounts from numbers other
than their own, giving users the ability to impersonate anyone they
chose.
[152]
Snapchat had to release a public statement of apology to alert users of
the misconducts and change their purpose to be a "fast and fun way to
communicate with photos".
[156]
Response to criticism
Many
social networking organizations have responded to the criticism and
concerns over privacy brought up over time. It is claimed that changes
to default settings, the storage of data and sharing with third parties
have all been updated and corrected in the light of criticism, and/or
legal challenges.
[157]
However, many critics remain unsatisfied, noting that fundamental
changes to privacy settings in many social networking sites remain minor
and at times, inaccessible, and argue that social networking companies
prefer to criticize users rather than adapt their policies.
[158]