Social Networking Privacy Behaviors and Vulnerabilities


The study of online privacy management is a relatively new field, which suffers from a lack of empirical studies and needs to be examined in greater depth. This project will identify security behaviours and attitudes for social network users from different demographic groups, and assess how these behaviours map against privacy vulnerabilities inherent in social networking applications.


Attitudes and Behaviors

Construct a questionnaire and assemble a demographically diverse study group to discover privacy attitudes and behaviours of social network users. At this point, Facebook is the preferred candidate network, because MySpace is skewed to a teen demographic. For more information on this see Facebook vs MySpace Analysis. Potential questions about user attitudes could focus on user's knowledge of what parts of their personal information are available online, how concerned they are about privacy, how much 'at risk' they feel when using social networks, what steps they take to manage or protect their privacy, and their levels of knowledge about browser and social network privacy configuration settings. Potential questions about behaviours could examine what steps users take to manage or protect their privacy, how users handle friend requests, what types of personal information users post online (photos, personal opinions, party plans, relationships, blogs, links to personal or professional web sites, etc.), and what tools users employ to 'test' their privacy. For example, do users perform Google searches on themselves to see what personal information is out there? Can the project team come up with any other ways to test privacy?

Privacy Threats and Vulnerabilities

Using a combination of peer-reviewed publications, media coverage and the assembled knowledge of the project team, construct a list of major privacy threats and vulnerabilities for social network users. This list should not focus on the usual malware, spyware or technological threats, we are interested in user behaviours that create privacy threats. For example, improper security configurations could result in a few different threats and vulnerabilities, giving address information (even of clubs or schools) could result in a stalking threat, while posting pictures of a wild life style could result in a threat to a user's career.

Theat - Behavior Mapping

Finally, construct a risk matrix to map privacy behaviours against privacy threats and vulnerabilities. Using a score from 1 to 10, assign each of these intersection points (where a behaviour creates a vulnerability) two values for 'Likelihood of Occurrence' and 'Severity of Impact'.


At this point, study conclusions and areas for future research will be apparent and should be suggested.


  1. D. Rosenblum, "What Anyone Can Know: The Privacy Risks of Social Networking Sites," IEEE Security and Privacy, vol. 5, no. 3, pp. 40-49, May/Jun, 2007
  2. Lisa Singh, Justin Zhan, "Measuring Topological Anonymity in Social Networks," grc,pp.770, 2007 IEEE International Conference on Granular Computing (GRC 2007), 2007
  3. Borisov and Lucas. FlyByNight: mitigating the privacy risks of social networking. Proceedings of the 7th ACM workshop on Privacy in the electronic society, Alexandria, Virginia, 2008, Pages 1-8,
  4. Gross, Ralph, Alessandro Acquisti, and H. John Heinz III., "Information Revelation and Privacy in Online Social Networks", Proceedings of the 2005 ACM Workshop onPrivacy in the Electronic Society, pp. 71-80, Alexandria, Virginia, 2005
  5. K. Borders, G. Brown, T. Howe, M. Ihbe, and A. Prakash, "Social Networks and Context-Aware Spam", Proceedings of the ACM 2008 conference on Computer supported cooperative work, pp. 403-412 . San Diego, CA, 2008
  6. B. Krishnamurthy and C. Wills, "Characterizing privacy in online social networks", Proceedings of the first workshop on Online social networks, pp. 37-42, Seattle, WA, 2008
  7. I. Brown T. Zukowski, "Examining the influence of demographic factors on internet users' information privacy concerns", Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries, pp. 197-204, Port Elizabeth, South Africa, 2007
  8. A. Korolova, R. Motwani, and S. Nabar, "Link privacy in social networks", Proceeding of the 17th ACM conference on Information and knowledge management, pp. 289-298, Napa Valley, California, 2008
  9. Palen, Leysia and Dourish, Paul "Unpacking "Privacy" for a Networked World" CHI 2003, Ft. Lauderdale, Florida, USA.
  10. Raento, Mika and Oulasvirta, Antti "Designing for privacy and self-preservation in social awareness", Personal Ubiquitous Computing, vol. 12, pp. 527-542, 2008.
  11. Conti, Gregory and Sobiesk, Edward "An Honest man has Nothing to Fear: User Perceptions on Web-based Information Disclosure", Symposium on Usable Privacy and Security (SOUPS) 2007, Pittsburgh, PA, USA.
  12. Strater, Katherine and Richter, Heather "Examining Privacy and Disclosure in a Social Networking Community", Symposium on Usable Privacy and Security (SOUPS) 2007, Pittsburgh, PA, USA.
  13. Marilyn Silva, Ian Rajeswari, Anu Nagpal, Anthony Glover, Steve Kim "Virtual Forensics; Social Network Security Solutions", Seidenberg School of CSIS, Pace University, 2008, White Plains, NY, USA.