This paper examines the significant privacy and security risks associated with Facebook, one of the world's most widely used social networking platforms. Drawing on case studies, academic surveys, and news reports, the paper investigates the dangers of fake accounts, the exposure of private user data through software bugs and policy changes, and the controversial Facebook Beacon program, which secretly monitored user activity on third-party websites. The paper also analyzes Facebook's privacy policies and default settings, arguing that commercial interests have consistently overridden user protection. The paper concludes with recommendations for stronger identity verification, full SSL encryption, and more user-centered default privacy settings.
Computers and the Internet have revolutionized our world in many different ways. Their impact is visible in every sphere of our lives, ranging from academics to entertainment, medical science to social networking. The Internet has added an entirely different dimension to our social lives, and today it is possible for people from geographically distant parts of the world to interact, form friendships, and stay in touch. Social networking has opened a whole new world of possibilities for today's youth as never before. Facebook, one of the most popular social networking websites, boasts a record number of users — "more than 400 million active users" from around the world. Recent statistics suggest that an average user spends approximately 1,250 minutes, or roughly 21 hours, per month on Facebook. [Facebook]
While this clearly highlights the significance of Facebook as a social utility platform, it has also drawn heavy criticism from a number of groups as well as from users of the website themselves. Privacy issues and security concerns have emerged following Facebook's decision to make profile information available online, accessible to anyone using internet search engines. Though Facebook subsequently gave users the option to modify their privacy settings and restrict access to their accounts, serious privacy implications underlie many of the platform's newer features — features that could put unwary users at risk. Facebook's privacy regulations are not foolproof and could be easily manipulated, making users vulnerable to personal information theft, unsolicited marketing, stalking, and more. A brief overview of these sensitive issues illustrates why Facebook is not a completely safe environment and why user caution is warranted.
Social networking has both its upsides and downsides. One of the greatest dangers of using a platform such as Facebook is the risk of losing one's privacy. Facebook users exchange photos, messages, and personally identifiable information. A new Facebook account can be set up with minimal information — a name, email address, and school status. There is a "My Privacy" feature on Facebook that allows users to limit or control access to their information. However, users of Facebook typically share a great deal of information, and there are widespread concerns about the network's inadequate protection of that sensitive data.
In a survey conducted by MIT, more than 80% of freshmen surveyed were already members of Facebook, and a majority of college students were not utilizing the privacy and security settings the website offers, leaving them vulnerable to data theft and exploitation. The MIT survey, involving 413 students, found that more than 70% of users willingly give away commercially useful information such as age, sex, and location — information that attracts corporate marketers to use Facebook as a demographic targeting tool. Dedicated users were shown to disclose even more personally identifiable information. The survey further indicated that while 289 (74%) of subjects were aware of Facebook's privacy settings feature, only 234 (62%) actually used it. Almost 353 (91%) of subjects had not read the "Terms of Use," and 347 (89%) had never reviewed the "Privacy Policies." [Harvey Jones, 2005] This MIT survey clearly illustrates the level of user awareness and the significant potential for misuse of user-gathered information.
One of the most important concerns about social networking sites is the relative ease with which people can create fake accounts. Since no payment is required to register on Facebook, there is no reliable way of verifying the authenticity of the information a user provides. As a result, people can create fake accounts — either for themselves or impersonating others — in order to damage reputations. These are not merely theoretical possibilities; many cases in which fake accounts were used for defamation and other illegal activities have already been documented.
One notable case in Britain involved two former school friends, Mathew Firsht and Grant Raphael. Raphael created a fake personal profile of Firsht on the website, as well as a company profile titled "Has Mathew Firsht lied to you?" The profile included allegations that Firsht owed large sums of money, that he deliberately avoided paying them, and that his company should not be trusted. The British court ultimately awarded Firsht ÂŁ15,000 for libel, as well as ÂŁ2,000 and ÂŁ5,000 for damages to his company. [BBC, Jul 2008]
Speaking to the BBC, Firsht described the ordeal as requiring "a lot of energy, a lot of effort and a lot of time, and a lot of expense" to uncover who was responsible — and said winning the case was "amazing." As computer security expert and former hacker Robert Schifreen observed, "The problem with these free websites that don't require payment means there's no easy way of verifying someone's identity… You haven't got their address, you haven't got their credit card details, so anybody can set something up." [BBC, Jul 2008] In response, Facebook released an official statement: "Facebook does not permit fake profiles on its site. When fake profiles are reported, we thoroughly investigate and remove profiles found to be in violation of our terms of use — just as we did in the case of Mathew Firsht." [BBC, Jul 2008]
A far more tragic case involving a fake Facebook profile was the rape and murder of Ashleigh Hall, a 17-year-old student from Darlington. The perpetrator was a convicted sex offender named Peter Chapman, who had previously been arrested and sentenced multiple times for rape and violent sexual assault. Chapman created a fake Facebook profile presenting himself as a teenage boy, using photos of a young male to complete the deception. As chief prosecutor Graham Reeds described it: "The prosecution case is that the defendant used this handsome alter ego to entice 17-year-old Ashleigh Hall into meeting him. When she met him, on 25 October last year, he kidnapped, raped and murdered her."
This case illustrates how easily a potential sex offender or serial killer can use a popular social networking platform to lure victims. Adolescents are particularly vulnerable to such crimes. Since the majority of Facebook users are teenagers and young adults, the anonymous environment the platform provides creates a haven for sex offenders and predators. Unsuspecting young people can fall prey to dangerous pedophiles, as happened in Ashleigh Hall's case. Her mother's words are a sobering reminder: "Ashleigh wasn't a bad kid. She wasn't naughty. She made one mistake and has paid for it with her life." [Helen Carter]
"Bugs and policy changes leak private user data"
"Beacon secretly tracked users on third-party sites"
"Opaque policies default toward data exposure"
"Recommendations for stronger privacy and security"
You’re 37% through this paper. Sign up to read the remaining 4 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.