My third article review for TECH621 is titled Characterizing Privacy in Online Social Networks. The purpose for this article is to examine popular online social networking sites from a viewpoint of characterizing potential privacy leakage.  This article was based on of previous empirical research as well as network observation of two popular social networking sites, Facebook and MySpace.



This research article focuses on aspects of a few social networking sites, but clearly separates two in particular, Facebook and MySpace. In understanding social networking sites and their behavioral patterns toward users, one must understand the users themselves. Users, often willingly, share personal identifying information about themselves, but do not have a clear idea of who accesses their private information or what portion of it really needs to be accessed. When an individual join a social networking site, they establish a profile which contains identifying information about that individual. This information is then stored and is used to identify the user once logged on. The empirical research referenced and conducted by Krishnamurthy examines popular social networking sites from a viewpoint of characterizing potential privacy leakage. This research identities what bits of information are currently being shared, how widely, and what users can do to prevent such sharing. This paper also examines the role of third-party sites that track users and compare with privacy leakage on other popular sites. Further research will be conducted that will identify the narrow set of private data that users need to share to accomplish specific set of tasks on social networking sites.



The method used in this research involves studying the user privacy settings of online social networking sites such as: Bebo, Digg, Friendster and Hi5. Two main social networking sites that are covered in the aforementioned research are Facebook and MySpace. User privacy controls for five main areas on social networking sites are studied which corresponds to privacy bits selected in these areas. The areas are as follows: Thumbnail, Greater Profile, List of Friends, User Generated Content and Comments. In this research, 5000 random numeric userids in an observed range of valid userids and in February 2008 retrieved their corresponding user profiles. Profile information for 3851 valid userids was obtained, of which 79% (3046) of users retained their default setting that their profile, friends, comments and user content were viewable. In studying Facebook, Krishnamurthy examined its settings using Facebooks’ 506 regional networks (circa April 2008) that represent geographical areas. This was done because Facebook restricts public profile viewing to users in the same network and there are fewer controls on who can join a regional network, although a user can only be a member of one regional network at a given time. In the U.S., the 272 regional networks correspond to cities but often they include users who may live nearby. Also used was the random network browsing feature that returns thumbnails for up to ten random users for every browsed retrieval. All retrievals were made on users over the age of 18. 200 successful retrievals for each regional network; up to ten users are returned each time.



The results of this empirical research characterized and measured various privacy aspects across eleven social networking sites. It was found that users willingly provide personal information without a clear idea of who has access to it or how it might be used. The range of privacy settings that social networking sites provided were found to be permissive since default settings allow access to strangers on all of the sites. It was found that between 55 and 90% of users in social networking site users still allow their profile information to be viewable and 80 to 97% of users allow their set of friends to be viewed. A strong negative correlation between regional network size in Facebook and the use of these privacy settings to limit access was found with a negative correlation coefficient of -0.88.  This measure of negative correlation coefficient was attributed to the network size in relation to the area of users who allowed their friends to be viewed.



In conclusion, it can be stated that most users allow their personal information to be viewable by non-friends and allow their friends to be viewable by strangers. Also incorporated in this study was a study of 5900 college users and 220 high school user networks. From this investigation it was discovered that as much as 80% of users allowed their profiles to be viewable by much smaller networks. It is inherently feasible that users of online social networking sites are simply not checking and updating their privacy settings allowing outside users to view their personal information.