Facebook and privacy: it’s complicated (SOUPS ’12)


We measure users’ attitudes toward interpersonal privacy concerns on Facebook and measure users’ strategies for reconciling their concerns with their desire to share content online. To do this, we recruited 260 Facebook users to install a Facebook application that surveyed their privacy concerns, their friend network compositions, the sensitivity of posted content, and their privacy-preserving strategies. By asking participants targeted questions about people randomly selected from their friend network and posts shared on their profiles, we were able to quantify the extent to which users trust their “friends” and the likelihood that their content was being viewed by unintended audiences. We found that while strangers are the most concerning audience, almost 95% of our participants had taken steps to mitigate those concerns. At the same time, we observed that 16.5% of participants had at least one post that they were uncomfortable sharing with a specific friend—someone who likely already had the ability to view it—and that 37% raised more general concerns with sharing their content with friends. We conclude that the current privacy controls allow users to effectively manage the outsider threat, but that they are unsuitable for mitigating concerns over the insider threat—members of the friend network who dynamically become inappropriate audiences based on the context of a post.


Maritza Johnson, Serge Egelman, and Steven M. Bellovin. Facebook and privacy: it’s complicated. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12). ACM, New York, NY, USA, 15 pages. 2012.

PDF Download