1

Abstract- In this paper, we present a critical literature review

on the current status of privacy issues surrounding Social

Networking Sites by examining existing literature and research

on the subject matter. The concluding argument presented in

this paper shows that although there are certain critical issues

surrounding privacy invasion and security issues both online and

offline that users of social networking sites should be aware of,

the benefits gained from Social Networking Sites far outweigh

these issues, and this may be one of the reasons why the number

of social networking site users continue to rise.

Keywords: social networking sites, privacy, security, literature review

I. INTRODUCTION

The daily use of Social Networking Sites (SNS’s) such as

Facebook, MySpace and Linkedin has become a routine for

the millions of users resulting in SNS’s moving away from

being just a niche phenomenon to a technology that is

mass adopted by society in large (Gross & Acquisti 2005).

There are now hundreds of different SNS’s which have all

been developed to cater for a wide arrange of different

types of users each with its own unique community and

culture surrounding it (Wikipedia 2010).

Although the target audience, service model and purpose

of each SNS varies, the main technical features remain

consistent between sites, and most SNS’s share the

following 3 core features (Boyd & Ellison 2008):

1. Allows a user to construct a public or semi-public

profile within a bound system.

2. Displays a list of other users who are networked

with the person and is connected with through the

system.

3. Allow an individual to view and traverse between

different people within the bounds of his/her

network.

The relatively open and detailed nature of the information

presented in the user profiles, and the lack of privacy and

security control provided by SNS’s and the awareness of

these issue by users has led to concerns being raised by

large groups of people. In particular, there has been a

substantial amount of academic research focused on

identity presentation and privacy concerns surrounding the

use of SNS’s (e.g. Gross & Acquisti 2005; Stutzman 2006

etc.).

Their main argument is that users may be putting

themselves in harm’s way both offline (e.g. Stalking) and

online (e.g. Identity Theft) if they provide too much

personal information through their SNS profiles.

However, despite the negative coverage surrounding the

issues over Privacy and Security from the use of SNS being

well documented and covered extensively by academics,

various organizations and the mass media in recent years,

SNS’s such as Facebook continue to see exponential growth

in their user base (Facebook 2010) as shown in Figure 1 .

Figure 1: Number of Active Facebook Users

This poses an interesting question that this paper will try

and address: Why are SNS’s experiencing such an

exponential growth rate in users, when there has been so

much literature from both academic and non-academic

perspectives which state that there are serious issues

surrounding SNE’s on the matters of privacy and security?

The approach this paper will take in addressing the

question above will be by providing a review of existing

literature in relation to Privacy & Security concerns over

SNS’s, and try to determine whether or not the concerns

raised over these issues are justified, or if the issues in

concern is just hype surrounding the lack of knowledge

surrounding SNS’s due to the rapid pace theses services

have spread throughout our societies.

II. BACKGROUND & PREVIOUS LITERATURE

There is no doubt that security and privacy issues do arise

from SNS’s, and there are legitimate claims and evidence to

Privacy & Security Issues Surrounding Social

Networking Sites: Does it matter?

Jongkil J Jeong

2

support this fact (e.g. Zheleva & Getoor 2009, Gross &

Acquisti 2005 etc). Hence, the nature of this paper is not to

argue that there are no issues, but to critically examine

how significant concerns over privacy and security actually

are, and what level of impact it may have for the users of

SNS’s.

In order for a conclusion to be drawn in regards to the

questions raised, there is a need for us to examine previous

literature related to privacy and security in SNS’s in depth,

and to critically examine the arguments set forth which

supports the view that users should be genuinely

concerned about these issues when using SNS’s.

2.1 Social Networking Sites

As per the three core features identified by Boyd & Ellison

(2008) in the introduction, the main mechanism of how

SNS’s work is based on the online profile a user creates

when they first join a SNS.

These profiles generally contain information about the

specific attributes of an individual which is used to verify

the participant in the online community. Most SNS’s

encourage users to provide as much information about

their attributes as possible so that their public identities

match the profiles created online (Gross & Acquisti 2005).

These attributes are not only category-based

representations of a person’s interests, hobbies or

affiliation with a specific group or organization (e.g. School

or Company), but can also be referential as well. Referential

attributes is information that directly refers to a specific

individual which allows a person to be specifically identified.

The real life name, gender, date of birth and images of a

person’s social or inner life are all referential attributes

which can be used to identify a specific individual (Gross &

Acquisti 2005, Riphagen 2008).

All this personal data about a specific participant is given

self voluntarily by the user, thus allowing other users to be

able to verify, and identify a particular individual.

Furthermore, the data provided on these sites are mostly

genuine and accurate (Table 1) which implies that the

identity provided through SNS’s is generally accurate, and is

a very close resemblance to their offline identities

(Hargittai 2008), which is where the suspected risk

revolving around privacy and security has been identified.

Table 1 (Gross & Acquisti 2005): Categorization of name quality

of 100 profile names from Facebook.

Category Percentage Facebook Profiles

Real Name 89%

Partial Name 3%

Fake Name 8%

There are also concerns over the default privacy settings

used in SNS’s such as Facebook, and the difficulties that

participants face when trying to change these settings

(Jones & Soltren 2005). Although surveys show that there

are more users who are blocking people outside of their

network accessing their personal profiles, a considerable

amount of individuals (27%) continue to use the default

settings provided by the service provider which have a

considerable amount of the attributes set to public sharing

(Webroot 2010, Jones & Soltren 2005).

In summary, the issues surrounding privacy and security

have been due to the following features of SNS’s:

A. Personal online profiles which contain information

about an individual (both referential and attributive) must

be created in order to participate in SNS.

B. Personal profiles contain information that can verify

and identify a particular individual, and have a close

resemblance to a person’s real life identity.

C. SNS’s encourage users to provide as much personal

information as possible in order to enhance the user

experience.

D. Settings to limit the amount of information provided

through online profiles are limited due to both the

competency level of the individual and technical

limitations.

2.2 Privacy Issues

Westin (2003) defines privacy as “the claim of an individual

to determine what information about himself or herself

should be known to others”.

The fact that a large amount of personal information

presented in a SNS profile as explained in Section 2.1,

coupled with the fact that this information may be

involuntarily shared with a vast amount of unknown

strangers has raised serious questions surrounding privacy

implications associated with online networking through

SNS’s (Gross & Acquisti 2005). Furthermore, the use of this

aggregated personal information collected by the SNS

providers for commercial purposes has also caused room

for concern (Haque N 2008).

This concern is also shared by Gross & Acquisti (2005) who

state that there are two major privacy implications on SNS’s:

Firstly, The SNS itself may use and spread personal

information to different parties in various forms and

methods, without the participant knowing this is occurring.

A quick look through the terms & conditions of the most

popular SNS’s (with the exception of LinkedIn) in Table 2

illustrates how SNS’s are able to share a user’s information

willingly with third parties.

3

Table 2: Use of personal information by SNS’s

SNS Is information shared

with third parties?

Sharing of Information to third

parties

Facebook Yes (Facebook 2010b) “You understand that we may not

always identify paid services and

communications as such.”

Myspace Yes (MySpace 2010)

“MySpace also may share your PII

(Personal Identifiable Information)

with Affiliated Companies if it has a

business reason to do so.”

Linkedin No (Linkedin 2010)

“We do not sell, rent, or otherwise

provide your personal identifiable

information to any third parties for

marketing purposes.”

* Orkut &

Youtube Yes (Google 2010)

“We provide such information to

our subsidiaries, affiliated

companies or other trusted

businesses or persons for the

purpose of processing personal

information on our behalf.”

Bebo Yes (Bebo 2010)

“We may use the information

collected automatically…and to

customize Bebo’s content, layout

and services. We may share this

information with third parties to

help us improve the Bebo Service

and better serve our users.”

Twitter Yes (Twitter 2010)

“We may share your personal

information with these third

parties, but only to the extent

necessary to perform these

functions and provide such

services, and only pursuant to

obligations mirroring the

protections of this privacy policy’

*Both Orkut and Youtube both use Google’s Privacy Policy as they are both

subsidiaries of Google Inc.

Secondly, the relatively easiness of joining a SNS and

extending one’s network, coupled with the fact that there

is a lack of basic security measures (such as SSL logins) in

place makes it easy for third parties to access participants

data without the site’s direct collaboration. For example, a

recent case in Australia which involved a major bank

creating false profiles on Facebook to befriend ANZ

customers with bad credits in order to track down their

current details voiced major concerns by various groups

and organizations over this supposed breach of privacy

laws (Gerathy 2010).

Zheleva & Gatoor (2009) also identify further privacy issues

surrounding SNE’s. They state through their literature that

not only does the voluntary / involuntary disclosure of

personal information by SNE’s pose a threat, but because

every individual is bound within a specific group, entire

social networks also have the risk of being exposed by

potential threats.

According to Li et al (2007), this leads to two types of

privacy attacks on the data presented in user profiles:

identity disclosure and attribute disclosure. Identity

disclosure refers to when an adversary is able to make a

link between the online profiles of an individual to a

specific real-world entity through the attributes provided

through a SNS. Attribute disclosure occurs when an

adversary is able to determine information about a

particular individual who wishes to keep certain elements

of their online profile discreet. This is done by making a

connection between the public profiles, network of friends

and group memberships which may be displayed through

the SNS.

This causes an additional layer of risk surrounding privacy

in SNS’s because privacy settings that SNS’s allow an

individual to set become nullified due to the fact that

discreet information can be extracted through the

networks surrounding a specific individual. Furthermore,

the risk extends to not only a particular individual, but a

group of participants which may cause a more serious

privacy problem.

In summary, SNS’s pose an issue surrounding privacy as (a)

The personal data provided through an SNS can be

aggregated and be used for commercial or malicious

purposes by the SNS themselves or third parties; and (b)

Privately disclosed information on SNS’s can be exposed by

collecting data on an individual based on the network

surrounding the online profile and furthermore pose risks

on the network itself.

2.3 Security

Security is defined as the “process that ensures data

integrity and restricts access to those who have been

granted it legitimately” (Hones & Soltren 2005). There is

evidence to suggest that as the popularity of SNS’s

continues to rise, adversaries are increasingly focusing their

efforts on exploiting certain security flaws which exist on

social networking sites.

A recent survey conducted by Webroot (2010) showed that

61% of users displayed their birthdays, 52% showed their

place of birth and 17% users showed their mobile phone

numbers on SNS’s – all sensitive personal data which could

be exploited by criminals for malicious purposes such as

identity theft. Not only that, but there have been numerous

cases reported through the mass media in regards to child

molestation and stalking incidents which have all stemmed

from criminals making contact with adolescence through

SNS’s (e.g. Roach 2010, Yeebo 2010 etc.).

As the networks and connections created on SNS’s revolve

around weaker social ties than in the real world, and the

threshold to qualify as a friend on someone’s SNS network

is much easier to infiltrate that in the physical space (Gross

& Acquisti 2005), the security issues mentioned above are

becoming increasingly common in SNS’s and pose a more

significant risk than similar issues which have been

observed through other means such as email phishing in

the past.

Furthermore, certain bugs and exploits surrounding the

technical functions of SNS’s are also being targeted by

hackers as there are limited security measures deployed by

most SNS’s. For example, no secure connection methods

(e.g. SSL) are present on most SNS’s and basic measures

including encryption are nonexistent. This opens up SNS’s

to threats such as password interception, commercial data

mining, database reverse-engineering which are all

4

technical issues that can cause severe damages to

participants in SNS’s (Jones & Soltren 2005).

2.4 Summary

From the literature reviewed on the issues surrounding

privacy and security in SNS’s, it is evident that there are

legitimate reasons to be concerned when providing

personal information through online profiles which are at

the core of any SNS.

The first issue arises from how aggregated personal data

gathered from SNS is used which not only allows unknown

third parties to access personal information for commercial

purposes but also may lead to various security risks such as

identity theft and stalking.

Secondly, the increasing number of users on SNS’s has

attracted attention from adversaries who may look to

exploit the easiness of joining a participants network as

well as trying to find various technical exploits that can also

cause severe security risks.

However, the two main issues summarized above have not

stopped the ever increasing number of users to join and

participate in SNS’s. In the following section, the aim will be

to provide a critical analysis on the points outlined above,

to see up to what extent these issues surrounding privacy

and security actually poses on participants of SNS’s.

III. CRITICAL ANALYSIS

The literature review conducted in the previous section

outlines the fact that participants in SNS’s should limit the

amount of information provided through their online

profiles, due to the significant privacy and security issues

that it presents.

However, much of the literature which has examined the

problems surrounding privacy and security within SNS’s fail

to take into consideration some important points that may

have been overlooked while conducting their research. This

may have provided a distorted view on the issues at hand,

and the purpose of this section is identify some of the

weaknesses set forth by the literature examined in the

previous section in order to provide a more accurate

picture as to the type of impact the issues surrounding

privacy and security actually has.

Firstly, the literatures that have been failed to examine

privacy norms in depth, and defined privacy based on their

own interpretation of the topic. Westin (2003) states that

the political, socio-cultural and the personal settings all

need to be catered for in order to understand the true

meaning of privacy, and debates over privacy are never-

ending due to the complexity it presents when trying to

measure what is private or not for an individual. What this

implies is that privacy is a complex condition, and cannot

be defined by others as it is a matter of personal choice by

an individual as done in the literature reviewed.

In the case of SNS’s, it must be understood that although

the service providers of these sites may encourage users to

provide certain personal information about themselves, the

majority of personal data is done on a voluntary nature,

and is not enforced upon the individual. Also, the level of

information provided through SNS’s is different from user

to user, and this implies that there is no one size fits all

solution to the privacy issues surrounding SNS’s and that

everyone’s interpretation of privacy is different from one

another.

For example, Westin (2003) continues the debate on the

issues surrounding privacy in his literature by stating that

the continued negative coverage by the mass media on

issues such as mail marketing and telemarketing in the

1990’s is the main reason why users have a generally

negative attitude towards direct marketing and

advertisement. In the scope of SNS’s, this may mean that

although the sharing of user information for commercial

purposes does not seriously pose a significant threat to

individuals, it may be portrayed as privacy-intrusive

because of the social atmosphere created in the past.

Furthermore, Westin (2003) also argues that high profiled

cases around identity theft as well as stalking cases in

business and government record systems have heightened

the perceived risks associated with privacy and security

over recent years. In this regards, the social atmosphere

surrounding a society may change the attitude of users

towards the issue of privacy and security, and since

previous literature reviewed only examined the issues at

hand from a strictly individual perspective, there is room

for doubt as to how much of a threat the issues brought

forth really are.

Secondly, research also suggests that the main purpose of

most SNS’s is to strengthen existing relationships formed

offline, rather than create new ones online (Ellison et al

2007). This means that SNS users generally spend more

time ‘searching’ for people whom they already have a real

life connection with, rather than ‘browsing’ through the site

to meet complete strangers (Lampe et al 2007).

This is further backed up by other scholars who state that

despite the potential for global networking through

Internet related services such as SNS’s, most people’s

contact are local, with stronger ties centered on pre-

existing relationships, and interest in ‘strangers’ or distant

others are minimal (Livingstone 2008). Hence, the

perceived risk surrounding malicious users joining specific

groups or networks to exploit participants may be deemed

less of a threat than what is perceived.

Finally, it is important to understand that despite the risks

perceived with privacy and security, there are significant

benefits to be gained from the use of SNS’s in general. As

mentioned in the previous section, SNS’s are used by most

users to strengthen existing ties in the real life world which

allows for better relationships to be formed by participants.

5

Self-expression, sociability, community engagement,

creativity and new literacies are all benefits which can be

associated with the use of SNS’s (Livingstone 2008), and

these benefits all impact the notion of Social Capital – “the

resources accumulated through the relationships among

people” (Coleman 1998).

As shown in Figure 2, These resources can take the form of

useful information, better personal relationships or the

capacity to organize groups of particular interest by

participants in SNS’s, and research suggests that despite

the potential for privacy abuses and security issues, the

benefits that an individual receives from using SNS’s is a

strong enough merit for users to continue on not only using

the service, but recommending it to others as well (Ellison

et al 2007).

Figure 2: Sources, mechanisms and outcomes of social capital

(Ruuskanen 2001)

Furthermore, as Social Capital allows for better

collaboration and social support within a SNS community,

the perceived security threats from technical exploits may

also be lowered as well, as participants may coordinate

security measures amongst themselves through means

such as alerting each other to certain dangers, as well as

reporting the threats to those in charge who may be

quicker to respond to fixing the problem at hand.

IV. CONCLUSION

The main aim of this paper was to review the current

issues surrounding privacy security in SNS’s, and to

understand why the participation of SNS by participants

continued to increase despite the issues at hand.

The paper identified that there were two main reasons

why privacy and security were considered such a risk in

SNS’s: (a) The level of voluntary personal information

provided to an SNS to create an online profile; (b) The

easiness to join a SNS and the lack of security features

provided.

However, this paper suggested that these risks were not as

prevalent as people believed, and most of the concerns

surrounding the issue were hyped due to the methods used

to present the case for privacy and security concerns in

SNS’s were flawed. This does not imply that certain issues

surrounding privacy and security did not exist, but the level

of impact these issues may not be as significant as

perceived by certain groups and individuals.

It must be acknowledged that there are certain limitations

to this paper, as the conclusion drawn may not be relevant

to all SNS’s due to the fact that not all SNS’s are the same

such as different privacy policies, functions & services, user

demographics and resources which can all affect the

outcome of the findings. .

Furthermore, the scope of the paper has only allowed us to

provide a generic overview as to the benefits that users can

derive from SNS’s, and the paper was unable to closer

examine important topics such as social capital and the

impact of mass media on user’s perception of privacy and

security which may have provided a more solid argument.

Hence, this paper recommends that future scholars should

look further into the matters of benefits vs. risks of SNS’s as

well as how socio-cultural, political and personal settings on

privacy as defined by Westin can impact the way users

engage in SNS’s.

6

REFERENCES

Bebo (2010, ‘Privacy Policy’, Bebo, Accessed 1st

November 2010

from http://www.bebo.com/Privacy2.jsp

Boyd D & Ellison N (2008), ‘Social Network Sites: Definition,

History, and Scholarship’, Journal of Computer-Mediated

Communication, 13, pp.210-230

Coleman J (1988), ‘Social capital in the creation of human capital’,

American Journal of Sociology, 94, S95-120

Ellison N, Steinfield C & Lampe C (2007), ‘The Benefits of Facebook

“Friends:” Social Capital and College Students’ Use of Online Social

Network Sites’, Journal of Computer-Mediated Communication,

12, pp.1143-1168

Facebook (2010), ‘Facebook Timeline’, Facebook, Accessed 30th

October 2010 from

http://www.facebook.com/press/info.php?statistics#!/press/info.

php?timeline

Facebook (2010b), ‘Statement of Rights and Responsibilities’,

Facebook, Accessed 1st

November 2010 from

http://www.facebook.com/?ref=logo#!/terms.php

Gerathy S (2010), ‘Fake ANZ Facebook profile may breach laws’,

ABC, Accessed 1st

November 2010 from

http://www.abc.net.au/news/stories/2010/05/26/2910320.htm

Google (2010), ‘Privacy Policy’, Google Privacy Center, Accessed

1st

November 2010 from

http://www.google.com/privacypolicy.html

Gross R & Acquisti A (2005), ‘Information Revelation and Privacy

in Online Social Networks’, WPES’05- Virginia USA, pp. 71- 80

Hargittai E. (2008), ‘Whose Space? Differences Among users and

Non-Users of Social Network Sites’, Journal of Computer –

Mediated Communication, 13, pp.276-296

Haque N (2008), ‘How social networks make money. Listen up

Facebook’, Wikinomics, Accessed 1st

November 2010 from

http://www.wikinomics.com/blog/index.php/2008/04/29/how-

social-networks-make-money-listen-up-facebook/

Jones H & Soltren J (2005), ‘Facebook: Threats to Privacy’, MIT,

2005

Lampe C, Ellison N & Steinfield C (2006), ‘A Face(book) in the

crowd: Social searching vs. Social browsing’, Proceedings of the

2006 20th

Anniversary Conference on Computer Supported

Cooperative Work, pp.167-170, New York

Lange P (2008), ‘Publicly Private and Privately Public: Social

Networking on Youtube’, Journal of Computer Mediated

Communication, 13, pp. 361-380

Li N, Li T & Venkatasubramanian S (2007), ‘T-Closeness: Privacy

beyond k-anon and l-diversity’, ICDE, 2007

Linkedin (2010), ‘Privacy Policy’, Linkedin, Accessed 1st

November

2010 from http://www.linkedin.com/static?key=privacy_policy

Livingstone S (2008), ‘Taking risky opportunities in youthful

content creation: teenagers’ use of social networking sites for

intimacy, privacy and self-expression’, New Media Society, 10, pp.

393-411

Myspace (2010), ‘Privacy’, Myspace, Accessed 1st

November 2010

from

http://www.myspace.com/index.cfm?fuseaction=misc.privacy

Riphagen D (2008), ‘Privacy Risks for users of Social Network Sites’,

Delft University of Technology, Netherlands

Roach E (2010, ‘Child pornography trafficked on Facebook’,

Baptist Press, Accessed 1st

November 2010 from

http://www.bpnews.net/BPnews.asp?ID=33960

Ruuskanen P (2001), ‘Social Capital and Innovations in Small and

Medium Sized Enterprises’, DRUID Summer Conference, pp. 1-28,

Elsinore, Denmark

Twitter (2010), ‘Twitter Privacy Policy, Twitter, Accessed 1st

November 2010 from http://twitter.com/privacy

Webroot (2010), ‘ One year later, Social Networkers are savvier

about keeping information private, but still take risks’, Webroot,

Accessed 1st

November 2010 from http://pr.webroot.com/threat-

research/cons/social-networking-identity-theft-033010.html

Westin A (2003), ‘Social and Political Dimensions of Privacy’,

Journal of Social Issues, 59:2, pp. 431-453

Wikipedia (2010), ‘List of Social Networking Sites’, Wikipedia,

Accessed 30th

October 2010 from

http://en.wikipedia.org/wiki/List_of_social_networking_websites

Yeebo Y (2010), ‘ Manhattan teacher Fired for Allegedly Stalking

Students on Facebook’, DNAinfo, Accessed 1st

November 2010

from http://www.dnainfo.com/20101018/manhattan/manhattan-

teacher-fired-for-allegedly-stalking-students-on-facebook

Zheleva E & Getoor Lise (2009), ‘To Join or Not to Join: The Illusion

of Privacy In Social Networks with Mixed Public and Private User

Profiles’, WWW 2009, pp.531-540, Madrid, Spain