Re: Privacy Jungle: Data Protection in Social Networks from Story Henry on 2009-06-13 (public-xg-socialweb@w3.org from June 2009)

From: Story Henry <henry.story@bblfish.net>
Date: Sat, 13 Jun 2009 10:15:26 +0300
To: Alex Korth <ak@ttbc.de>
Cc: Sören Preibusch <Soren.Preibusch@cl.cam.ac.uk>, public-xg-socialweb@w3.org
Message-Id: <D5ADC2AE-0000-4763-83CF-CFC60E98BDB1@bblfish.net>
Very nice paper Sören. Being on this group is worth it just for  
this. :-)



Some thoughts that occurred to me while reading this quickly yesterday  
evening (too quickly probably).

You argue that most sites do not promote privacy in 4.2.4 .  At the  
same time it seems that for many of the sites it really is an  
important part of the way they function. People seem to be very  
conscious that not everything they say is public on Facebook, and vice  
versa that mostly everything is on Twitter. It changes the way people  
behave on those networks. So there seems to be some tacit knowledge  
that is not expressed verbally but that is well understood...

importance of email:

I notice that all these sites depend on the larger open social network  
made available by email

Twitter:

twitter is  a micro blogging site. so it does not need privacy. Since  
everything is quite clearly public, it should get full points on the  
privacy socre. Since it is the fastest growing site that would argue  
for your correlation of privacy and growth scores in 5.4

section 6.1

Initially you claim that you always use the same information on all  
sites. In this section you argue that the site owners could play a  
game of presenting more or less information to different users  
depending on the sites perception of the type of user they are dealing  
with (privacy fanatics, practical majority, exhibitionists)


Henry

Social Web Architect
Sun Microsystems		
Blog: http://blogs.sun.com/bblfish

On 12 Jun 2009, at 19:15, Alex Korth wrote:

> Hi Sören,
>
> that will safe us quite a lot of work. Thanks a lot!
>
> Cheers,
> Alex
>
>
> Sören Preibusch wrote:
>> Dear all,
>> We are pleased to announce the largest and most comprehensive field  
>> study in the academic literature so far of data protection on  
>> social networking sites. Our analyses include the sites'  
>> functionality, privacy controls, written privacy policies, P3P  
>> policies, and metadata for each site. The dataset and our  
>> interpretations are freely available online and will be presented  
>> at WEIS 2009 in London in two weeks time:
>>   Joseph Bonneau, Sören Preibusch:
>>   The Privacy Jungle: On the Market for Data Protection in Social  
>> Networks
>>   in: The Eighth Workshop on the Economics of Information Security  
>> (WEIS 2009)
>>   http://preibusch.de/publ/privacy_jungle
>> Abstract:
>> We have conducted the first thorough analysis of the market for  
>> privacy practices and policies in online social networks. From an  
>> evaluation of 45 social networking sites using 260 criteria we find  
>> that many popular assumptions regarding privacy and social  
>> networking need to be revisited when considering the entire  
>> ecosystem instead of only a handful of well-known sites. Contrary  
>> to the common perception of an oligopolistic market, we find  
>> evidence of vigorous competition for new users. Despite observing  
>> many poor security practices, there is evidence that social network  
>> providers are making efforts to implement privacy enhancing  
>> technologies with substantial diversity in the amount of privacy  
>> control offered. However, privacy is rarely used as a selling  
>> point, even then only as auxiliary, non-decisive feature. Sites  
>> also failed to promote their existing privacy controls within the  
>> site. We similarly found great diversity in the length and content  
>> of formal privacy policies, but found an opposite promotional  
>> trend: though almost all policies are not accessible to ordinary  
>> users due to obfuscating legal jargon, they conspicuously vaunt the  
>> sites' privacy practices. We conclude that the market for privacy  
>> in social networks is dysfunctional in that there is significant  
>> variation in sites' privacy controls, data collection requirements,  
>> and legal privacy policies, but this is not effectively conveyed to  
>> users. Our empirical findings motivate us to introduce the novel  
>> model of a privacy communication game, where the economically  
>> rational choice for a site operator is to make privacy control  
>> available to evade criticism from privacy fundamentalists, while  
>> hiding the privacy control interface and privacy policy to maximise  
>> sign-up numbers and encourage data sharing from the pragmatic  
>> majority of users.
>> Regards,
>> Sören
>
Received on Saturday, 13 June 2009 07:16:15 UTC