Re: Privacy Jungle: Data Protection in Social Networks from Alex Korth on 2009-06-12 (public-xg-socialweb@w3.org from June 2009)

From: Alex Korth <ak@ttbc.de>
Date: Fri, 12 Jun 2009 18:15:35 +0200
To: Sören Preibusch <Soren.Preibusch@cl.cam.ac.uk>
Cc: public-xg-socialweb@w3.org
Message-ID: <4A327F27.807@ttbc.de>

Hi Sören,

that will safe us quite a lot of work. Thanks a lot!

Cheers,
Alex


Sören Preibusch wrote:
> Dear all,
> 
> We are pleased to announce the largest and most comprehensive field 
> study in the academic literature so far of data protection on social 
> networking sites. Our analyses include the sites' functionality, privacy 
> controls, written privacy policies, P3P policies, and metadata for each 
> site. The dataset and our interpretations are freely available online 
> and will be presented at WEIS 2009 in London in two weeks time:
> 
>    Joseph Bonneau, Sören Preibusch:
>    The Privacy Jungle: On the Market for Data Protection in Social Networks
>    in: The Eighth Workshop on the Economics of Information Security 
> (WEIS 2009)
>    http://preibusch.de/publ/privacy_jungle
> 
> Abstract:
> We have conducted the first thorough analysis of the market for privacy 
> practices and policies in online social networks. From an evaluation of 
> 45 social networking sites using 260 criteria we find that many popular 
> assumptions regarding privacy and social networking need to be revisited 
> when considering the entire ecosystem instead of only a handful of 
> well-known sites. Contrary to the common perception of an oligopolistic 
> market, we find evidence of vigorous competition for new users. Despite 
> observing many poor security practices, there is evidence that social 
> network providers are making efforts to implement privacy enhancing 
> technologies with substantial diversity in the amount of privacy control 
> offered. However, privacy is rarely used as a selling point, even then 
> only as auxiliary, non-decisive feature. Sites also failed to promote 
> their existing privacy controls within the site. We similarly found 
> great diversity in the length and content of formal privacy policies, 
> but found an opposite promotional trend: though almost all policies are 
> not accessible to ordinary users due to obfuscating legal jargon, they 
> conspicuously vaunt the sites' privacy practices. We conclude that the 
> market for privacy in social networks is dysfunctional in that there is 
> significant variation in sites' privacy controls, data collection 
> requirements, and legal privacy policies, but this is not effectively 
> conveyed to users. Our empirical findings motivate us to introduce the 
> novel model of a privacy communication game, where the economically 
> rational choice for a site operator is to make privacy control available 
> to evade criticism from privacy fundamentalists, while hiding the 
> privacy control interface and privacy policy to maximise sign-up numbers 
> and encourage data sharing from the pragmatic majority of users.
> Regards,
> Sören
> 
> 
>

Received on Friday, 12 June 2009 16:16:09 UTC