- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Mon, 22 Jun 2009 14:27:51 +0200
- To: Sören Preibusch <Soren.Preibusch@cl.cam.ac.uk>
- Cc: public-xg-socialweb@w3.org, public-pling@w3.org
Very much enjoyed reading this paper, particularly the empahisis on economic aspects. Suspect I will be rereading sometime soon. It seems we have a kind of paradox in social networks. On the one hand it seems necessary for a provider to ensure "lock-in" in order to achieve enconomic competative advantage and maintain running costs and profitability. On the other, any compromise on usability and privacy, is likely to come at a price in over the long term. It is quite easy to imagine a popular network with stringent lock in policies suddently becoming "not cool", from one year to the next, and thereby impacting long term profitability. It seems the industry will be generally pro lock in, and architects and engineers espousing an open framework will be generally against. As such, does that not leave standards bodies in an impossible situation of being able to please one group and not the other? On Fri, Jun 12, 2009 at 4:42 PM, Sören Preibusch<Soren.Preibusch@cl.cam.ac.uk> wrote: > Dear all, > > We are pleased to announce the largest and most comprehensive field study in > the academic literature so far of data protection on social networking > sites. Our analyses include the sites' functionality, privacy controls, > written privacy policies, P3P policies, and metadata for each site. The > dataset and our interpretations are freely available online and will be > presented at WEIS 2009 in London in two weeks time: > > Joseph Bonneau, Sören Preibusch: > The Privacy Jungle: On the Market for Data Protection in Social Networks > in: The Eighth Workshop on the Economics of Information Security (WEIS > 2009) > http://preibusch.de/publ/privacy_jungle > > Abstract: > We have conducted the first thorough analysis of the market for privacy > practices and policies in online social networks. From an evaluation of 45 > social networking sites using 260 criteria we find that many popular > assumptions regarding privacy and social networking need to be revisited > when considering the entire ecosystem instead of only a handful of > well-known sites. Contrary to the common perception of an oligopolistic > market, we find evidence of vigorous competition for new users. Despite > observing many poor security practices, there is evidence that social > network providers are making efforts to implement privacy enhancing > technologies with substantial diversity in the amount of privacy control > offered. However, privacy is rarely used as a selling point, even then only > as auxiliary, non-decisive feature. Sites also failed to promote their > existing privacy controls within the site. We similarly found great > diversity in the length and content of formal privacy policies, but found an > opposite promotional trend: though almost all policies are not accessible to > ordinary users due to obfuscating legal jargon, they conspicuously vaunt the > sites' privacy practices. We conclude that the market for privacy in social > networks is dysfunctional in that there is significant variation in sites' > privacy controls, data collection requirements, and legal privacy policies, > but this is not effectively conveyed to users. Our empirical findings > motivate us to introduce the novel model of a privacy communication game, > where the economically rational choice for a site operator is to make > privacy control available to evade criticism from privacy fundamentalists, > while hiding the privacy control interface and privacy policy to maximise > sign-up numbers and encourage data sharing from the pragmatic majority of > users. > Regards, > Sören > > >
Received on Monday, 22 June 2009 12:28:28 UTC