Cambridge researchers give privacy scores to social networking sites

Researchers from the Computer Laboratory’s Security Group at the University of Cambridge have just published the results of their privacy survey of 45 popular social networking (SN) sites from all over the world. The expertise and research findings of this group, led by Ross Anderson, has previously made headlines in the ZDnet, the Telegraph, the Mail, the Mirror and the Register, and has been shown on Newsnight.

More than 200 criteria related to privacy policies and privacy controls were used by Cambridge researchers to evaluate 45 SN sites. Examples of criteria include:

• the amount of data collected during sign up
• the default privacy settings
• whether information is routinely shared with third parties

SN sites have previously been criticised in the press for their privacy practices and so not surprisingly the academics found strong evidence that the SN market is not providing users with adequate privacy controls. However, the survey results also indicate a lot of variation in quality of SN sites. Bebo, LinkedIn and GaiaOnline were found to have the best privacy practices of all, while Badoo, CouchSurfing and MyLife were found to have the weakest. Arguably the most popular in the SN community, Facebook and MySpace, were found to have privacy controls of mediocre quality, but these two sites have also more features than other SN site and so it is harder to maintain their privacy. Furthermore, most sites were found to have very confusing and difficult to access privacy settings and among that cohort Facebook with its 61 privacy settings was the worst. Ironically, the survey found that sites that made privacy a selling point tended to have lower-quality privacy controls.

A major privacy problem with SN sites is they consistently hide accessible privacy information for users in order to reduce privacy salience for marketing purposes and instead advertise the benefits of disclosing personal data through connecting with friends, meeting new people and sharing pictures. However, the data also suggests that sites may have evolved specifically to communicate differently to users with different levels of privacy concern.

Overall, more popular SN sites have more resources to devote to the problem of privacy and they are more often scrutinised in the media over protection of user data than their less known counterparts and so their privacy controls are better maintained. Cambridge researchers believe that by revealing the privacy practices of all sites more pressure will be put on major sites to add further protections for users and less popular sites will also realise that good protection of their users’ data may lead to higher growth.