Facebook: Threats to Privacy

Harvey Jones, Jos´e Hiram Soltren
December 14, 2005
Abstract
End-users share a wide variety of information on Facebook, but a discussion of the privacy
implications of doing so has yet to emerge. We examined how Facebook affects privacy, and
found serious flaws in the system. Privacy on Facebook is undermined by three principal factors:
users disclose too much, Facebook does not take adequate steps to protect user privacy, and
third parties are actively seeking out end-user information using Facebook. We based our end-
user findings on a survey of MIT students and statistical analysis of Facebook data from MIT,
Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of
Fair Information Practices as recommended by the Federal Trade Commission. In light of the
information available and the system that protects it, we used a threat model to analyze specific
privacy risks. Specifically, university administrators are using Facebook for disciplinary purposes,
firms are using it for marketing purposes, and intruders are exploiting security holes. For each
threat, we analyze the efficacy of the current protection, and where solutions are inadequate,
we make recommendations on how to address the issue.
1
Contents
1 Introduction 4
2 Background 5
2.1 Social Networking and Facebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Information that Facebook stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Previous Work 6
4 Principles and Methods of Research 7
4.1 Usage patterns of interest. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2 User surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.3 Direct data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4 Obscuring personal data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.5 A brief technical description of Facebook from a user perspective . . . . . . . . . . . 10
4.6 Statistical significance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5 End-Users’ Interaction with Facebook 13
5.1 Major trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.2 Facebook is ubiquitous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.3 Users put time and effort into profiles . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.4 Students join Facebook before arriving on campus . . . . . . . . . . . . . . . . . . . 15
5.5 A substantial proportion of students share identifiable information . . . . . . . . . . 16
5.6 The most active users disclose the most . . . . . . . . . . . . . . . . . . . . . . . . 16
5.7 Undergraduates share the most, and classes keep sharing more . . . . . . . . . . . . 18
5.8 Differences among universities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.9 Even more students share commercially valuable information . . . . . . . . . . . . . 20
5.10 Users are not guarded about who sees their information . . . . . . . . . . . . . . . . 20
5.11 Users Are Not Fully Informed About Privacy . . . . . . . . . . . . . . . . . . . . . . 20
5.12 As Facebook Expands, More Risks Are Presented . . . . . . . . . . . . . . . . . . . 21
5.13 Women self-censor their data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.14 Men talk less about themselves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.15 General Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6 Facebook and “Fair Information Practices” 22
6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.2 Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.3 Choice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2
6.4 Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.5 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.6 Redress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
7 Threat Model 25
7.1 Security Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
7.2 Commercial Datamining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.3 Database Reverse-Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.4 Password Interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.5 Incomplete Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.6 University Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.7 Disclosure to Advertisers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.8 Lack of User Control of Information . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.9 Summary and Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8 Conclusion 34
8.1 Postscript: What the Facebook does right . . . . . . . . . . . . . . . . . . . . . . . 34
8.2 Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.3 College Newspaper Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9 Acknowledgements 38
9.1 Interview subjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
A Facebook Privacy Policy 39
B Facebook Terms Of Service 41
C Facebook “Spider” Code: Acquisition and Processing 45
C.1 Data Downloading BASH Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . 46
C.2 Facebook Profile to Tab Separated Variable Python Script . . . . . . . . . . . . . . 46
C.3 Data Analysis Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
D Supplemental Data 56
E Selected Survey Comments 73
E.1 User Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
F Paper Survey 75
3
1 Introduction
Facebook
1
(www.facebook.com) is one of the foremost social networking websites, with over 8
million users spanning 2,000 college campuses. [4] With this much detailed information arranged
uniformly and aggregated into one place, there are bound to be risks to privacy. University ad-
ministrators or police officers may search the site for evidence of students breaking their school’s
regulations. Users may submit their data without being aware that it may be shared with advertisers.
Third parties may build a database of Facebook data to sell. Intruders may steal passwords, or entire
databases, from Facebook. We undertook several steps to investigate these privacy risks. Our goal
was to first analyze the extent of disclosure of data, then to analyze the steps that the system took
to protect that data. Finally, we conducted a “threat model” analysis to investigate ways in which
these factors could produce unwanted disclosure of private data. Our analysis found that Facebook
was firmly entrenched in college students’ lives, but users had not restricted who had access to this
portion of their life. We discovered questionable information practices with Facebook, and found
that third parties were actively seeking out information.
To analyze the extent of user disclosure, we constructed a spider that “crawls” and indexes
Facebook, attempting to download every single profile at a given school. Using this tool, we
indexed the entire Facebook accessible to a typical user at Massachusetts Institute of Technology
(MIT), Harvard, New York University (NYU), and the University of Oklahoma. To supplement this
data, we surveyed the MIT student body to ascertain the level of use of certain Facebook features.
Our study found that upwards of 80% of matriculating freshmen join Facebook before even arriving
for Orientation, and that these users share significant amounts of personal information. We also
found that Facebook’s privacy measures are not utilized by the majority of college students. To
analyze the Facebook system we investigated the facets of the website, and of the terms of use
and compared them against the current standards of “Fair Information Practices” as defined by
the Federal Trade Commission, as well as the standards set by competing sites. Although many
Facebook features empower users to control their private information, there are still significant
shortcomings. Finally, we took the perspective of a third party acting in a self-interested manner,
looking either for financial gain or for assistance in the enforcement of university policy. We surveyed
news articles on the consequences of Facebook information disclosure, and interviewed students that
harvested data, as well as students who were punished for disclosing too much. Given the existing
threats to security, we constructed a threat model that attempted to address all possible categories
of privacy failures. From a systems perspective, there are a number of changes that can be made,
both to give the user a reasonable perception of the level of privacy protection available, and to
protect against disclosure to intruders. For each threat, we make recommendations for Facebook, its
1
“Facebook”, as opposed to “the Facebook”, is how the site’s literature refers to itself. We adopt that terminology
throughout the paper.
4
users, and college administrators. These include eliminating the consecutive profile IDs, using SSL
for login, extending “My Privacy” to cover photos, and educating end-users about privacy concerns.
2 Background
2.1 Social Networking and Facebook
Users share a variety of information about themselves on their Facebook profiles, including photos,
contact information, and tastes in movies and books. They list their “friends”, including friends at
other schools. Users can also specify what courses they are taking and join a variety of “groups” of
people with similar interests (“Red Sox Nation”, “Northern California”). The site is often used to
obtain contact information, to match names to faces, and to browse for entertainment. [4]
Facebook was founded in 2004 by Mark Zuckerburg, then a Harvard undergraduate. The site
is unique among social networking sites in that it is focused around universities – “Facebook” is
actually a collection of sites, each focused on one of 2,000 individual colleges. Users need an
@college.edu email address to sign up for a particular college’s account, and their privileges on the
site are largely limited to browsing the profiles of students of that college.
Over the last two years, Facebook has become fixture at campuses nationwide, and Facebook
evolved from a hobby to a full-time job for Zuckerburg and his friends. In May 2005, Facebook
received $13 million dollars in venture funding. Facebook sells targeted advertising to users of its
site, and parters with firms such as Apple and JetBlue to assist in marketing their products to college
students. [14]
2.2 Information that Facebook stores
First-party information All data fields on Facebook may be left blank, aside from name, e-mail
address, and user status (one of: Alumnus/Alumna, Faculty, Grad Student, Staff, Student, and
Summer Student). A minimal Facebook profile will only tell a user’s name, date of joining, school,
status, and e-mail address. Any information posted beyond these basic fields is posted by the will of
the end user. Although the required amount of information for a Facebook account is minimal, the
total amount of information a user can post is quite large. User-configurable setting on Facebook
can be divided into eight basic categories: profile, friends, photos, groups, events, messages, account
settings, and privacy settings. For the purposes of this paper, we will investigate profiles, friends,
and privacy settings.
Profile information is divided into six basic categories: Basic, Contact Info, Personal, Profes-
sional, Courses, and Picture. All six of these categories allow a user to post personally identifiable
information to the service. Users can enter information about their home towns, their current
residences and other contact information, personal interests, job information, and a descriptive pho-
5
tograph. We will investigate the amount and kind of information a typical user at a given school is
able to see, and look for trends. A major goal of Facebook is to allow users to interact with each
other online. Users define each other as friends through the service, creating a visible connection.
My Profile Contains “Account Info”, “Basic Info”, “Contact Info”
“Personal Info”, “My Groups”, and a list of friends
The Wall Allows other users to post notes in a space on one’s profile
My Photos Allows users to upload photographs and label who is in each one.
If a friend lists me as being in a photograph, there is a link added from
my profile to that photograph
My Groups Users can form groups with other like-minded users to show
support for a cause, use the available message boards, or find people
with similar interests.
Table 1: Facebook Features
Third-party information Two current features of Facebook have to do with third parties associ-
ating information with a user’s profile. The “Wall” allows other users a bulletin board of sorts on a
user’s profile page. Other users can leave notes, birthday wishes, and personal messages. The “My
Photos” service allows users to upload, store and view photos. Users can append metadata to the
photographs that allows other users to see who is in the photographs, and where in the photograph
they are located. These tags can be cross-linked to user profiles, and searched from a search dialog.
The only recourse a user has against an unwelcome Facebook photo posted by someone else, aside
from asking them to remove it, is to manually remove the metadata tag of their name, individually,
from each photograph. Users may disable others’ access to their Wall, but not to the Photos feature.
“My Privacy” Facebook’s privacy features give users a good deal of flexibility in who is allowed to
see their information. By default, all other users at a user’s school are allowed to see any information
a user posts to the service. The privacy settings page allows a user to specify who can see them in
searches, who can see their profile, who can see their contact info, and which fields other users can
see. In addition, the privacy settings page allows users to block specific people from seeing their
profile. As per the usage agreement, a user can request Facebook to not share information with
third parties, though the method of specifying this is not located on the privacy settings page.
3 Previous Work
No previous academic work specific to Facebook was found on the Lexis databases, Google’s database
for scholarly papers, the Social Science Research Network, or for “facebook AND journal AND arti-
6
Visibility to Search? Everyone
Restricted
Profile Visibility Everyone at school
Friends of friends at school
Just friends
Contact Info Visibility Everyone at school
Friends of friends at school
Just friends
Profile also shows... My friends
My last login
My upcoming events
My courses
My wall
Groups that a lot of my friends are in
Table 2: “My Privacy” settings (defaults in bold)
cle” and numerous other terms in a general web query. Although no journal articles exist, there are
many news articles that have been published about the emergence of Facebook, its incorporation
and subsequent venture funding, and recently, the consequences of third parties discovering infor-
mation that users have made public[14][20][21]. In related fields, the Federal Trade Commission
has done research into the area of online privacy practices, and has published several reports on
the matter, including the 1998 report to Congress entitled “Privacy Online.” [6] Previous work in
social networking has included a thorough investigation of “Club Nexus”, a site similar to Facebook
located at Stanford University[1].
4 Principles and Methods of Research
In order to investigate the ways in which Facebook is used, we closely investigated the usage patterns
of Facebook. We employ two methods of data collection to learn more about the way users interact
with Facebook. First, we conducted a survey of MIT students on the use of Facebook’s features.
Second, we harvested data from the Facebook site directly.
4.1 Usage patterns of interest.
Our main objective in gathering and analyzing Facebook user data was to make statements and
generalizations regarding the way users use their Facebook accounts. We investigated when users
create their accounts, and which kinds of users create accounts. Though the friending service is of
7
Figure 1: A sample Facebook page. Note the layout, accessible fields, and formation of URL used
to retrieve this page.
8
great interest to social network research, for the purposes of our paper, we primarily investigated
the number of friends users have on the service as an indicator of use, and look for trends.
4.2 User surveys
Our direct user data collection procedure employed both paper surveys and Web based forms to ask
individual users questions concerning their Facebook practices.
In designing our survey, we aimed for a minimum number of straightforward, multiple choice
questions which would serve to reveal usage patterns, familiarity with various aspects of the service,
and opinions on the quality of the service. The questions asked about the subject’s gender, residence,
and status, their date of joining Facebook and utilization thereof. It also asked about their knowledge
of Facebook’s Terms of Service, Privacy Policy, and privacy features, as well as their familiarity with
Facebook’s practices. We designed the survey such that it would fit on one printed page, and
take approximately three minutes to complete. The complete text of our survey is included as an
appendix.
In order to diversify the survey results, we gathered data through four routes. We set up a table
in the MIT Student Center, offering students a chocolate-based incentive for completing surveys.
We asked classmates in Public Policy, MIT course 17.30J/11.002J, to complete the survey. Via
e-mail, we asked the residents of the East Campus, Burton-Conner, Simmons Hall, and Random
Hall dormitories to complete the surveys. Finally, we asked all survey takers to notify others of the
survey.
4.3 Direct data collection
Our collection of data directly from Facebook served two principles. It served as a proof of concept,
to demonstrate that it is possible for an individual to automatically gather large amounts of data
from Facebook. The collection of data was not entirely trivial, but we were able to produce the
scripts necessary to do so within 48 hours. Also, the collection of data from Facebook will provide
us with a large, nearly exhaustive and statistically significant data set, from which we can draw
valuable conclusions on usage trends.
4.4 Obscuring personal data
Before analyzing data, we aggregated it into a spreadsheet. When we considered sets of more than
one record, we obscured data we deemed to be personally identifiable – Name, Phone Number, AOL
Screenname, High School, and Dormitory. These fields were unchanged if left blank by the user,
and replaced by “OBSCURED”
2
.
2
Before we developed the software to obscure the data, we did do enough analysis to discover that 48 Facebook
users at the schools we studied have the phone number 867-5309
9
4.5 A brief technical description of Facebook from a user perspective
Facebook uses server-side Hypertext Preprocesser (PHP) scripts and applications to host and format
the content available on the service. Content is stored centrally on Facebook servers. Scripts and
applications at Facebook get, process, and filter information on demand, and deliver it to users in
real time, to a Web browser over the Internet. Users begin their Facebook session at the service’s
top level site, http://www.facebook.com/.
At the main Facebook page, a user can log in to the service, or browse the small amount of
information available to the general public. The main page of the service is spartan, and does not
provide any personally identifiable information or technical insight. Facebook does require a school
e-mail address to use their service.
To log in to Facebook, users enter their username and password into the appropriate fields on
the page, and click Login. This sends a special URL to the service:
http : //www.facebook.com/login.php?email = USERNAME@SCHOOL.edu&pass = PASSWORD
(1)
Note that this URL contains a user’s login credentials in clear text. This information is vulnerable
to detection by a third party. No secure socket layer (SSL) or other encryption is used in logging in
tot he service.
During the login process, the service provides the user’s web browser with some information,
which is stored in the form of a cookie. Some of this information, such as the user’s e-mail address,
is written to a file so the user does not have to enter his or her e-mail at the next login. Facebook’s
service creates and gives a user a unique checksum at every login, which the browser stores as a
session cookie and generally does not write to a file. This checksum varies from login to login, but
other parameters do not.
Once logged in to the service, a user is free to interact with Facebook. The user may edit their
profile, look at others’ profiles, add or change their friends lost or personally identifiable information,
and explore the service.
The majority of features on Facebook are requested via simple, human-readable URLs. For
example, profile URLs are retrieved by requesting a URL of the form:
http : //SCHOOL.facebook.com/profile.php?id = USERID (2)
Facebook will read the school and user ID, and give the user either the requested user’s profile page,
filtered for privacy by the user’s request before being delivered, or return the user’s home page if
the profile he requested is blocked or does not exist. The first user at every school is called “The
Creator.” This profile’s USERID is the lowest userid at any given school. The date of its creation is
the date which Facebook was opened to that school. User Ids continue to be assigned sequentially
from the first valid number, created at the time of creation of each new account.
10
Facebook’s human-readable URLs and regularly formatted HTML make automated acquisition,
parsing, and analysis relatively easy. We discuss how we and others have done this in the next
section.
Each separate school has its own Facebook “server” for its content. Users with a school
e-mail address @SCHOOL.edu will go through http://SCHOOL.facebook.com/. For the most
part, many of these “servers” redirect to the same machine. For example, harvard.facebook.com,
mit.facebook.com, nyu.facebook.com, and ou.facebook.com all redirect to 204.15.20.25. This ar-
chitecture allows Facebook to easily move different schools to different servers if necessary.
By default, a new user’s profile and all information are fully visible to all other users at the same
school, but not visible to anyone at another school. Many users do not change their default settings,
making their information accessible.
When a user logs out of Facebook or closes their web browser, the session cookies are lost. This
generally means that once a user exits the service, they must enter at least their password to use
the service again.
4.5.1 Data acquisition
We are not the first to download user profiles from Facebook in large numbers. In the past, others
have utilized Facebook’s use of predictable, easy to understand URLs to automatically request
information and save user information for further analysis. Our approach used the incremental
profile identifier to download information in large quantities.
The algorithm we used to gather this data is very straightforward:
1. Log in to Facebook and save session cookies.
2. Load your home page and note the USERID of the page.
3. Decrease the USERID until you find the ID of “The Creator,” the first profile at a given school.
Save this number as USERID-LOW.
4. Increase the USERID until you find the ID of a user who joined recently, i.e. within the past
day. Save this number as USERID-HIGH.
5. For every profile from USERID-LOW to USERID-HIGH at a given school SCHOOL: Get the
profile, using URL
http : //SCHOOL.facebook.com/profile.php?id = USERID (3)
, and save the profile as a file.
To implement our algorithm, we used wget, “the non-interactive network downloader.” In
addition to implementing the above algorithm, we made wget pretend to be another web browser
11
by changing its user agent (to avoid potential suspicion at using wget to log in to Facebook). We
also had wget randomly insert a delay between requests, to keep load off of Facebook’s servers and
make our requests less difficult to detect. We took advantage of the fact that logins and passwords
are not encrypted, and can be sent as part of the login URL as an email and password pair.
The final application we used to download profiles was a short (five line!) BASH shell script,
which we include in the appendix.
We ran this script four times: once for Harvard, MIT, the University of Oklahoma (OU), and
New York University (NYU).
4.6 Statistical significance
Survey data Over the course of the two weeks we ran the survey, 419 MIT students responded
to the questions asked. The users answering our profile questions came from all of campus, with
strong concentrations in dorms where we e-mailed the survey. The respondents were mostly un-
dergraduates (90%). There were 224 female respondents and 195 male respondents. Reflecting
an MIT student population of 4,000 undergraduates and 6,000 graduate students, we can find the
statistical significance of our findings using the results of confidence levels and confidence intervals
from statistics.
The sample size of a survey group is related to the confidence value, the percentage picking a
choice, and the confidence interval by the formula
S =
Z
2
p(1 −p)
c
2
(4)
Where S is our sample size, Z is a value proportional to the confidence level (1.96 for a 95%
confidence interval), p is the percentage picking a choice, expressed as a decimal (with a worst case
value of 0.5), and c is the confidence interval, expressed as a decimal (i.e. 0.04 ± 0.04). For small
populations, we use the correction
S

=
S
1 +
S−1
P
(5)
Where S is our original sample size, S

is our new sample size, and P is our sample population. [17]
Our survey results are good enough to make coarse extrapolations to the MIT community in
general. At a confidence level of 95%, and a sample size of 419 applying to an MIT student popula-
tion of 10,000 total undergraduates and graduate students, and a worst case answer uncertainty of
50%, we find our confidence interval to be 4.68%. In other words, we can be 95% certain that our
survey responses fall within 4.68% of the true values. At a confidence level of 99%, our uncertainty
increases to 6.17%.
Collected Facebook data In general, we were able to collect large numbers of user profiles
from Facebook using our information collection system. We exhaustively downloaded every profile
12
available at our four subject schools, so there is no sampling uncertainty, as long as we limit our
conclusions to generalizations about the population of students with accessible Facebook profiles.
We will attempt to statistically correlate certain variables to prove hypotheses, and at other points
we will show raw data when we want to indicate a trend. The following table summarizes our success
in downloading information.
Success Rates In Downloading Profiles
School Number Profiles Number Downloaded Percentage
MIT 10063 8021 79.71%
Harvard 25759 17704 66.16%
Oklahoma U. 28201 24695 70.54%
NYU 32250 24695 77.41%
Total 97273 70311 72.28%
Aggregate Statistics We established a ”disclosure score” to quantitatively rank the amount of
PII disclosed by different colleges, classes, and genders. The overall score is the sum of the percent-
age disclosure of (Gender, Major, Dorm, High School, AIM Screenname, Mobile Phone, Interests,
Clubs, Music, Movies, and Books). From there, we created two sub-scores, one to reflect contact
information that could conceivably be used to contact or locate users (Dorm, AIM Screenname, Mo-
bile Phone, and Clubs/Jobs), as well as a sub-score reflecting disclosure of user interests (Interests,
Clubs/Jobs, Music, Movies, and Books).
5 End-Users’ Interaction with Facebook
5.1 Major trends
After processing the results of our user survey and downloaded Facebook profiles, we found some
general trends in Facebook usage. Facebook is ubiquitous at the schools where it has been estab-
lished. Users put real time and effort into their profiles. Students tend to join as soon as possible,
often before arriving on campus. Users share lots of information but do not guard it. Users give
imperfect explicit consent to the distribution and sharing of their information. Privacy concerns
differ across genders.
In the following pages, we analyze the collected data along numerous lines, and statistically
justify our findings. Our full numerical findings are included in the appendix.
13
Figure 2: Number of Profiles identifying as a class divided by students in that class
5.2 Facebook is ubiquitous
Possession of a Facebook account Survey results indicated that large majority of MIT students
have Facebook profiles. Of 413 respondents, 374 (91%) claimed to have Facebook accounts, while
only 39 (9%) did not. Indexing the Facebook seemed to indicate a similar result; the vast majority
of undergraduates have Facebook accounts. Although fake accounts could bloat the number of
accounts, the fact that the Facebook user base is quite similar to the MIT undergraduate population
point to the fact that a large percentage of Facebook users are genuine. There are 948, 1016, and 921
accounts that provide the class years of 2007, 2008, and 2009, respectively, compared to a class size
of roughly 1,000. As shown below, the majority of Facebook accounts are updated at least monthly,
which fits the profile of large numbers of users updating information about themselves. Aside from
her romantic attachments perhaps, a Paris Hilton account
3
would not need to be constantly updated.
At NYU, where potential pranksters are limited to two e-mail addresses[18], the number of accounts
for the classes of 2007-2009 (3850, 4012, 4076) correspond closely to the class sizes of 4,250. [16]
3
Until recently, the Facebook FAQ warned against creating fake accounts, telling users that “Everyone knows that
you’re not Paris Hilton”
14
Month Three Months Six Months One Year
53% 82% 92% 98%
Figure 3: Virtually all users update profiles often
5.3 Users put time and effort into profiles
The vast majority of users update their accounts frequently, with over half updating in November
2005
4
. This indicates that not only do the majority of undergraduates have Facebook accounts, the
majority of them also keep them constantly updated.
5.4 Students join Facebook before arriving on campus
We looked at the distributions of profile creating dates of members of the classes of 2008, and 2009.
The class of 2008 enrolled at MIT admission and had access to Athena by May of 2004, whereas
the class of 2009, the current freshman class, had Athena accounts by May of 2005
5
. Note that
MIT admits classes of approximately 1,000 freshmen.
Members of the MIT class of 2008 tended to create their profiles as soon as they heard about
Facebook, which was generally over the summer or during orientation. The majority of the class of
2008 joined Facebook from June 2004 to August 2004. In this time, 699 members of the class of
2008 created their profiles. Approximately 100 created their profiles in May of 2004 (i.e. as soon as
they could), and the remainder created their profiles at later times, dropping to approximately 10
per month. We were able to access 1016 members of the class of 2008 with Facebook profiles
6
.
The class of 2009 had an even more pronounced spike at matriculation time, indicating the
extraordinary draw of the Facebook. During May and June of 2005, 538 members of the class of
2009 created Facebook accounts. At present, 921 members of the class of 2009 have unrestricted
Facebook accounts.
At other schools, users exhibit similar behavior in creating their Facebook profiles. Strikingly,
over 948 (roughly 60%) Harvard Class of 2009 freshmen created their accounts within a month
of getting their email address. Freshmen create their accounts as soon as they can. The Harvard
trends are even more pronounced as we can see from the graph, with most 2008 freshmen signing up
4
19% of Harvard profiles, 15% of MIT Facebook profiles, 10% of NYU profiles, and 6% of Oklahoma profiles do
not have an update timestamp. Because no update timestamps exist before June 2004, it is probable that the feature
was implemented at that point, and all unstamped profiles were last updated before that point. This hypothesis is
substantiated by the fact that the number of blank update fields at a school is proportional to the length of time
before June 2004 Facebook was available at that school. Given the exponential tail-off of the last update times, it is
also likely that this 15% compose users who signed up right at the launch of Facebook for their school and did not
update their accounts afterwards.
5
Our experience is that MIT sends out Athena coupons around this time
6
Note that these numbers may be skewed by accounts for fictional people or celebrities.
15
Figure 4: Freshmen create accounts sooner and sooner after matriculation
over a three-month period, while the class of 2009 obtained their Facebook accounts immediately.
5.5 A substantial proportion of students share identifiable information
Facebook users at MIT tend to give a large amount of personal information, and tend not to restrict
access to it. Furthermore, Facebook users are more wary of some kinds of personal information than
others. Users were most willing to indicate their high school, and became increasingly protective of
their information regarding residence hall, interests, screen name, music interests, favorite movies,
favorite books, clubs and jobs, and mobile telephone number.
5.6 The most active users disclose the most
Users who frequently update their profiles tend to be even more open. Of the 5279 MIT profiles
updated on or after September 1, 2005, we found that, although the general trends of relative
disclosure did not change, the relative willingness to disclose all information increased.
Using another heuristic for determining active users, users with lots of friends tend to be much
more forthcoming with their personal information, particularly that which might be valuable to
advertisers.
Facebook has grown extremely rapidly, establishing a user base of 8,000,000 users, and close to
100% penetration at certain schools. If Facebook continues to grow in popularity, the average user
will likely become more and more like the “well-connected” user. If this trend continues, the level
16
Figure 5: Users disclose personally identifiable information
Figure 6: Recent users disclose even more
17
All Schools: Disclosure of PII
Clubs Interests Movies Music Books Gender Mobile
300+ Friends 81.0% 85.3% 81.7% 82.9% 76.6% 92.8% 25.6%
All Users 51.5% 64.1% 62.7% 64.0% 59.1% 82.8% 17.1%
Difference 29.4% 21.2% 19.0% 18.9% 17.4% 10.1% 8.5%
Figure 7: Connected users disclose more personal information, especially commercially valuable
information
of information disclosure will keep increasing correspondingly.
5.7 Undergraduates share the most, and classes keep sharing more
As shown in the table below, undergraduates share much more data than average, in almost every
case. As the majority of new registrants for Facebook each year are going to be undergraduates,
and the undergraduates most likely to disclose information no less, this is another indication that
more and more data will become available on Facebook.
Difference between classes In order to determine if there is a statistically significant difference
between courses, we attempted to correlate disclosure scores to class years. We ran a regression
of number of years in attendance at the college
7
against the disclosure index, and the contact and
interest subscores. We did this at all four schools, and the result was that all disclosure scores were
weakly correlated to class year (r = -.496 for the overall score, r = -.151 for the contact score, and
-.187 for the interest score.). This means that there is a correlation between being in a younger
class and disclosing more information.
5.8 Differences among universities
Among the four universities we investigated, we found subtle differences in the way student interact
with Facebook. Of the universities, Harvard provided us with the lowest percentage of visible profiles
from existing profiles (66%), whereas MIT provided the highest (79%). Students at the University
of Oklahoma were much less likely to share contact information (such as residence, screen name,
and mobile phone number) than students from any other university in our study. On the other hand,
students at Oklahoma were the most forthcoming about their tastes in books, movies, and music.
The differences we found really speak to the notion that Facebook is different at every school it
supports. The differences we noted are probably a function of many variables specific to the school,
such as the social atmospheres at the school, policies on information sharing, administrative advice
on Facebook usage, and so on. Such topics are outside the scope of this paper.
7
0, 1, 2 for the Classes of 2009, 2008, and 2007, respectively.
18
Difference in Disclosure
Harvard MIT
Gender 22% 17%
Major -6% 23%
Dorm 30% 23%
Room? 23% 4%
High School 32% 18%
AIM 26% 18%
Mobile 3% 10%
Interests 29% 16%
Clubs/Jobs 17% 23%
Music 33% 18%
Movies 31% 19%
Books 31% 17%
Figure 8: Difference between Class of 2009 exposure and all users
MIT Harvard OK NYU
Major 81% 64% 91% 79%
Dorm 96% 94% 85% 89%
AIM 71% 72% 62% 76%
Mobile 24% 27% 17% 15%
Interests 78% 81% 89% 81%
Clubs/Jobs 49% 58% 76% 50%
Music 77% 82% 93% 84%
Movies 74% 80% 90% 82%
Books 74% 80% 81% 77%
Figure 9: Disclosure rates of the Class of 2009
19
5.9 Even more students share commercially valuable information
The information most relevant to advertisers would likely be demographic data (age, gender, loca-
tion), as paired with interests. In general, over 70% of users are willing to disclose both categories of
information, making the Facebook a valuable trove of demographic data for marketers. In addition,
this database of interests could easily be cross-referenced by a database from a third-party ven-
dor, matching the details about users’ interests and current location to addresses, phone numbers,
and social security numbers. As shown above, dedicated users have a tendency to disclose this
information much more often, which may be a leading indicator of even greater disclosure.
5.10 Users are not guarded about who sees their information
Knowledge and use of “My Privacy” feature As a whole, users are familiar with the privacy
features Facebook offers, and choose not to use them. Of 389 users indicating familiarity with “My
Privacy”, 289 (74%) say they are familiar with “My Privacy,” while 100 (26%) say they are not.
At the same time, of the 380 users who gave information regarding their use of “My Privacy,” 234
(62%) said they use the feature, while 146 (38%) said they do not. Actively choosing to not use
“My Privacy” indicates that users believe there is a benefit to providing information and allowing
others to see it.
Concerns about Facebook privacy As a whole, survey respondents expressly indicated low con-
cern for Facebook’s privacy policies. Of 329 respondents, 76 (23%) are not concerned with Facebook
privacy, 117 (35.5%) are barely concerned, 104 (31.6%) are somewhat concerned, 20 (6.1%) are
quite concerned, and 12 (3.6%) are very concerned.
Likelihood of “friending” strangers. Facebook users at MIT tend to friend people they know,
doing so almost exclusively. Of the 383 respondents to this question, 243 people (63.45%) never
friend strangers, 110 people (28.72%) friend strangers on occasion, and 30 (7.83%) claim to friend
strangers. Although this seems like an intuitive notion, it merits further attention. Only allowing
people whom users know in real life to access their information is a good Facebook security strategy
when combined with other privacy features and selective posting. This tendency of users is further
evidence that Facebook use is more characteristic of physical relationships than that of an exclusively
online community, a powerful metaphor that is at the heart of the way users share their information
on Facebook. Women and men are equally unlikely to add a stranger to their list of friends.
5.11 Users Are Not Fully Informed About Privacy
Familiarity with the TOS and the Privacy Policy We asked Facebook users if they had read
Facebook’s policies regarding their use of the service. Of 389 respondents, 353 (91%) had not read
20
the Terms of Service. Of 390 respondents, 347 (89%) had never read the Privacy Policy.
Understanding of Privacy Policy We asked users to guess whether or not Facebook can share
your information with other companies. Of 374 respondents, 174 (47%) believed Facebook could
not do this, while 200 (53%) believed Facebook could. Facebook can indeed share your information
with other companies for advertising or other purposes, as indicated in their privacy policy
8
.
5.12 As Facebook Expands, More Risks Are Presented
Familiarity with “My Photos” feature The overwhelming majority of Facebook users are familiar
with the “My Photo” feature. Of 389 respondents, some 342 (87.9%) were familiar with the
feature. Furthermore, although most users are familiar with the feature, few seem to worry about
its potential implications. When asked if users have any control over the “My Photo” content of
others, specifically, on restricting access to photos posted on the service, 196 users of 416 respondents
(47%) said yes, 139 users (33%) said no, and some 84 (20%) did not know, or did not provide an
answer.
5.13 Women self-censor their data
In addition to the above analysis, we compared the trends of male and female users. Women are more
likely to log into Facebook, have more friends, and have a higher percentage of friends from MIT.
Both genders are equally unfamiliar with Facebook’s Terms of Service and Privacy Policy. Women
were more likely to use Facebook’s “My Privacy” feature in our survey, but not to a statistically
significant level. Women definitely self-censor their Facebook data more than men do. This is
pronounced in the number of mobile phone numbers made available to the public, as shown in the
table
9
.
In addition, we calculated the correlation between self-reported gender percentages at the dif-
ferent universities, and correlated these to the contact information index. We found that schools
with more women share proportionately less contact information, with a correlation coefficient r =
-.462.
8
The FAQ and Privacy Policy are actually in direct contradiction on this point. The FAQ states that “We don’t
distribute your user information to third parties.” The Privacy Policy, on the other hand, states that “we may share
your information with third parties, including responsible companies with which we have a relationship.” The Facebook
then lists reasons that they may share information, including legal requests and “facilitating their business.” Although
the policy could be construed to imply they will not share information, it is certainly not clearly stated, and a strict
reading would imply that Facebook can share information with third parties.
9
The correlation coefficient of male to female mobile phone disclosure is .992, indicating an extremely strong link
between the behavior of the genders at any particular school.
21
Disclosure of phone number, by gender
Male Female
Harvard 33% 26.5%
MIT 29.7% 20.5%
NYU 22.2% 11.6%
Oklahoma 21% 8%
Figure 10: Women self-censor the information they share
5.14 Men talk less about themselves
In contrast, we compared gender ratios to the interest data index (the extent to which users share
their interests, clubs, and favorite books, etc.). Here we found that the male-dominated schools
tended to share less information, which may indicate that women are more likely to share information
about themselves which will not lead to phone calls or unwanted visits. The correlation coefficient
between self-reported female percentage and the interest index was r=.625.
5.15 General Conclusions
Facebook is an institution at the colleges we surveyed. As time goes on, it is becoming even more
entrenched in college life. Although they tend to self-censor, especially women, users still share a
lot of personal information that could be valuable to many parties. As Facebook becomes more
entrenched, disclosure rates are likely to rise, until Facebook changes the parameters of their system,
or there are enough newsworthy privacy stories to change users’ perceptions.
6 Facebook and “Fair Information Practices”
6.1 Overview
In 1998, the Federal Trade Commission published Privacy Online, a report to Congress assessing
the state of privacy on the Internet. This report identified the five “widely accepted fair information
practices”: Notice, Choice, Access, Security, and Redress. These areas cover the basic principles of
online privacy, areas Facebook needs to address if they are to protect the privacy of its users. [6]
6.2 Notice
Notice is the first and most important requirement of fair information practices. Customers must
be aware of information collection and their rights regarding that collection before they can exercise
them. The basic “notice” requirements are a clear statement given to the consumer, before data is
collected, including, among other things:
22
• Identification of the entity collecting the data, the uses to which the data will be put, and any
potential recipients of the data.
• The nature of the data collected and the means by which it is collected if not obvious (pas-
sively, by means of electronic monitoring, or actively, by asking the consumer to provide the
information).
• Whether the provision of the requested data is voluntary or required, and the consequences
of a refusal to provide the requested information.
• The steps taken by the data collector to ensure the confidentiality, integrity and quality of the
data. [6]
The Facebook Privacy Policy aims to fulfill this requirement. It specifies Facebook as the entity
collecting the data, and does a good job of identifying which data will be collected in most cases,
including non-obvious data such as session data and IP addresses. Parts of the policy are vague,
however, and some are seemingly contradictory and confusing, such as “Facebook also collects
information about you from other sources, such as newspapers and instant messaging services. This
information is gathered regardless of your use of the Web Site. We use the information about
you that we have collected from other sources to supplement your profile unless you specify in your
privacy settings that you do not want this to be done.” This passage is either inaccurate or outdated,
as no setting related to this information is available in the “My Privacy” feature.
Even though Facebook accurately addresses what information they will be including on the whole,
their Privacy Policy falls short in other areas. The identification of the uses to which the data will
be put are nonexistent, and the identification of the targets of potential disclosure is anybody
Facebook deems appropriate, including marketing partners. Facebook has close relationships with
several corporations, integrating their marketing efforts seamlessly into the site via giving them
special “Groups” for interested students. This disclosure is certainly legal, and users are receiving
the use of an extremely useful and popular site for free in exchange for it. Unfortunately, not all
users understand the terms of the bargain; our survey showed that 46% of Facebook users believed
that Facebook could not share their information with third parties.
6.3 Choice
“At its simplest, choice means giving consumers options as to how any personal information collected
from them may be used. Specifically, choice relates to secondary uses of information – i.e., uses
beyond those necessary to complete the contemplated transaction.” [6]
Clearly, it is necessary to enter some personal information if one wishes to participate in a social
networking website. However, there is large amounts of additional disclosure going on. The two
types of disclosure are disclosure to other users of the site, and disclosure to third parties, primarily
23
advertisers. The privacy features provided by Facebook, to a large extent, allow the interested user
to easily control what other users of the site can see about their profile data.
The issue here is that there are virtually no controls on what Facebook can expose to advertisers.
The blanket statement regarding disclosure allows Facebook to disclose any personal data to adver-
tisers. It also allows advertisers to set cookies that are not governed by the privacy policy. There is
way to request that Facebook not share your information with others, but it is not transparent and
there is no evidence that one’s request is actually honored. See later in the paper for more details.
6.4 Access
“[Access] refers to an individual’s ability both to access data about him or herself – i.e., to view the
data in an entity’s files – and to contest that data’s accuracy and completeness. Both are essential
to ensuring that data are accurate and complete.” [6]
This attribute is more targeted at credit agencies and other organizations which maintain files on
users which they may not want to disclose. Because Facebook is based on the sharing of information,
and because Facebook provides users with the ability to control this information, Facebook follows
this principle fairly well.
6.5 Security
Security is the process that ensures data integrity and restricts access to those who have been
granted it legitimately. Privacy Online states in part “To assure data integrity, collectors must take
reasonable steps, such as using only reputable sources of data and cross-referencing data against
multiple sources, providing consumer access to data, and destroying untimely data or converting it
to anonymous form.”
Although Facebook is certainly vague about the uses to which the data will be put, it gives users
control over the existence of information about themselves in the Facebook database. Their terms
of service clearly state that “You may remove your Member Content from the site at any time. If
you choose to remove your Member Content, the license granted above (that permits Facebook to
use the data) will automatically expire.”
“Security measures include encryption in the transmission and storage of data; use of passwords;
and the storage of data on secure servers or computers that are inaccessible by modem.”
By this standard, Facebook falls short. Although Facebook uses passwords to protect accounts
and a MD5 hash as authorization, their use of encryption is nonexistent. All authorization informa-
tion is sent in the clear, including the account passwords, making them exceedingly easy to sniff off
of a public network. This is clearly inferior to the current best practices for password protection.
The “My Photos” feature seems to run counter to the Security principle, as third parties can
upload pictures and associate them with one’s account, without any checks on the accuracy or
24
appropriateness of the data. Users have no way of preventing pictures of them from being uploaded.
Even if users seek to disassociate themselves with any photos, the most they can do is remove
the tag that links the photo directly to the user’s profile. In addition, there are absolutely no user
controls akin to “My Privacy” relating to photos at all. We have found that any Facebook picture
is accessible from any Facebook account, with no regard for privacy settings, or even the default
Facebook per-university controls. One can ask to see all of the pictures of “Michael Smith” at
Stanford and view them, even if one is logged into the MIT facebook.
6.6 Redress
“To be effective, self-regulatory regimes should include both mechanisms to ensure compliance
(enforcement) and appropriate means of recourse by injured parties (redress).”
Much like the other privacy principles, Redress requires that customers be aware of ways in
which they may be harmed. In the case of security breaches, there is no policy for notification of
customers. In light of holes such as the “advanced search” hole described below, a clear policy on
this matter would have been beneficial for users.
In addition, redress should entail acknowledgment of user requests and transparency in follow-
through on them. The “prevent my information from being transmitted to third parties” request
would be much improved if one could track the ramifications of that request.
7 Threat Model
7.1 Security Breach
Threat and Feasibility
A security breach at Facebook, either from an outsider locating vulnerability or from a disgruntled
insider, would potentially put all 8,000,000 Facebook records at risk. This is not a risk that can
be eliminated; no site is perfectly secure. The fear of a security breach is certainly a reasonable
one, as large data warehouses are often targets of intruders. For example, ChoicePoint’s databases
were breached and 145,000 records were compromised. [3] While a Facebook breach would not be
sufficient to start performing identity theft, a trove of so much personal information would contain
much information that people would not want to make public.
MySpace: A Comparison
MySpace has several clauses in its Privacy policy that deal directly with contingencies that are
not pleasant for the company to admit. The company tells users that security breaches can never
25
be completely prevented, even if “reasonable” steps are taken to prevent security breaches. This
ensures that an unreasonable expectation of data security is not established[10].
In addition, MySpace confronts the possibility that they will be acquired, and notifies its users
that their new owners could be less than scrupulous about using personal data. Their notification
requirements regarding changes to their privacy policy appear to be aimed at this contingency.
Unfortunately, MySpace does not have a notice requirement in the case of security breaches.
Recommendation for Facebook: Security Disclosures Facebook should have a policy regarding
disclosures of private information due to security breaches or unethical employees. A clearly stated
requirement in their terms of service that they notify end-users whose privacy was violated would
empower end-users.
7.2 Commercial Datamining
Threat
Companies such as ChoicePoint, Inc. have built billion-dollar business on selling databases of per-
sonal information. Facebook has a database on 8 million college students that is far more accurate
than the usual commercial data, as users have an incentive to make information accurate. Profiles
used for social networking are likely to be 100% accurate, as they are maintained by their subjects.
This is in marked contrast to the accuracy of databases such as those maintained by ChoicePoint
and Acxiom, which have records of dubious accuracy[15].
Feasibility
Using our code, attached as an appendix, we were able to crawl Facebook for four schools, creating
a comprehensive data-set spanning all accessible profiles. Thus, we can conclude that it is possible
to harvest data from the site. The fact that we (two students) were able to data-mine the Facebook
in a week, using the time allotted to us for one class is evidence that data-mining the Facebook is
evidence that it is not only possible, but easy.
Current Precaution
Facebook’s Terms of Service state that using the site for data-harvesting purposes is forbidden.
This statement offers no protection, however, if it is possible to use the site for these purposes,
and there is no recourse against those who may seek to do so. Our data collection violates the
Terms of Service for Facebook, which states that “You further agree not to harvest or collect email
addresses or other contact information of members ... for the purposes of sending unsolicited emails
or other unsolicited communications. Additionally, you agree not to use automated scripts to collect
information from the Web site or for any other purpose.” “Clickwrap” licenses like the terms of
26
service have generally been upheld by courts
10
, but the danger posed to a person breaching this
contract is uncertain at best. There are no provisions for the violation of the Terms of Service, and
the termination of the offending account would not be a sufficient deterrent for those determined
to obtain and use this information.
Recommendations To Facebook: Better URL System Because of the method by which Face-
book assigns User IDs, one can easily download all accessible profiles. A better system would be to
make the profile number space 10 times the number of people eligible for accounts at the university,
and assign user IDs randomly out of that. Then, when invalid UIDs are accessed, those IPs/accounts
could be monitored for signs of abuse.
7.3 Database Reverse-Engineering
Threat and Feasibility
Facebook’s “advanced search” allows one to query the database of users using any of the fields in
a profile. For example, one can search for sophomore males at Duke that enjoy Kurt Vonnegut.
The problem is that when people hide their profile page, they expect the information on it to
remain private. An MIT student could write “getting drunk” as an interest and set their profile
so that only their friends could see their profile, expecting that this information is secure. This
information is not actually secure unless they also exclude their profile from searches. An advanced
search for “getting drunk” would still associate the students’ name with this string.
The problem was compounded by a security hole that multiple people have discovered. Normally,
performing a query at a certain college requires that one be logged in from an @thatcollege.edu
account. A high school student at an MIT summer program discovered that by changing the server
in the query URL from “mit.facebook.com” to “school.facebook.com”, he could perform the query
on any school without having a valid account for that school. He also discovered that most fields
are indexed by ID number, so he was able to systematically query who lived in dorm “101”, “102”,
etc, until he had a comprehensive list of where everyone said they lived in their profiles. He was
only interested in using data on MIT students in an aggregated manner, but with that knowledge,
one could easily reconstruct all Facebook profiles regardless of privacy preferences.
Further research found a student that actually employed this strategy to create a database of at
other local schools. Up until November 10, 2005, he was able to systematically build up a database
from queries on Facebook’s database. Over the course of a month, he compiled information on over
82,000 students at 8 Boston-area schools.
10
ProCD v. Zeidenberg, referenced in [19]
27
Current Facebook Precaution
Facebook blocks Advanced Search, except at one’s school, which limits the scope of the problem.
The “Exclude my name from searches” preference in the “My Privacy” section actually solves the
problem. Because an intuitive leap is needed to see how to use the Advanced Search for data-mining,
however, it takes the same intuitive leap for users to see the risk and protect themselves from it.
Recommendation to Facebook: Restricting Search When users set their profile to be friends-
only, all information save their name should be withheld from being searched by “Advanced Search.”
7.4 Password Interception
Threat
The fact that the username and password were sent in cleartext is a security vulnerability. An
adversary could read Facebook user names and passwords off of the Ethernet or unencrypted wireless
traffic, obtaining access to users’ Facebook passwords, as well as any additional accounts they use
those passwords for. Because of the ethical and legal implications of doing so, we did not attempt
to steal passwords. It should be noted, however, that MIT cited password theft as a real problem
when they maintained telnet servers that had login data sent as cleartext. The University of New
Mexico cited this as the main reason they chose to disable Facebook access from their network.
Because many many users use their university email passwords as their Facebook passwords, UNM
views Facebook as a security liability for their network.
Current Facebook Precaution
Facebook currently takes no steps to protect user passwords in transit.
Recommendation to Facebook: Encrypt the Passwords Using SSL for login is the industry
best practice for protecting passwords on login. It is used by Google Mail, eBay, MIT WebMail, and
countless other sites to protect sensitive information as it is being transferred. It is a simple, cheap
solution that would close a major security hole.
7.5 Incomplete Access Controls
Threat and Feasibility
In searching for user photos on Facebook, the service uses a variant of this URL:
http : //mit.facebook.com/photo search.php&name = John (6)
28
There is nothing inherently wrong with allowing users to search for photos, but there are no restric-
tions akin to “My Privacy” for photographs. In addition, the usual access controls do not apply to
“My Photos,” anyone from any university can search for and see any other photograph by editing
the query URL.
The ability of users to upload and tag photographs easily, and the difficulty for a user to de-tag
large numbers of photographs, makes it easy for others to find photographs with few restrictions.
Current Facebook Precaution
Facebook limits photograph searches by profile in the same way they limit regular searches; the
problem lies in the additional unrestricted method of searching all photos by name.
Recommendation to Facebook: Restrictions on Pictures Search This is weaker than any
other access controls on the site; by default, users are unable to view others’ profiles on other
websites, but they can view all pictures. “My Privacy” should extend to the “My Photos” feature
as well, and the search by name should be disabled.
7.6 University Surveillance
Threat
Students in many cases are unaware of the complex interactions between university policy and the
information they are making available online. Administrators are using Facebook to learn about
their students... and their students’ activities. Recent months have seen a rash of incidents coming
from students disclosing information that they never thought would end up in deans’ offices, but
has. These problems are not limited to technical schools like MIT, they exist all over the nation.
Feasibility
MIT MIT has not had any high-profile Facebook-related cases yet, but there have been smaller
incidents, and a growing realization of the importance of Facebook in a college environment. Dean
of Residential Life Programs Andrew Ryder has stated that MIT is not actively monitoring Facebook
for rule infractions. He did say, however, that if public or quasi-public Facebook information was
brought to his attention, he would have to act on it. It is also his personal belief that Facebook
data would be admissible in Committee on Discipline hearings. Without detailing specific cases,
he alluded to the fact that Facebook incidents that MIT has had to deal with so far have related
to a student posting unflattering or untrue information about another student, which generated a
complaint to the Department for Student Life. The one other MIT case involved a freshman in the
class of 2008 advertising a party in his soon-to-be dorm room on Facebook before he even arrived
on campus.
29
Cameron Walker and Fisher College In October of 2005, Cameron Walker, then a second year
student at Fisher College in Boston, MA, was expelled from the school and barred from the campus.
The reason for this action given by Fisher College was Walker’s creation of a Facebook group
committed to the dismissal of a campus security officer believed to regularly overstep the limits of
his line of duty. School officials who monitored Facebook, pressured Walker to remove the group,
and ultimately canceled Fisher’s student status.
Mr. Walker’s expulsion could set a dangerous precedent for university officials. Students believe
that the information they post to Facebook should be protected as correspondence, while school
officials, particularly at schools with strict codes of discipline, will use evidence posted on Facebook
to bring formal disciplinary charges against students. This is the first incident of a student being
expelled for actions on Facebook. We conducted a phone interview with Walker in mid-Novemnber.
He was a sophomore in the class of 2008 in October 2005, when the events leading to his expulsion
occurred. His expulsion demonstrates the issues that can arise from the interactions of Internet
publication and “unclear, ambiguous, and vague” (Walker’s words) student codes of conduct, es-
pecially as they pertain to harassment. Walker claims that his expulsion was an example of a “few
administrators doing whatever they wanted”, and that he “was naive about Facebook, because it
wasn’t affiliated with a university.”
News at Other Schools In recent weeks, there has been an explosion of articles in college newspa-
pers relating to the privacy concerns of Facebook. The recent expulsion of Cameron Walker may have
created a concrete example of the harm that can come from Facebook activity; it is the one case that
many news articles mention. Since November 1, cautionary articles have appeared in the newspapers
of Emory[21], Georgia College[22], Dartmouth[23], the University of Oregon[24], Trinity College[25],
Macalester[26], Syracuse[27], Brown[28], GW, University of Tennessee at Chattanooga[29], UNC
Greensboro[30], and UPenn[31].
Current Facebook Precaution
The Facebook currently does not take steps to prevent this type of disclosure.
Recommendation to Universities: From a student perspective, Facebook has been an area
relatively free of administrative interference until now. University policies are two-fold; there is
the letter of the law, and what is actually enforced. The wealth of new information available to
administrators pushes the enforceability much closer to the literal readings of school policies, which
could have many unintended consequences. On the other hand, administrators are not free to set
whatever policies they see fit, and in an age of litigation, they cannot afford to selectively enforce
policies. To do so would be to make the university vulnerable to lawsuits in cases where forbidden
behavior goes too far undetected.
30
In addition, Facebook is becoming a key component of college life, and college administrators
would not be doing their jobs if they didn’t understand and explore how a large portion of their
student body was using their spare time and interacting with each other.
Because of this complex interaction, and the differing goals that administrators have, colleges
should look at their primary interaction with Facebook an educational one. Students can only claim
that they have been treated unfairly if they can establish an expectation of privacy. If universities
are going to use this information, they should tell their students this up-front.
Recommendation to Universities: Educate Students The university’s most important role,
however, is that of education. To fulfill this mission, universities should educate their students
about the dangers that online disclosure of information can pose. Because students are getting
accounts earlier and earlier, a program during Orientation would help students from running afoul
of university policy or being harassed.
Recommendation to Facebook: Warnings Page In an environment of growing misuse of in-
formation made public by Facebook, Facebook would do its users a great service to explain the
dangers of security breaches and outside monitoring. Until the societal norms regarding this new
use of computers become well-established, Facebook could clearly state that they could provide
no guarantees regarding the security of their data, and that if users make their profiles public, all
information contained therein may be viewed by job interviewers and college administrators.
Recommendation to Facebook: Opt-Out Privacy In a world where a minority of users change
software preferences, privacy protection cannot be an “opt-in” option. Facebook faces a tough
choice here: their business model is based on many ad views, which requires extended browsing
sessions, which requires a relatively open network. Yet, opt-out protection is far more effective, as
demonstrated by Shah and Sandvig in “Software Defaults as De Facto Regulation.” Their study
found that if encryption on WAPs is set by default, 96% of users employ it, 3.4 times the number
that do when it is not set by default.
Recommendation to Facebook: Merge “My Privacy” Facebook is unique, however, in that
users are expected to return often and update their “preferences” (who their friends are, their
profile information). Thus, Facebook could leverage this culture by merging the functions of profile
updating and privacy settings. One page could contain fields regarding basic profile information as
well as privacy settings, thereby greatly increasing the number of views the privacy settings get daily.
31
7.7 Disclosure to Advertisers
Threat and Feasibility
Facebook has a relationship with several companies currently. Apple and JetBlue, among others,
have their own “groups” that interested users can join, to show their brand loyalty, or for a chance
at giveaways. Facebook’s privacy policy explicitly says that they may disclose profile information to
third parties, so the prospect of them doing so is clearly realistic.
Current Facebook Precautions
Facebook offers an “opt out” link on their Privacy Policy page, which, if clicked, means that one
can “submit a request” to Facebook to not share information with third parties. They say that
they “will make every effort to implement any choice you make as soon as possible.” Offering the
user choice in this matter is clearly to the user’s benefit. However, the feature has no followup or
feedback, and is couched in language that does not actually imply any sort of binding agreement.
Other Services’ Precautions
Friendster Friendster’s privacy policy is indicative of a more mature service, with narrower goals,
dealing with smaller amounts of personal information than Facebook. Friendster only collects the
data you enter into your profile, your name, e-mail address, IP address, and user agent. Unlike
Facebook, Friendster agrees to never share your information with any outside agency, unless expressly
required to do so by law.
MySpace MySpace also has a much more explicit and user-oriented disclosure policy. The scope
of disclosure to third parties is much more explicitly dealt with, and limited to:
• Disclosure to advertisers whom users have “explicitly requested” to receive information from
11
.
• The use of cookies by advertisers.
12
• Disclosures required to enforce their TOS, to protect them legally, or to protect the safety of
the public
13
.
11
Users may be asked to provide personal information including name, email address or home address or to answer
questions in order to participate. We may transfer personal information to certain ad partners that you have explicitly
requested to receive information from. It will be clear at the point of collection who is collecting the personal
information and whose privacy statement will apply.
12
“A User is bound by any minor changes to the policy when she or he uses the site after those changes have been
posted If, however, we are going to use users’ personally identifiable information in a manner materially different from
that stated at the time of collection we will notify by posting a notice on our Web site for 30 days.”
13
“Except as otherwise described in this privacy statement, MySpace will not disclose personal information to any
32
Recommendation to Facebook: Accountability and Accessibility for Third-Party Opt-Out
An opt-out feature that guaranteed that the user’s information would not be disclosed in the future
would allow users much more control over their privacy. If the process is complex, then a method
for tracking one’s request would increase the transparency of the process. In addition, the link is
buried in the privacy policy, which is a legal agreement; users who want to take action would look
to “My Privacy.” To actually make the option effective, it should be located in “My Privacy.”
Recommendation to Facebook: Privacy Policy Improvements Facebook’s privacy policy is
vague and subject to change at the whim of the owners of the website. The Facebook policy allows
any disclosure of information to third parties that Facebook feels is appropriate. Facebook should
seek to emulate MySpace in this manner, and perhaps even go farther.
A user-centered Terms of Service would clearly delineate which information is shared with which
partners, depending on whether a user clicked on a third party’s ad or joined a third party’s group.
A notice period announcing a change in the Terms of Service is another change that would improve
the user experience.
7.8 Lack of User Control of Information
Threat
Other users can upload and associate information to one’s Facebook account. The most prominent
feature of this type is the “My Photos” feature, which allows users to upload photos and tag them
with the names of the people in the pictures. This functionality has already resulted in trouble for
an underage student at University of Missouri-Columbia when college administrators found a picture
of her duct-taped to a chair while another student poured beer in her mouth. This was a matter of
considerable embarassment as she had just been elected student body vice president. The university
is currently considering removing her from that role.
Current Facebook Precaution
Facebook allows users to de-associate themselves from unwanted data, but in the case of pho-
tographs, the data remains on the server. This is also an “opt-in” function that requires constant
monitoring of the system.
third party unless we believe that disclosure is necessary: (1) to conform to legal requirements or to respond to a
subpoena, search warrant or other legal process received by MySpace.com, whether or not a response is required by
applicable law; (2) to enforce the MySpace.com Terms of Use Agreement or to protect our rights; or (3) to protect
the safety of members of the public and users of the service.”
33
Recommendation to Facebook: Better Restrictions on Third-Party Information Third par-
ties’ ability to submit and associate information about users violates one of the key principles of
information practices: the idea that users should have the ability to control and correct the informa-
tion about them in a particular database. Although Facebook allows users to delete Wall postings
and de-associate themselves with photographs, this is an “opt-in” mechanism that requires constant
monitoring. Modifying the “My Privacy” feature to allow a blanket disabling of these features for
a particular user would help users control their information.
Recommendation to Users: Exercise Caution Users should be aware that there are effectively
no access controls on pictures, and that they should only upload the pictures that they would feel
comfortable having anybody on the Facebook viewing.
In addition, realize that the photos that you upload of other people may be viewed by their high
school friends or their family. Don’t post anything of them doing anything that you wouldn’t want
your parents to see you doing.
7.9 Summary and Conclusion
Ultimately, lasting change in online privacy will only come from a gradual development of common
sense regarding what is appropriate to post in social networking forums. Unfortunately, this is not
an easy fix. Until users view alluding to underage drinking or drug use on their profiles as risky,
mistakes regarding privacy will continue to occur. Revealing this sort of information needs to be
viewed as the equivalent of going alone to the apartment of a person one met on the Internet.
It is vital that Facebook users everywhere appreciate the potential for use of the system by
administrators. We strongly advise all Facebook users to restrict access to their profiles, to not
post information of illegal or policy-violating actions to their profiles, and to be cautious with the
information they make available.
This lasting change will only come with time and understanding. Nobody can fault Facebook for
students making questionable decisions, but the environment that Facebook creates should be one
that fosters good decision-making. Privacy should be the default, encryption should be the norm,
and Facebook should take strides to inform users of their rights and responsibilities.
8 Conclusion
8.1 Postscript: What the Facebook does right
A paper that analyzes the threats to privacy a system poses will inevitably adopt a negative tone
about the target of its examination. Although Facebook has flaws, there are also areas in which it is
a leader among social networking sites. The fact that each university Facebook is effectively its own
34
site virtually firewalled off from the rest of the network is a much more private-by-default system
than Friendster or MySpace, which explicitly notes that there is no way to restrict profile information.
This system makes data harvesting much harder, though not impossible. The requirement of having
a school email account to sign up is largely effective in preventing fake accounts and what could
otherwise be a problem of Facebook “identity theft.”
The “My Privacy” settings model is fundamentally sound. The current model would be close to
ideal if the defaults and behaviors of settings were changed, which would not require a substantial
engineering effort.
Although the flaws with “My Photos” are pronounced, the existing security model is robust
enough to solve most of the problems associated with it. If the name search for photos followed
“My Privacy” rules, it would be allow users to control their data very easily.
8.2 Final Thoughts
Facebook is used by over 8 million college students, but no academic study has been done of its
effect on end-users. As with any emerging technology, the common sense regarding its proper use
has lagged behind what technology has made possible. Although the Internet has made it possible
to publish personal information online for a decade, social networking sites are unique in that they
standardize, centralize, and encourage the publication of personal data to an unprecedented extent.
The consequences of excessive disclosure of personal information and false senses of security are just
beginning to emerge. Although no national attention has been devoted to the issue, more stories
of students being disciplined because of Facebook appear in college newspapers every week. As
information retrieval and analysis tools become more powerful, the public needs to develop common
sense about accepted practices on these sites. Much as it is now common sense to not meet
people online without taking significant precautions, a body of common knowledge about disclosing
information online would protect the public. This research aims to begin that dialogue. From a
technological perspective, there has been little dialogue about investigating the protections put in
place at one of the most-visited sites on the internet, which contains detailed files on more than 8
million young adults. Security by obscurity is not the best practice for any system, let alone one used
by so many. The user community of this site and future sites will benefit from increased attention
to these issues.
References
[1] Adamic, Lada A., Buyukkotken, Orkut, and Adar, Eytan. 2002. “A Social Network Caught In
The Web.” http://www.hpl.hp.com/research/idl/papers/social/social.pdf
35
[2] Sandvig, C. & Shah, R. (2005). Defaults as De Facto Regulation: The Case of Wireless Access
Points. Paper presented at the 33rd Telecommunications Policy Research Conference (TPRC)
on Communication, Information, and Internet Policy, Arlington, Virginia, USA.
[3] Konrad, Rachel. Associated Press. February 24, 2005, “Burned by ChoicePoint breach, potential
ID theft victims face a lifetime of vigilance.”
[4] Terremark Worldwide, Inc. “Facebook Expands Operations at Terremark’s NAP West Facility”
Tuesday November 1, 8:30 am ET.
[5] Newitz, Annalee. “Dangerous Terms: A User’s Guide to EULAs.”
http://www.eff.org/wp/eula.php. Loaded December 14, 2005.
[6] Federal Trade Commission, Privacy Online: Report to Congress, 1999.
[7] Facebook Privacy Policy, available online at http://www.facebook.com/policy.php.
[8] Facebook Terms of Service, available online at http://www.facebook.com/terms.php.
[9] MySpace Terms of Service, available online at http://viewmorepics.myspace.com/misc/terms.html.
[10] MySpace Privacy Policy, available online at http://viewmorepics.myspace.com/misc/privacy.html.
[11] Friendster Terms of Service, available online at http://www.friendster.com/info/tos.php.
[12] Friendster Privacy Policy, available online at http://www.friendster.com/info/privacy.php.
[13] New York Times, August 28, 2005. “Do You MySpace?” By Alex Williams.
[14] Marshall, Matt and Anna Tong. “Palo Alto, Calif.-based Facebook brings social networking
online.” San Jose Mercury News, August 29, 2005.
[15] Data Aggregators: A Study of Data Quality and Responsiveness. Pierce, Deborah and Linda
Ackerman. May 19, 2005 http://www.privacyactivism.org/docs/DataAggregatorsStudy.html
[16] New York University Admissions, “Fast Facts”, http://admissions.nyu.edu/fast facts/
[17] Sample Size Calculator, http://www.surveysystem.com/sscalc.htm
[18] Phone Interview, Daniel Dedap
[19] Contracts, Copyright, and Confusion: Revisiting the Enforceability of ’Shrinkwrap’ Licenses.
Heath, Steven. Chicago-Kent Intellectual Property Law Society Journal of Intellectual Property.
36
8.3 College Newspaper Articles
[20] Sealy, Will. “What facebook doesnt tell you.” The Flat Hat, student newspaper of The College
of William and Mary. http://flathat.wm.edu/story.php?issue=2005-11-04&type=2&aid=3.
Loaded December 14, 2005.
[21] Zelkowitz, Rachel. “ ‘Wasted’ Facebook group causes con-
troversy.” The Emory Wheel Online, November 22, 2005.
http://www.emorywheel.com/vnews/display.v/ART/2005/11/22/43829c13eb4d8. Loaded
December 14, 2005.
[22] “Public Safety considers Facebook a valuable tool for party busts.” The
Colonnade, Georgia College and State University. November 4, 2005.
http://www.gcsunade.com/media/paper299/news/2005/11/04/CampusNews/
Public.Safety.Considers.Facebook.A.Valuable.Tool.For.Party.Busts-1046210.shtmlLoaded
December 14, 2005.
[23] Paquin, Christine. “Administrators advise caution in Facebook postings” The Dartmouth,
November 21, 2005. http://www.thedartmouth.com/article.php?aid=2005112101070. Loaded
December 14, 2005.
[24] “Facebook could invite more than your friends.” Oregon Daily Emerald, November
28, 2005. http://www.dailyemerald.com/vnews/display.v/ART/2005/11/28/438aca3122ba8.
Loaded December 14, 2005.
[25] Montermini, Fabrizio. “Facebook Raises Privacy Concerns.” The Trinity Tripod, Novem-
ber 29, 2005. http://www.trinitytripod.com/media/paper520/news/2005/11/29/News/
Facebook.Raises.Privacy.Concerns-1115345.shtml. Loaded December 14, 2005.
[26] Martucci, Brian. “As Facebook grows, more than just friends are watching.” The Mac Weekly,
December 9, 2005. http://www.themacweekly.com/article.php?arid=133. Loaded December
14, 2005.
[27] Shoffel, Jessical. “SUNY-ESF warns students of Facebook content vi-
olating conduct codes.” The Daily Orange, December 2, 2005.
http://www.dailyorange.com/media/paper522/news/2005/12/02/News/
SunyEsf.Warns.Students.Of.Facebook.Content.Violating.Conduct.Codes-1119079.shtml.
Loaded December 14, 2005.
[28] Woo, Stu. “The Facebook: not just for students.” The Brown Daily Herald, November 3, 2005.
http://www.browndailyherald.com/media/paper472/news/2005/11/03/CampusWatch/ The-
Facebook.Not.Just.For.Students-1044229.shtml. Loaded December 14, 2005.
37
[29] Walker, Rachel. “UTC cops check Facebook for underage drinkers.” The Echo online, Novem-
ber 10, 2005. http://www.utcecho.com/media/paper483/news/2005/11/10/Culture/Utc-
Cops.Check.Facebook.For.Underage.Drinkers-1053481.shtml. Loaded December 14, 2005.
[30] McIntyre, Luke. “FAILURE TO COMMUNICATE: Don’t let Face-
book land you in jail.” The Carolinian Online, November 8, 2005.
http://www.carolinianonline.com/media/paper301/news/2005/11/08/Opinions/
Failure.To.Communicate.Dont.Let.Facebook.Land.You.In.Jail-1048102.shtml. Loaded De-
cember 14, 2005.
[31] Kramer, Melody Joy. “Forfeiting privacy, one post at a time.” The Daily Pennsylvanian, Novem-
ber 30, 2005. http://www.dailypennsylvanian.com/vnews/display.v/ART/438d34a676ff6.
Loaded December 14, 2005.
[32] Wang, Jiao. “Facebook Profiles Become Handy Tool for Recruiters.” The Tech, December 13,
2005. http://www-tech.mit.edu/V125/N61/facebook.html. Loaded December 14, 2005.
9 Acknowledgements
Harvey and Jose would like to thank Hal Abelson, Danny Weitzner, Keith Winstein, and Les Perelman
for being available to answer questions and edit a 40-page paper multiple times. We would also like
to thank the students that took our survey, and the numerous students that took time to discuss
the Facebook with us. We would also like to thank Laura Martini and the rest of EC Second West
for putting up with us, and the TEPs who gave us feedback. Without Dan Dedap and Sheeva
Azma, this project would not have happened. Finally interviews we conducted provided invaluable
background and insight.
9.1 Interview subjects
• Andrew Ryder, Assistant Dean, MIT Residential Life Programs
• Sharon Snaggs, Residential Life Associate, MIT
• Christopher Varenhorst, MIT Undergraduate
• Facebook scraper (name withheld)
• Jeff Gassaway, University of New Mexico Security Administrator
• Cameron Walker, Fisher College student
• Daniel Dedap, NYU alumnus, class of 2005
38
A Facebook Privacy Policy
[7] This policy is effective as of June 28, 2005.
Introduction The Facebook Privacy Policy is designed to assist you in understanding how we
collect and use the personal information that you provide to us and to assist you in making informed
decisions when using the Facebook web site located at www.facebook.com (the “Web Site”).
The Information We Collect When you visit the Web Site you may provide us with two types of
information: personal information you knowingly choose to disclose that is collected by us and Web
Site use information collected by us on an aggregate basis as you and others browse our Web Site.
When you register on the Web Site, you provide us with certain personal information, such as
your name, your email address, your telephone number, your address, your gender, schools attended
and any other personal or preference information that you provide to us.
When you enter our Web Site, we collect the user’s browser type and IP address. This information
is gathered for all users to the Web Site. In addition, we store certain information from your browser
using “cookies.” A cookie is a piece of data stored on the user’s computer tied to information about
the user. We use session ID cookies to confirm that users are logged in. These cookies terminate
once the users close the browser. We do not use cookies to collect private information from any
user.
Facebook also collects information about you from other sources, such as newspapers and instant
messaging services. This information is gathered regardless of your use of the Web Site.
Children Under Age 13 Facebook does not knowingly collect or solicit personal information from
anyone under the age of 13 or allow such persons to register. If you are under 13, please do not
send any information about yourself to us – including information like your name, address, telephone
number, or e-mail address. No one under age 13 is allowed to provide any personal information or
use our public forums. In the event that we learn that we have collected personal information from
a child under age 13 without verification of parental consent, we will delete that information as
quickly as possible. If you believe that we might have any information from or about a child under
13, please contact us at: info@facebook.com.
Children Between the Ages of 13 and 18 We recommend that minors over the age of 13 ask
their parents for permission before sending any information about themselves to anyone over the
Internet.
Use of Information Obtained by Facebook When you register on the Web Site, you create your
own profile and privacy settings. Your profile information, as well as your name, email and photo,
39
are displayed to people in the groups specified in your privacy settings to support the function of the
Web Site. In addition, we may use your name and email address to send you notifications regarding
the Web Site and, occasionally, new services we think you may find valuable.
No personal information that you submit to Facebook will be available to any user of the Web
Site who does not belong to at least one of the groups specified by you in your privacy settings.
We use the information about you that we have collected from other sources to supplement your
profile unless you specify in your privacy settings that you do not want this to be done.
Sharing Your Information with Third Parties We may share your information with third parties,
including responsible companies with which we have a relationship. For example:
• We may provide information to service providers to help us bring you the services we offer.
Specifically, we may use third parties to facilitate our business, such as to send email solici-
tations. In connection with these offerings and business operations, our service providers may
have access to your personal information for use in connection with these business activities.
• We may be required to disclose customer information pursuant to lawful requests, such as
subpoenas or court orders, or in compliance with applicable laws. Additionally, we may share
account or other information when we believe it is necessary to comply with law or to protect
our interests or property. This may include sharing information with other companies, lawyers,
agents or government agencies.
• If the ownership of all or substantially all of the Facebook business were to change, your
user information would likely be transferred to the new owner. If you do not want to
receive promotional email from Facebook and/or do not want us to share your informa-
tion with third parties for marketing purposes, please submit a request by clicking here
http://mit.facebook.com/help.php?add=1. We will make every effort to implement any
choice you make as soon as possible.
Links This site may contain links to other websites. Facebook is not responsible for the privacy
practices of other web sites. We encourage our users to be aware when they leave our site and to read
the privacy statements of each and every web site that collects personally identifiable information.
This privacy statement applies solely to information collected by Facebook Web Site.
Third Party Advertising Advertisements that appear on the Web Site are delivered to users by our
advertising partners. Our advertising partners may download cookies to your computer. Doing this
allows the advertising network to recognize your computer each time they send you an advertisement.
In this way, they may compile information about where you, or others who are using your computer,
saw their advertisements and determine which advertisements are clicked. This information allows
40
an advertising network to deliver targeted advertisements that they believe will be of most interest
to you. Facebook does not have access to or control of the cookies that may be placed by the third
party advertisers.
This privacy statement covers the use of cookies by Facebook and does not cover the use of
cookies by any of its advertisers.
Changing or Removing Information Facebook users may modify or remove any of their personal
information at any time by logging into their account. Information will be updated immediately.
Security Facebook takes appropriate precautions to protect our users’ information. Your account
information is located on a secured server behind a firewall. Because email is not recognized as a
secure medium of communication, we request that you do not send private information to us by
email. If you have any questions about the security of Facebook Web Site, please visit our Help
page http://mit.facebook.com/help.php for more information..
Changes in Our Privacy Policy We reserve the right to change our privacy policy at any time.
If we do this, we will post the changes to this policy on this page and will indicate at the top of this
page the policy’s effective date. We therefore encourage you to refer to this policy on an ongoing
basis so that you understand our current privacy policy.
Contacting the Web Site If you have any questions about this privacy policy, please visit our
Help page http://mit.facebook.com/help.php for more information.
B Facebook Terms Of Service
[8] These Terms of Use are effective as of October 3, 2005.
Introduction Welcome to the Facebook, an online directory that connects people through net-
works of academic and geographic centers. The Facebook service is operated by the Facebook
network (“Facebook”). By using the Facebook web site (the “Web site”) you signify that you have
read, understand and agree to be bound by these Terms of Use (this “Agreement”). We reserve
the right, at our sole discretion, to change, modify, add, or delete portions of these Terms of Use at
any time without further notice. If we do this, we will post the changes to these Terms of Use on
this page and will indicate at the top of this page the Terms of Use’s effective date. Your continued
use of the Web site after any such changes constitutes your acceptance of the new Terms of Use.
If you do not agree to abide by these or any future Terms of Use, please do not use or access Web
site. It is your responsibility to regularly review these Terms of Use.
41
Eligibility You must be thirteen years of age or older to register as a member of Facebook or use
the Web site. If you are under the age of 13, you are not allowed to register and become a member
of Facebook or access Facebook content, features and services on the Web Site. Membership in the
Service is void where prohibited. By using the Web site, you represent and warrant that you agree
to and to abide by all of the terms and conditions of this Agreement. Facebook may terminate your
membership for any reason, at any time.
Member Conduct You understand that the Web site is available for your personal, non-commercial
use only. You agree that no materials of any kind submitted through your account will violate or
infringe upon the rights of any third party, including copyright, trademark, privacy or other personal
or proprietary rights; or contain libelous, defamatory or otherwise unlawful material. You further
agree not to harvest or collect email addresses or other contact information of members from the
Web site by electronic or other means for the purposes of sending unsolicited emails or other unso-
licited communications. Additionally, you agree not to use automated scripts to collect information
from the Web site or for any other purpose. You further agree that you may not use Web site in
any unlawful manner or in any other manner that could damage, disable, overburden or impair Web
site. In addition, you agree not to use the Web site to:
• upload, post, email, transmit or otherwise make available any content that we deem to be
harmful, threatening, abusive, harassing, vulgar, obscene, hateful, or racially, ethnically or
otherwise objectionable;
• impersonate any person or entity, or falsely state or otherwise misrepresent yourself or your
affiliation with any person or entity;
• upload, post, email, transmit or otherwise make available any unsolicited or unauthorized
advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,”
or any other form of solicitation;
• upload, post, email, transmit or otherwise make available any material that contains software
viruses or any other computer code, files or programs designed to interrupt, destroy or limit
the functionality of any computer software or hardware or telecommunications equipment;
• intimidate or harass another;
• use or attempt to use another’s account, service or system without authorization from Web
site, or create a false identity on this website.
Proprietary Rights in Content on Facebook All content on Web site, including but not limited
to design, text, graphics, other files, and their selection and arrangement (the “Content”), are
42
the proprietary property of Facebook or its licensors. All rights reserved. The Content may not
be modified, copied, distributed, framed, reproduced, republished, downloaded, displayed, posted,
transmitted, or sold in any form or by any means, in whole or in part, without Web site’s prior
written permission. You may download or print a copy of any portion of the Content solely for
your personal, non-commercial use, provided that you keep all copyright or other proprietary notices
intact. You may not republish Content on any Internet, Intranet or Extranet site or incorporate the
information in any other database or compilation. Any other use of the Content is strictly prohibited.
All trademarks, logos, trade dress and service marks on the Web site are either trademarks or
registered trademarks of Facebook or its licensors and may not be copied, imitated, or used, in
whole or in part, without the prior written permission of Facebook.
Member Content Posted on the Site You are solely responsible for the content, photos or
profiles Content that you publish or display (hereinafter, “post”) on the Service, or transmit to
other Members (collectively the “Member Content”). You understand and agree that Facebook
may review and delete or remove any Member Content that in the sole judgment of Facebook
violate this Agreement or which might be offensive, illegal, or that might violate the rights, harm,
or threaten the safety of Members.
By posting Member Content to any part of the Web site, you automatically grant, and you
represent and warrant that you have the right to grant, to Facebook an irrevocable, perpetual,
non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy,
perform, display, reformat, translate, excerpt (in whole or in part) and distribute such information
and content and to prepare derivative works of, or incorporate into other works, such information
and content, and to grant and authorize sublicenses of the foregoing.
You may remove your Member Content from the site at any time. If you choose to remove your
Member Content, the license granted above will automatically expire.
Copyright Policy Facebook respects the intellectual property rights of others. If you believe your
work has been copied in a way that constitutes copyright infringement or are aware of any infringing
material on the Web site, please contact us at copyright@facebook.com and provide us with the
following information: an electronic or physical signature of the person authorized to act on behalf
of the owner of the copyright interest; a description of the copyrighted work that you claim has been
infringed; a description of where the material that you claim is infringing is located on the Web site;
your address, telephone number, and email address; a written statement by you that you have a
good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the
law; a statement by you, made under penalty of perjury, that the above information in your notice is
accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
43
Links to other websites The Web site contains links to other web sites. Facebook is not re-
sponsible for the content, accuracy or opinions express in such web sites, and such web sites are
not investigated, monitored or checked for accuracy or completeness by us. Inclusion of any linked
web site on Facebook Web site does not imply approval or endorsement of the linked web site by
Facebook. If you decide to leave Facebook Web site and access these third-party sites, you do so
at your own risk.
Member Disputes You are solely responsible for your interactions with other Facebook Members.
Facebook reserves the right, but has no obligation, to monitor disputes between you and other
Members.
Privacy Facebook cares about the privacy of its members. Click here to view the Web site’s
Privacy Policy.
Disclaimers Facebook is not responsible for any incorrect or inaccurate Content posted on the
Web site or in connection with the Service, whether caused by users of the Web site, Members or
by any of the equipment or programming associated with or utilized in the Service. Facebook is
not responsible for the conduct, whether online or offline, of any user of the Web site or Member
of the Service. The Service may be temporarily unavailable from time to time for maintenance or
other reasons. Facebook assumes no responsibility for any error, omission, interruption, deletion,
defect, delay in operation or transmission, communications line failure, theft or destruction or unau-
thorized access to, or alteration of, user or Member communications. Facebook is not responsible
for any problems or technical malfunction of any telephone network or lines, computer online sys-
tems, servers or providers, computer equipment, software, failure of email or players on account of
technical problems or traffic congestion on the Internet or at any web site or combination thereof,
including injury or damage to users and/or Members or to any other person’s computer related
to or resulting from participating or downloading materials in connection with the Web and/or in
connection with the Service. Under no circumstances will Facebook be responsible for any loss
or damage, including personal injury or death, resulting from anyone’s use of the Web site or the
Service, any Content posted on the Web site or transmitted to Members, or any interactions be-
tween users of the Web site, whether online or offline. THE WEB SITE, THE SERVICE AND
THE CONTENT ARE PROVIDED “AS-IS” AND FACEBOOK DISCLAIMS ANY AND ALL WAR-
RANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT. FACEBOOK CANNOT GUARANTEE AND DOES NOT PROMISE ANY
SPECIFIC RESULTS FROM USE OF THE WEB SITE AND/OR THE SERVICE.
44
Limitation on Liability EXCEPT IN JURISDICTIONS WHERE SUCH PROVISIONS ARE RE-
STRICTED, IN NO EVENT WILL FACEBOOK BE LIABLE TO YOU OR ANY THIRD PERSON
FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE
DAMAGES, INCLUDING ALSO LOST PROFITS ARISING FROM YOUR USE OF THE WEB SITE
OR THE SERVICE, EVEN IF FACEBOOK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN,
FACEBOOK’S LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF
THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO THE AMOUNT PAID, IF
ANY, BY YOU TO FACEBOOK FOR THE SERVICE DURING THE TERM OF MEMBERSHIP.
Governing Law and Venue If there is any dispute about or involving the Web site and/or the
Service, you agree that the dispute will be governed by the laws of the State of California without
regard to its conflict of law provisions. You also agree to the exclusive jurisdiction and venue of
the courts of the state and federal courts of Santa Clara County, California and waive all defenses
of lack of personal jurisdiction and forum non conveniens. Any cause of action by you with respect
to the Web site and/or the Service must be instituted within one (1) year after the cause of action
arose or be forever waived and barred.
Indemnity You agree to indemnify and hold Facebook, its subsidiaries, affiliates, officers, agents,
and other partners and employees, harmless from any loss, liability, claim, or demand, including
reasonable attorney’s fees, made by any third party due to or arising out of your use of the Service
in violation of this Agreement or your violation of any law or the rights of a third party.
Other These Terms of Use constitute the entire agreement between you and Facebook regarding
the use of the Web site and/or the Service, superseding any prior agreements between you and
Facebook relating to your use of the Web site or the Service. The failure of Facebook to exercise
or enforce any right or provision of these Terms of Use shall not constitute a waiver of such right or
provision. If any provision of this Agreement is held invalid, the remainder of this Agreement shall
continue in full force and effect.
Questions Please visit our Help page for more information.
C Facebook “Spider” Code: Acquisition and Processing
The following code extracts all Facebook accounts from a given school that are accessible given the
user account provided.
45
C.1 Data Downloading BASH Shell Script
wget --cookies=on --user-agent=’Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.12) Gecko/20050915 Firefox/1.0.7’ --save-cookies=cookies.txt
--keep-session-cookies --load-cookies=cookies.txt
’http://www.facebook.com/login.php?email=LOGIN&pass=PASS’
for (( COUNT = USERID_LOW ; COUNT <= USERID_HIGH; COUNT++ ))
do
wget --cookies=on --wait=12 --random-wait --user-agent=’Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7’
--save-cookies=cookies.txt --keep-session-cookies --load-cookies=cookies.txt
http://SCHOOL.facebook.com/profile.php?id=$COUNT
done
C.2 Facebook Profile to Tab Separated Variable Python Script
import string
import sys
import re
import os
htmltag = re.compile(’<.*?>’)
def make_search(str):
lam = lambda data: re.search(".*%s\:.*" % str, data)
return lam
def strip_html(data):
return htmltag.sub("", data)
attrib=["Name", "Member Since", "Last Update", "School", "Status", "Sex",
"Concentration", "Residence", "Mailbox", "Hometown", "High School",
"Screenname", "Mobile", "Site", "Interests", "Clubs and Jobs", "Favorite
Music", "Favorite Movies", "Favorite Books"]
46
lambdas = map(make_search, attrib)
def process(fname):
f = open(fname, "r")
data = f.read()
dbak = data
try:
friendstr = string.split(data, "category_id=2")[1]
friends = string.split(friendstr, " ")[0][2:]
except IndexError:
friends= ""
try:
data = string.split(data, "<h2>Information</h2>")[1]
data = string.split(data, "<!-- userprofile -->")[0]
except IndexError:
sys.stderr.write("Error! %s" % fname)
data = dbak
if len(string.split(data, "Groups")) == 2:
data = string.split(data, "Groups")[0]
data = string.split(data, "\n")
data = map(strip_html, data)
fields=[""]*len(attrib)
for x in range(len(attrib)):
field = filter(lambdas[x], data)
if field == []:
fields[x] = ""
else:
fields[x] = string.split(field[0], ":")[1]
if attrib[x] == "Name":
fields[x] = string.split(fields[x], "&")[0]
for f in fields:
47
print f, "\t",
print friends
for f in os.listdir(sys.argv[1]):
if f[:5] == "profi":
process(sys.argv[1]+"/"+ f)
C.3 Data Analysis Scripts
C.3.1 The after date script.
import string
import sys
# usage: python afterdate.py col val
# afterdate prints all records whose column #col is after val
# val is of the form yyyymmdd
col = int(sys.argv[1])
val = string.strip(sys.argv[2])
s = "foo"
month={"January":"01",
"February":"02",
"March":"03",
"April":"04",
"May":"05",
"June":"06",
"July":"07",
"August":"08",
"September":"09",
"October":"10",
"November":"11",
"December":"12",}
while True:
48
try:
s = raw_input()
except EOFError:
break
try:
field = string.strip(string.split(s, "\t")[col])
except IndexError:
sys.stderr.write("PROCESS ERROR\n")
continue
fs = string.split(field)
if len(field) > 2:
date = int("%s%s%02i" % (fs[2], month[fs[0]], int(fs[1][:-1])))
if date> int(sys.argv[2]):
print s
C.3.2 The bin count script.
import string
import os
import sys
vals=[0]*150
col = int(sys.argv[1])
bin = int(sys.argv[2])
s = "foo"
while True:
try:
s = raw_input()
except EOFError:
break
try:
49
field = string.split(s, "\t")[col]
except IndexError:
print "PROCESS ERROR"
continue
if field == "one":
field = "1"
if field == "":
continue
try:
fval = int(field)
except ValueError:
print "ERROR:", field
try:
vals[fval/10] += 1
except IndexError:
print len(vals)
print "ERROR:" + str(fval)
if int(sys.argv[2]) == 1:
for k in vals:
print k
C.3.3 The bin date script.
import string
import sys
# usage: bindate col
# col = number of column to use MUST BE A DATE COLUMN
# bindate prints the number of records where
# column #col = January 2004, then February 2004, etc.
col = int(sys.argv[1])
50
s = "foo"
month={"January":"01",
"February":"02",
"March":"03",
"April":"04",
"May":"05",
"June":"06",
"July":"07",
"August":"08",
"September":"09",
"October":"10",
"November":"11",
"December":"12",}
year={
"2004": 0,
"2005": 1}
bins=[0]*24
while True:
try:
s = raw_input()
except EOFError:
break
try:
field = string.strip(string.split(s, "\t")[col])
except IndexError:
sys.stderr.write("PROCESS ERROR\n")
continue
fs = string.split(field)
if len(field) > 2:
bins[year[fs[2]]*12 + int(month[fs[0]])-1] += 1
51
for x in range(len(bins)):
y = str(2004 + x/12)
m = str((x % 12) + 1)
print bins[x]
# print "%s/%s\t%i" % (m, y, bins[x])
C.3.4 The count number script.
import string
import os
import sys
# countnumber col printall
# Countnumber reads from stdin and generates a histogram of the column
# col = the column to read from
# printall = whether to print each individual value
vals={}
col = int(sys.argv[1])
s = "foo"
n = 0
while True:
try:
s = raw_input()
except EOFError:
break
try:
field = string.split(s, "\t")[col]
except IndexError:
print "PROCESS ERROR"
continue
52
if n % 500 == 0:
print field
if field in vals.keys():
vals[field]+=1
else:
vals[field] = 1
n += 1
if int(sys.argv[2]) == 1:
for k in vals.keys():
print k, "\t", vals[k]
if " " in vals.keys():
print "BLANK : ", vals[" "]
print "NOTBLANK : ", n - vals[" "]
print "TOTAL : ", n
C.3.5 The filter field script.
import string
import sys
# usage: python filterfield.py col val
# if col is equal to val, print this record
# otherwise, do nothing
col = int(sys.argv[1])
val = string.strip(sys.argv[2])
s = "foo"
while True:
try:
s = raw_input()
except EOFError:
break
53
try:
field = string.strip(string.split(s, "\t")[col])
except IndexError:
sys.stderr.write("PROCESS ERROR\n")
continue
if field == val:
print s
C.3.6 The greater than script.
import string
import os
import sys
vals=[0]*150
col = int(sys.argv[1])
val = int(sys.argv[2])
s = "foo"
while True:
try:
s = raw_input()
except EOFError:
break
try:
field = string.split(s, "\t")[col]
except IndexError:
print "PROCESS ERROR"
continue
if field == "one":
field = "1"
if field == "":
54
continue
try:
fval = int(field)
except ValueError:
print "ERROR:", field
try:
if fval > val:
print s
except IndexError:
print len(vals)
print "ERROR:" + str(fval)
55
Which gender describes you best? n=419
Number Percentage
No Response 9 3%
Male 186 44%
Female 224 53%
Figure 11: Gender of survey takers
D Supplemental Data
In this section, we included the numerical results of the numerous analyses we performed on the
data we collected from users and directly from Facebook. We referred to many, but not all, of these
figures earlier. This data is useful alone in looking for trends and correlations that did not find their
way into this paper.
56
Which best describes your living arrangements? n=419
House Number Responding Percentage
No Response 45 10.74%
Alpha Chi Omega 1 0.24%
Alpha Epsilon Phi 1 0.24%
Alpha Phi 4 0.95%
Baker House 4 0.95%
Beta Theta Pi 1 0.24%
Bexley Hall 2 0.48%
Burton Conner House 87 20.76%
Chi Phi 2 0.48%
East Campus 107 25.54%
Kappa Alpha Theta 1 0.24%
Kappa Sigma 2 0.48%
Lambda Chi Alpha 2 0.48%
MacGregor House 9 2.15%
McCormick Hall 2 0.48%
New House 3 0.72%
Next House 4 0.95%
No. 6 1 0.24%
Phi Delta Theta 2 0.48%
Phi Kappa Sigma 1 0.24%
Phi Kappa Theta 1 0.24%
Pi Lambda Phi 1 0.24%
Pika 1 0.24%
Random Hall 42 10.02%
Senior House 6 1.43%
Sidney-Pacific 1 0.24%
Sigma Alpha Epsilon 1 0.24%
Sigma Chi 1 0.24%
Sigma Kappa 1 0.24%
Sigma Nu 1 0.24%
Simmons Hall 63 15.04%
Tau Epsilon Phi 7 1.67%
Theta Xi 1 0.24%
WILG 10 2.39%
Zeta Beta Tau 1 0.24%
Figure 12: Chart of survey takers over dorms and ILGs.
57
Figure 13: Distribution of survey takers over dorms and ILGs.
What is your student status? n=419
Number Percentage
No Answer 10 2.39%
Undergrad 380 90.69%
Grad Student 13 3.1%
Alumnus 14 3.34%
Figure 14: Status of survey takers
58
Facebook Logins Per Week n=371
Number Percentage Number Male Number Female
1 to 3 139 37.47% 66 70
4 to 8 95 25.61% 36 57
9 to 15 64 17.25% 27 37
20 to 30 40 10.78% 22 18
31 or more 33 8.89% 11 10
Figure 15: Logins per week
59
Number of friends n=378
Number Percentage Males Females
1 to 10 5 1.32% 3 2
11 to 50 56 14.81% 31 23
51 to 100 117 30.95% 54 62
101 to 200 143 37.83% 58 84
201 to 349 49 12.96% 15 33
350 or more 8 2.12% 4 2
Figure 16: Number of Friends at MIT
60
Percentage of friends from MIT n=372
Number Percentage Males Females
1-15% 5 1.34% 2 3
16-33% 43 11.56% 20 23
34-50% 107 28.76% 56 49
51-75% 174 46.77% 72 101
76-100% 43 11.56% 12 28
Figure 17: Percentage of Friends from MIT
61
Number Allowing Strangers To Friend n=383
Number Percentage Males Females
No 243 63.45% 109 129
Yes 30 7.83% 17 12
Sometimes 110 28.72% 44 65
Figure 18: Analysis of users friending strangers on Facebook
62
Facebook and My Privacy: Familiarity and Utilization n=419
Number Familiar Males Females Number Using Males Females
No Answer 30 15 33 39 18 19
No 100 38 59 234 111 119
Yes 289 133 152 146 57 86
Figure 19: My Privacy, and knoweldge and utilization thereof
63
How concerned are you about Facebook and privacy? n=329
Number Percentage Males Females
Not at all 76 23.1% 43 31
Barely 117 35.56% 43 71
Somewhat 104 31.61% 39 64
Quite 20 6.08% 7 12
Very Concerned 12 3.65% 7 5
Figure 20: Concern for Facebook Privacy
64
Reading of Facebook Terms of Service and Privacy Policy n=419
Read TOS? Percentage Read PP? Percentage
No Answer 30 7.16 % 29 6.92 %
No 353 84.25 % 347 82.82 %
Yes 36 8.59 % 43 10.26 %
Figure 21: Most users do not read the policies that regulate their Facebook use.
65
Can Facebook Share Information? n=419
Number Responding Percentage
No Answer 45 10.74 %
No 174 41.53 %
Yes 200 47.73 %
Figure 22: Users are split on whether or not Facebook can share your information with other
companies, indicating a guess.
Familiarity with “My Photo” feature and policies. n=419
Familiar Percentage Can you restrict access? Percentage
No Answer 30 7.16% 84 20.05%
No 47 11.22% 139 33.17%
Yes 342 81.62% 196 46.78%
Figure 23: Are you familiar with “My Photo?” Can you restrict access to it?
66
Does Facebook do an adequate job in protecting your privacy? n=419
Number Percentage Males Females
No Answer 102 24.34% 48 50
No 139 33.17% 67 68
Yes 177 42.24% 70 106
Figure 24: Users show indifference and approval for Facebook’s security practices.
67
Distributions Of Facebook User Categories At Four Universities
MIT Oklahoma NYU Harvard
Size 8023 19910 24696 17750
Number Reporting Gender: Distribution
Males 3868 48.21% 8863 44.52% 8689 35.18% 7461 42.03%
Females 2483 30.95% 8814 44.27% 12118 49.07% 5940 33.46%
Class Distribution: Graduating class of year indicated, self reported.
2003 189 2.36% 78 0.39% 200 0.81% 876 4.94%
2004 539 6.72% 630 3.16% 961 3.89% 1351 7.61%
2005 762 9.5% 2224 11.17% 2643 10.7% 1605 9.04%
2006 878 10.94% 2952 14.83% 3353 13.58% 1657 9.34%
2007 948 11.82% 3039 15.26% 3850 15.59% 1710 9.63%
2008 1016 12.66% 3151 15.83% 4012 16.25% 1785 10.06%
2009 921 11.48% 2690 13.51% 4076 16.5% 1583 8.92%
2010 93 1.16% 162 0.81% 60 0.24% 132 0.74%
Other 2677 33.37% 4984 25.03% 5541 22.44% 7051 39.72%
User Distribution: Kinds of Users at each school. (“Undergraduate” unique to OU.)
Alumnus/Alumna 2226 27.75% 2662 13.37% 4730 19.15% 7010 39.49%
Faculty 76 0.95% 81 0.41% 183 0.74% 208 1.17%
Grad Student 845 10.53% 1312 6.59% 1511 6.12% 1933 10.89%
Staff 161 2.01% 188 0.94% 187 0.76% 438 2.47%
Student 4702 58.61% 10406 52.27% 18055 73.11% 8085 45.55%
Summer Student 10 0.12% 4 0.02% 26 0.11% 27 0.15%
Undergraduate – – 5239 26.31% – – – –
Figure 25: Summary of Facebook usage statistics at four schools: the Massachusetts Institute of
Technology, University of Oklahoma, New York University, and Harvard University.
68
Willingness to Share Personal Information at each school.
All Students MIT Oklahoma NYU Harvard
Residence 5172 64.46 % 7190 36.11 % 11582 46.9 % 4260 24 %
High School 5252 65.46 % 16133 81.03 % 18359 74.34 % 7270 40.96 %
Screen Name 4341 54.11 % 10860 54.55 % 16157 65.42 % 8186 46.12 %
Mobile 1700 21.19 % 2637 13.24 % 3443 13.94 % 8582 48.35 %
Interests 4453 55.5 % 15099 75.84 % 16473 66.7 % 8607 48.49 %
Clubs/Jobs 3400 42.38 % 13170 66.15 % 12426 50.32 % 8758 49.34 %
Music 4236 52.8 % 15608 78.39 % 16470 66.69 % 9116 51.36 %
Movies 4084 50.9 % 15255 76.62 % 16218 65.67 % 10694 60.25 %
Books 3956 49.31 % 13626 68.44 % 15427 62.47 % 11271 63.5 %
Gender 6351 79.16 % 17677 88.78 % 20807 84.25 % 13401 75.5 %
After 10/1/05 MIT Oklahoma NYU Harvard
Residence 3309 80.71 % 6316 40.48 % 9601 58.59 % 7466 79.5 %
High School 3433 83.73 % 13841 88.71 % 14341 87.51 % 7613 81.07 %
Screen Name 2890 70.49 % 9396 60.22 % 12627 77.05 % 5965 63.52 %
Mobile 1159 28.27 % 2228 14.28 % 2698 16.46 % 3100 33.01 %
Interests 2996 73.07 % 13075 83.8 % 13047 79.62 % 6661 70.93 %
Clubs/Jobs 2373 57.88 % 11562 74.1 % 9839 60.04 % 5452 58.06 %
Music 2894 70.59 % 13564 86.93 % 13091 79.89 % 6457 68.76 %
Movies 2808 68.49 % 13251 84.93 % 16387 100 % 6295 67.03 %
Books 2710 66.1 % 11848 75.93 % 12216 74.55 % 6293 67.01 %
Gender 3817 93.1 % 14906 95.53 % 15479 94.46 % 8497 90.48 %
Total 4100 100 % 15603 100 % 16387 100 % 9391 100 %
Figure 26: Willingness of Facebook users to disclose personal information on the service, at four
schools, showing all users and only those who have updated their profiles on or after October 1,
2005.
69
Willingness to Share Personal Information at each school, by gender.
Males MIT Oklahoma NYU Harvard
Residence 3005 77.69 % 3377 38.1 % 4536 52.2 % 5804 77.79 %
High School 2979 77.02 % 7661 86.44 % 7066 81.32 % 5479 73.44 %
Screen Name 2514 64.99 % 5309 59.9 % 6374 73.36 % 4224 56.61 %
Mobile 1147 29.65 % 1859 20.97 % 1930 22.21 % 2461 32.98 %
Interests 2580 66.7 % 7888 88.99 % 6468 74.44 % 4680 62.73 %
Clubs/Jobs 1941 50.18 % 6168 69.59 % 4897 56.36 % 3770 50.53 %
Music 2470 63.86 % 7471 84.29 % 6513 74.96 % 4572 61.28 %
Movies 2335 60.37 % 7223 81.5 % 6369 73.3 % 4439 59.5 %
Books 2244 58.01 % 6418 72.41 % 5960 68.59 % 4410 59.11 %
Gender 3868 100 % 8863 100 % 8689 100 % 7461 100 %
Females MIT Oklahoma NYU Harvard
Residence 2003 80.67 % 3609 40.95 % 6736 55.59 % 4852 81.68 %
High School 2083 83.89 % 7964 90.36 % 10631 87.73 % 4577 77.05 %
Screen Name 1667 67.14 % 5200 59 % 9103 75.12 % 3474 58.48 %
Mobile 510 20.54 % 710 8.06 % 1407 11.61 % 1577 26.55 %
Interests 1661 66.89 % 7211 81.81 % 9276 76.55 % 3763 63.35 %
Clubs/Jobs 1325 53.36 % 6497 73.71 % 7032 58.03 % 3064 51.58 %
Music 1595 64.24 % 7540 85.55 % 9289 76.65 % 3624 61.01 %
Movies 1594 64.2 % 7447 84.49 % 9233 76.19 % 3599 60.59 %
Books 1550 62.42 % 6693 75.94 % 8846 73 % 3635 61.2 %
Gender 2483 100 % 8814 100 % 12118 100 % 5940 100 %
Figure 27: Willingness of Facebook users to disclose personal information on the service, at four
schools, by gender.
70
When Users Join And Update Facebook at MIT
Month Of Join Update 2007 Join 2008 Join 2009 Join
Mar 1, 04 1087 13.55 % 0 0 % 320 33.76 % 3 0.3 % 0 0 %
Apr 1, 04 879 10.96 % 0 0 % 195 20.57 % 9 0.89 % 0 0 %
May 1, 04 601 7.49 % 0 0 % 83 8.76 % 98 9.65 % 0 0 %
Jun 1, 04 329 4.1 % 0 0 % 21 2.22 % 143 14.07 % 1 0.11 %
Jul 1, 04 340 4.24 % 18 0.26 % 18 1.9 % 198 19.49 % 4 0.43 %
Aug 1, 04 392 4.89 % 22 0.32 % 37 3.9 % 196 19.29 % 2 0.22 %
Sep 1, 04 403 5.02 % 39 0.57 % 27 2.85 % 165 16.24 % 1 0.11 %
Oct 1, 04 274 3.42 % 51 0.75 % 26 2.74 % 64 6.3 % 1 0.11 %
Nov 1, 04 240 2.99 % 60 0.88 % 20 2.11 % 30 2.95 % 0 0 %
Dec 1, 04 230 2.87 % 67 0.98 % 21 2.22 % 21 2.07 % 3 0.33 %
Jan 1, 05 245 3.05 % 62 0.91 % 27 2.85 % 5 0.49 % 2 0.22 %
Feb 1, 05 226 2.82 % 99 1.45 % 21 2.22 % 10 0.98 % 1 0.11 %
Mar 1, 05 196 2.44 % 94 1.38 % 14 1.48 % 9 0.89 % 1 0.11 %
Apr 1, 05 184 2.29 % 101 1.48 % 12 1.27 % 11 1.08 % 5 0.54 %
May 1, 05 515 6.42 % 185 2.71 % 13 1.37 % 7 0.69 % 322 34.96 %
Jun 1, 05 400 4.99 % 250 3.67 % 15 1.58 % 5 0.49 % 211 22.91 %
Jul 1, 05 336 4.19 % 252 3.7 % 11 1.16 % 2 0.2 % 142 15.42 %
Aug 1, 05 378 4.71 % 482 7.07 % 12 1.27 % 14 1.38 % 155 16.83 %
Sep 1, 05 335 4.18 % 907 13.3 % 24 2.53 % 16 1.57 % 44 4.78 %
Oct 1, 05 285 3.55 % 1638 24.02 % 21 2.22 % 7 0.69 % 22 2.39 %
Nov 1, 05 146 1.82 % 2493 36.55 % 10 1.05 % 3 0.3 % 4 0.43 %
Total 8021 100 % 6820 85.03 % 948 11.82 % 1016 12.67 % 921 11.48 %
Figure 28: Facebook usage data for the Massachusetts Institute of Technology.
71
When Users Join And Update Facebook at U. Oklahoma
Month Of Join Update 2007 Join 2008 Join 2009 Join
Aug 1, 04 1 0.01 % 0 0 % 1 0.03 % 0 0 % 0 0 %
Sep 1, 04 448 2.25 % 5 0.03 % 141 4.64 % 131 4.16 % 3 0.11 %
Oct 1, 04 966 4.86 % 4 0.02 % 254 8.36 % 316 10.03 % 3 0.11 %
Nov 1, 04 3908 19.65 % 38 0.2 % 813 26.75 % 1089 34.56 % 24 0.89 %
Dec 1, 04 2723 13.69 % 79 0.42 % 458 15.07 % 432 13.71 % 21 0.78 %
Jan 1, 05 1388 6.98 % 68 0.36 % 218 7.17 % 188 5.97 % 24 0.89 %
Feb 1, 05 1411 7.09 % 95 0.51 % 208 6.84 % 183 5.81 % 40 1.49 %
Mar 1, 05 836 4.2 % 122 0.65 % 107 3.52 % 86 2.73 % 37 1.38 %
Apr 1, 05 1008 5.07 % 151 0.81 % 122 4.01 % 109 3.46 % 97 3.61 %
May 1, 05 862 4.33 % 223 1.19 % 103 3.39 % 83 2.63 % 196 7.29 %
Jun 1, 05 905 4.55 % 179 0.96 % 71 2.34 % 71 2.25 % 414 15.39 %
Jul 1, 05 1117 5.62 % 274 1.47 % 75 2.47 % 73 2.32 % 650 24.16 %
Aug 1, 05 1631 8.2 % 564 3.02 % 127 4.18 % 131 4.16 % 805 29.93 %
Sep 1, 05 1237 6.22 % 1242 6.65 % 174 5.73 % 134 4.25 % 259 9.63 %
Oct 1, 05 1083 5.44 % 3329 17.82 % 130 4.28 % 99 3.14 % 96 3.57 %
Nov 1, 05 369 1.85 % 12311 65.89 % 37 1.22 % 26 0.83 % 21 0.78 %
Total 19893 100 % 18684 93.92 % 3039 15.28 % 3151 15.84 % 2690 13.52 %
Figure 29: Facebook usage data for the University of Oklahoma.
72
When Users Join And Update Facebook at NYU
Month Of Join Update 2007 Join 2008 Join 2009 Join
Mar 1, 04 667 2.7 % 0 0 % 348 9.04 % 3 0.07 % 0 0 %
Apr 1, 04 3350 13.57 % 0 0 % 1287 33.43 % 18 0.45 % 5 0.12 %
May 1, 04 1868 7.56 % 0 0 % 338 8.78 % 218 5.43 % 3 0.07 %
Jun 1, 04 785 3.18 % 3 0.01 % 75 1.95 % 230 5.73 % 1 0.02 %
Jul 1, 04 968 3.92 % 18 0.08 % 72 1.87 % 566 14.11 % 1 0.02 %
Aug 1, 04 1509 6.11 % 24 0.11 % 138 3.58 % 957 23.85 % 3 0.07 %
Sep 1, 04 1672 6.77 % 54 0.24 % 229 5.95 % 736 18.34 % 1 0.02 %
Oct 1, 04 1396 5.65 % 98 0.44 % 217 5.64 % 382 9.52 % 3 0.07 %
Nov 1, 04 1236 5.01 % 143 0.64 % 142 3.69 % 209 5.21 % 4 0.1 %
Dec 1, 04 958 3.88 % 161 0.72 % 111 2.88 % 96 2.39 % 3 0.07 %
Jan 1, 05 813 3.29 % 169 0.76 % 132 3.43 % 69 1.72 % 2 0.05 %
Feb 1, 05 692 2.8 % 177 0.8 % 82 2.13 % 58 1.45 % 0 0 %
Mar 1, 05 769 3.11 % 222 1 % 63 1.64 % 46 1.15 % 179 4.39 %
Apr 1, 05 1019 4.13 % 278 1.25 % 73 1.9 % 52 1.3 % 429 10.53 %
May 1, 05 1489 6.03 % 477 2.15 % 89 2.31 % 82 2.04 % 839 20.58 %
Jun 1, 05 1319 5.34 % 480 2.16 % 79 2.05 % 60 1.5 % 850 20.85 %
Jul 1, 05 1248 5.05 % 526 2.37 % 60 1.56 % 51 1.27 % 800 19.63 %
Aug 1, 05 1187 4.81 % 998 4.49 % 106 2.75 % 71 1.77 % 621 15.24 %
Sep 1, 05 955 3.87 % 1923 8.66 % 127 3.3 % 65 1.62 % 251 6.16 %
Oct 1, 05 664 2.69 % 4776 21.5 % 71 1.84 % 36 0.9 % 69 1.69 %
Nov 1, 05 131 0.53 % 11686 52.61 % 11 0.29 % 7 0.17 % 12 0.29 %
Total 24695 100 % 22213 89.95 % 3850 15.59 % 4012 16.25 % 4076 16.51 %
Figure 30: Facebook usage data for New York University.
E Selected Survey Comments
The paper and web form survey we gave to users provided space for user feedback. The feedback
we received was insightful. Of 441 respondents, 129 (29%) found the need to tell us their thoughts.
We strongly recommend that Facebook read and consider this valuable user feedback.
All included feedback results are as entered by the users.
E.1 User Feedback
• Facebook doesn’t really secure your data... but then again you’re putting it up for the world
to see.
• give me a break. all of this information is readily available to anyone will to put 15 minutes
into stalking a person. Facebook is not a tool of big brother.
• I don’t give them much personal data anyway.
73
When Users Join And Update Facebook at Harvard
Month Of Join Update 2007 Join 2008 Join 2009 Join
Mar 1, 04 5698 32.18 % 0 0 % 1065 62.28 % 21 1.18 % 9 0.57 %
Apr 1, 04 1387 7.83 % 0 0 % 80 4.68 % 14 0.78 % 4 0.25 %
May 1, 04 698 3.94 % 0 0 % 71 4.15 % 9 0.5 % 0 0 %
Jun 1, 04 850 4.8 % 0 0 % 31 1.81 % 298 16.69 % 7 0.44 %
Jul 1, 04 491 2.77 % 2 0.01 % 16 0.94 % 206 11.54 % 3 0.19 %
Aug 1, 04 410 2.32 % 30 0.21 % 10 0.58 % 204 11.43 % 4 0.25 %
Sep 1, 04 711 4.02 % 52 0.36 % 38 2.22 % 431 24.15 % 4 0.25 %
Oct 1, 04 556 3.14 % 70 0.49 % 33 1.93 % 195 10.92 % 1 0.06 %
Nov 1, 04 387 2.19 % 110 0.77 % 32 1.87 % 51 2.86 % 1 0.06 %
Dec 1, 04 394 2.23 % 145 1.01 % 32 1.87 % 27 1.51 % 0 0 %
Jan 1, 05 380 2.15 % 138 0.96 % 26 1.52 % 19 1.06 % 4 0.25 %
Feb 1, 05 417 2.36 % 173 1.21 % 19 1.11 % 22 1.23 % 5 0.32 %
Mar 1, 05 402 2.27 % 192 1.34 % 28 1.64 % 15 0.84 % 3 0.19 %
Apr 1, 05 324 1.83 % 209 1.46 % 11 0.64 % 19 1.06 % 2 0.13 %
May 1, 05 285 1.61 % 237 1.65 % 13 0.76 % 14 0.78 % 2 0.13 %
Jun 1, 05 346 1.95 % 382 2.67 % 18 1.05 % 24 1.34 % 6 0.38 %
Jul 1, 05 1261 7.12 % 480 3.35 % 32 1.87 % 31 1.74 % 930 58.75 %
Aug 1, 05 594 3.36 % 462 3.22 % 21 1.23 % 25 1.4 % 255 16.11 %
Sep 1, 05 620 3.5 % 840 5.86 % 36 2.11 % 47 2.63 % 197 12.44 %
Oct 1, 05 636 3.59 % 1419 9.9 % 35 2.05 % 71 3.98 % 115 7.26 %
Nov 1, 05 538 3.04 % 2887 20.15 % 37 2.16 % 37 2.07 % 22 1.39 %
Dec 1, 05 319 1.8 % 6564 45.81 % 26 1.52 % 5 0.28 % 9 0.57 %
Total 17704 100 % 14392 81.29 % 1710 9.66 % 1785 10.08 % 1583 8.94 %
Figure 31: Facebook usage data for Harvard University.
• I dont really care about my privacy on the facebook because i lie in my profile a lot
• I set the option that prevents non-friends from seeing my cell phone number.
• I think people need to be aware that anything they put on Facebook is public domain. Even
though I’m not sure of the legalities, I don’t put information up that is too personal (phone
numbers, etc.)
• I think that it is primarily the users’ responsibility to be careful what is placed up on the
facebook; not the other way around.
• I think you should have to approve a tagged pictured before it goes up rather than having to
check periodically to see if any pictures are not something you want up, having to untag it
and possibly report it.
• I wish I could automatically block all photo “tags”
74
• it is hard to tell whether ppl take facebook seriously or goof off with it, the my photo is nice
but needs a seurity on it as well - asking permission of the people in it ahead of time etc.
• Since you willingly submit information to Facebook - such as your name, age, gender, etc.
- you should be fully aware that practically anyone from your school can view your personal
information if you do not change your privacy settings; that Facebook can share your infor-
mation with third-party companies is somewhat alarming, but there is an option to request
that your information is not shared with third-parties.
• the photo feature is highly questionable, especially since users other than yourself can “tag”
you in their photos.
• There are appropriate options, but only if you take advantage/know about them
• They need to support SSL.
• To clarify my privacy concerns, I treat Facebook like any other open internet forum, and filter
things through the concern that anyone may view the information. Since my peers have such
easy access to the data and can be sure it actually belongs to me, I am even more careful
about posting information (such as my sexuality) that I might not want acquaintances from
high school asking about. Basically, I put the burden of protecting my privacy on myself via
posting responsibly, not on Facebook via restricting access to what I choose to post.
• what i think is interesting is that third parties can post photos of you and link them to you
and it is unclear to me if you have any control over that or who can view those.
• When I place information on thefacebook, I do so specifically because I want it to be in the
public domain. There is obviously information that I would like to keep private, but I don’t
place it on thefacebook.
F Paper Survey
The paper survey follows. The web form survey asked the same questions, plus an additional
question: “ How concerned are you about the privacy of your data on the Facebook?” Possible
answers here were: N/A, Not, Barely, Somewhat, Quite, Very.
75
Iacebook IrIvacy Study. Survey II££ CAÞÐY
¡nstructIons. IIease cIrcIe your answers honestIy. You may skIp any questIon you do not
wIsh to answer. IIease ÐO ÞOT wrIte name, e-maII, or other contact InIormatIon on thIs
Iorm.
1. WhIch gender descrIbes you best? (pIease cIrcIe one)...........MAI£ I£MAI£
2. WhIch category descrIbes you best? (cIrcIe one)
!ÞУIGIAÐ!AT£ GIAÐ ST!УÞT IOSTÐOC
IAC!ITY STAII OTI£I
3. WhIch best descrIbes your current IIvIng sItuatIon?
ÐOIM¡TOIY. (pIease specIIy)
IS¡IG. (pIease specIIy)
OII CAMI!S / ÞOÞ-M¡T IO!S¡ÞG OTI£I
4. Ðo you currentIy have a Iacebook account on www.Iacebook.com?
ÞO - ÐId you ever? ÞO Y£S
Y£S - When dId you create your account? ÐOÞ'T KÞOW / IOIGOT
jAÞ I£Ð MAI AII MAY j!Þ j!I A!G S£I OCT ÞOV УC
2003 2004 2005
5. ApproxImateIy how many tImes a week do you Iog In to the Iacebook?
0 1-3 4-8 9-15 20-30 31+ ÐOÞ'T KÞOW
6. ApproxImateIy how many Iacebook IrIends do you have Irom M¡T?
1-10 11-50 51-100 101-200 200-350 >350
7. ApproxImateIy what percentage oI aII oI your IrIends are Irom M¡T?
0-15º 16-33º 34-50º 50-75º 75-100º
8. Ðo you ever IrIend peopIe whom you have never met In person?
Þ£V£I SOM£T¡M£S AIWAYS
9. Are you IamIIIar wIth Iacebook's "My IrIvacy" Ieature, that Iets you controI who may
vIew your proIIIe?....................................................................... ÞO Y£S
10. Ðo you use the "My IrIvacy" Ieature to controI who may vIew your proIIIe?
ÞO Y£S
11. Iave you ever read Iacebook's Terms oI ServIce In IuII?.............. ÞO Y£S
12. Iave you ever read Iacebook's IrIvacy IoIIcy In IuII?.................. ÞO Y£S
13. Can Iacebook share your InIormatIon wIth other companIes?....... ÞO Y£S
14. Are you IamIIIar wIth Iacebook's "My Ihoto" Ieature?................. ÞO Y£S
15. Can you prevent other Iacebook users Irom seeIng your photos?...ÞO Y£S
16. Ðoes Iacebook do an adequate job In securIng your personaI data?ÞO Y£S
IIease use the back oI thIs Iorm to make any addItIonaI comments you may have.
TIAÞK YO!!
76

Contents
1 Introduction 2 Background 2.1 2.2 Social Networking and Facebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . Information that Facebook stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5 5 5 6 7 7 9 9 9

3 Previous Work 4 Principles and Methods of Research 4.1 4.2 4.3 4.4 4.5 4.6 Usage patterns of interest. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Direct data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Obscuring personal data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A brief technical description of Facebook from a user perspective . . . . . . . . . . . 10 Statistical significance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 13

5 End-Users’ Interaction with Facebook 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9

Major trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Facebook is ubiquitous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Users put time and effort into profiles . . . . . . . . . . . . . . . . . . . . . . . . . 15 Students join Facebook before arriving on campus . . . . . . . . . . . . . . . . . . . 15 A substantial proportion of students share identifiable information . . . . . . . . . . 16 The most active users disclose the most . . . . . . . . . . . . . . . . . . . . . . . . 16 Undergraduates share the most, and classes keep sharing more . . . . . . . . . . . . 18 Differences among universities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Even more students share commercially valuable information . . . . . . . . . . . . . 20

5.10 Users are not guarded about who sees their information . . . . . . . . . . . . . . . . 20 5.11 Users Are Not Fully Informed About Privacy . . . . . . . . . . . . . . . . . . . . . . 20 5.12 As Facebook Expands, More Risks Are Presented . . . . . . . . . . . . . . . . . . . 21 5.13 Women self-censor their data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.14 Men talk less about themselves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.15 General Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6 Facebook and “Fair Information Practices” 6.1 6.2 6.3 22

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Choice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2

6.4 6.5 6.6

Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Redress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 25

7 Threat Model 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9

Security Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Commercial Datamining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Database Reverse-Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Password Interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Incomplete Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 University Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Disclosure to Advertisers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Lack of User Control of Information . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Summary and Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 34

8 Conclusion 8.1 8.2 8.3

Postscript: What the Facebook does right . . . . . . . . . . . . . . . . . . . . . . . 34 Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 College Newspaper Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 38

9 Acknowledgements 9.1

Interview subjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 39 41 45

A Facebook Privacy Policy B Facebook Terms Of Service C Facebook “Spider” Code: Acquisition and Processing

C.1 Data Downloading BASH Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . 46 C.2 Facebook Profile to Tab Separated Variable Python Script . . . . . . . . . . . . . . 46 C.3 Data Analysis Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 D Supplemental Data E Selected Survey Comments 56 73

E.1 User Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 F Paper Survey 75

3

and of the terms of use and compared them against the current standards of “Fair Information Practices” as defined by the Federal Trade Commission. we constructed a spider that “crawls” and indexes Facebook. Users may submit their data without being aware that it may be shared with advertisers. We surveyed news articles on the consequences of Facebook information disclosure. and to protect against disclosure to intruders. Finally. as well as the standards set by competing sites. Finally. Intruders may steal passwords. we constructed a threat model that attempted to address all possible categories of privacy failures. and interviewed students that harvested data. From a systems perspective.000 college campuses. [4] With this much detailed information arranged uniformly and aggregated into one place. but users had not restricted who had access to this portion of their life. we conducted a “threat model” analysis to investigate ways in which these factors could produce unwanted disclosure of private data. Our goal was to first analyze the extent of disclosure of data.facebook. attempting to download every single profile at a given school. there are a number of changes that can be made. we took the perspective of a third party acting in a self-interested manner. its 1 “Facebook”. there are still significant shortcomings. and that these users share significant amounts of personal information. Our analysis found that Facebook was firmly entrenched in college students’ lives. and found that third parties were actively seeking out information. Given the existing threats to security. To analyze the extent of user disclosure. then to analyze the steps that the system took to protect that data. as opposed to “the Facebook”. there are bound to be risks to privacy. with over 8 million users spanning 2. both to give the user a reasonable perception of the level of privacy protection available. we surveyed the MIT student body to ascertain the level of use of certain Facebook features. For each threat. We undertook several steps to investigate these privacy risks. We discovered questionable information practices with Facebook. Harvard. we indexed the entire Facebook accessible to a typical user at Massachusetts Institute of Technology (MIT).1 Introduction Facebook1 (www. To supplement this data. To analyze the Facebook system we investigated the facets of the website. Our study found that upwards of 80% of matriculating freshmen join Facebook before even arriving for Orientation. Although many Facebook features empower users to control their private information.com) is one of the foremost social networking websites. or entire databases. is how the site’s literature refers to itself. Third parties may build a database of Facebook data to sell. from Facebook. University administrators or police officers may search the site for evidence of students breaking their school’s regulations. We adopt that terminology throughout the paper. as well as students who were punished for disclosing too much. We also found that Facebook’s privacy measures are not utilized by the majority of college students. Using this tool. and the University of Oklahoma. New York University (NYU). we make recommendations for Facebook. 4 . looking either for financial gain or for assistance in the enforcement of university policy.

Facebook has become fixture at campuses nationwide. photos. Facebook sells targeted advertising to users of its site. status. For the purposes of this paper. and to browse for entertainment. the total amount of information a user can post is quite large. events. personal interests. and user status (one of: Alumnus/Alumna. and e-mail address.000 individual colleges. extending “My Privacy” to cover photos. Although the required amount of information for a Facebook account is minimal. messages. and educating end-users about privacy concerns. Facebook received $13 million dollars in venture funding. Professional. Over the last two years. and Facebook evolved from a hobby to a full-time job for Zuckerburg and his friends. aside from name. Users need an @college.2 Information that Facebook stores All data fields on Facebook may be left blank. we will investigate profiles.users. and Summer Student). They list their “friends”.1 Background Social Networking and Facebook Users share a variety of information about themselves on their Facebook profiles. date of joining. [14] 2. friends. Staff. User-configurable setting on Facebook can be divided into eight basic categories: profile. and their privileges on the site are largely limited to browsing the profiles of students of that college.edu email address to sign up for a particular college’s account. In May 2005. contact information. and tastes in movies and books. All six of these categories allow a user to post personally identifiable information to the service. and privacy settings. and Picture. Users can also specify what courses they are taking and join a variety of “groups” of people with similar interests (“Red Sox Nation”. and college administrators. using SSL for login. friends. Users can enter information about their home towns. Grad Student. Contact Info. A minimal Facebook profile will only tell a user’s name. “Northern California”). e-mail First-party information address. Personal. school. Student. then a Harvard undergraduate. The site is unique among social networking sites in that it is focused around universities – “Facebook” is actually a collection of sites. including photos. Faculty. account settings. These include eliminating the consecutive profile IDs. The site is often used to obtain contact information. Courses. Profile information is divided into six basic categories: Basic. and parters with firms such as Apple and JetBlue to assist in marketing their products to college students. their current residences and other contact information. groups. to match names to faces. each focused on one of 2. and privacy settings. [4] Facebook was founded in 2004 by Mark Zuckerburg. Any information posted beyond these basic fields is posted by the will of the end user. 2 2. job information. including friends at other schools. and a descriptive pho5 .

store and view photos. all other users at a user’s school are allowed to see any information a user posts to the service. These tags can be cross-linked to user profiles. there is a link added from my profile to that photograph My Groups Users can form groups with other like-minded users to show support for a cause. and searched from a search dialog. “My Groups”. As per the usage agreement. If a friend lists me as being in a photograph. and personal messages. or for “facebook AND journal AND arti6 . Google’s database for scholarly papers. or find people with similar interests. and which fields other users can see.tograph. though the method of specifying this is not located on the privacy settings page. who can see their contact info. and a list of friends Allows other users to post notes in a space on one’s profile Allows users to upload photographs and label who is in each one. and look for trends. a user can request Facebook to not share information with third parties. Users define each other as friends through the service. My Profile The Wall My Photos Contains “Account Info”. creating a visible connection. the Social Science Research Network. individually. By default. is to manually remove the metadata tag of their name. use the available message boards. Other users can leave notes. The “Wall” allows other users a bulletin board of sorts on a user’s profile page. but not to the Photos feature. the privacy settings page allows users to block specific people from seeing their profile. “Basic Info”. We will investigate the amount and kind of information a typical user at a given school is able to see. and where in the photograph they are located. from each photograph. aside from asking them to remove it. A major goal of Facebook is to allow users to interact with each other online. birthday wishes. 3 Previous Work No previous academic work specific to Facebook was found on the Lexis databases. Table 1: Facebook Features Third-party information Two current features of Facebook have to do with third parties associating information with a user’s profile. The privacy settings page allows a user to specify who can see them in searches. “My Privacy” Facebook’s privacy features give users a good deal of flexibility in who is allowed to see their information. The “My Photos” service allows users to upload. “Contact Info” “Personal Info”. Users may disable others’ access to their Wall. Users can append metadata to the photographs that allows other users to see who is in the photographs. The only recourse a user has against an unwelcome Facebook photo posted by someone else. who can see their profile. In addition.

In related fields. 4 Principles and Methods of Research In order to investigate the ways in which Facebook is used. First.. the consequences of third parties discovering information that users have made public[14][20][21]. there are many news articles that have been published about the emergence of Facebook. we closely investigated the usage patterns of Facebook.” [6] Previous work in social networking has included a thorough investigation of “Club Nexus”. its incorporation and subsequent venture funding. We employ two methods of data collection to learn more about the way users interact with Facebook.1 Usage patterns of interest. 4. We investigated when users create their accounts. we harvested data from the Facebook site directly. we conducted a survey of MIT students on the use of Facebook’s features. My friends My last login My upcoming events My courses My wall Groups that a lot of my friends are in Table 2: “My Privacy” settings (defaults in bold) cle” and numerous other terms in a general web query. Although no journal articles exist. and recently. Second. including the 1998 report to Congress entitled “Privacy Online. a site similar to Facebook located at Stanford University[1]. and has published several reports on the matter. Our main objective in gathering and analyzing Facebook user data was to make statements and generalizations regarding the way users use their Facebook accounts. the Federal Trade Commission has done research into the area of online privacy practices.. and which kinds of users create accounts.Visibility to Search? Profile Visibility Everyone Restricted Everyone at school Friends of friends at school Just friends Contact Info Visibility Everyone at school Friends of friends at school Just friends Profile also shows. Though the friending service is of 7 .

8 . accessible fields. and formation of URL used to retrieve this page.Figure 1: A sample Facebook page. Note the layout.

4.great interest to social network research. multiple choice questions which would serve to reveal usage patterns. The questions asked about the subject’s gender. Finally. The complete text of our survey is included as an appendix. and replaced by “OBSCURED”2 . It also asked about their knowledge of Facebook’s Terms of Service. 2 Before we developed the software to obscure the data. and status. to complete the survey. AOL Screenname.3 Direct data collection Our collection of data directly from Facebook served two principles. and Random Hall dormitories to complete the surveys. for the purposes of our paper.2 User surveys Our direct user data collection procedure employed both paper surveys and Web based forms to ask individual users questions concerning their Facebook practices. and opinions on the quality of the service. When we considered sets of more than one record. their date of joining Facebook and utilization thereof. nearly exhaustive and statistically significant data set. and take approximately three minutes to complete. we primarily investigated the number of friends users have on the service as an indicator of use. we aimed for a minimum number of straightforward. and look for trends. we aggregated it into a spreadsheet. We designed the survey such that it would fit on one printed page. from which we can draw valuable conclusions on usage trends. but we were able to produce the scripts necessary to do so within 48 hours. These fields were unchanged if left blank by the user. we asked the residents of the East Campus. offering students a chocolate-based incentive for completing surveys. Phone Number.30J/11.002J. We set up a table in the MIT Student Center. we obscured data we deemed to be personally identifiable – Name. residence. High School. Also. as well as their familiarity with Facebook’s practices. we gathered data through four routes. we asked all survey takers to notify others of the survey. Burton-Conner. We asked classmates in Public Policy. Via e-mail. we did do enough analysis to discover that 48 Facebook users at the schools we studied have the phone number 867-5309 9 . to demonstrate that it is possible for an individual to automatically gather large amounts of data from Facebook. In designing our survey. MIT course 17. and privacy features. and Dormitory. 4. In order to diversify the survey results.4 Obscuring personal data Before analyzing data. 4. Simmons Hall. familiarity with various aspects of the service. The collection of data was not entirely trivial. Privacy Policy. the collection of data from Facebook will provide us with a large. It served as a proof of concept.

profile URLs are retrieved by requesting a URL of the form: http : //SCHOOL. process.f acebook. to a Web browser over the Internet. the service provides the user’s web browser with some information.com/prof ile. users enter their username and password into the appropriate fields on the page. such as the user’s e-mail address. look at others’ profiles. which is stored in the form of a cookie. or return the user’s home page if the profile he requested is blocked or does not exist. No secure socket layer (SSL) or other encryption is used in logging in tot he service. add or change their friends lost or personally identifiable information.f acebook. filtered for privacy by the user’s request before being delivered. human-readable URLs. This sends a special URL to the service: http : //www. and filter information on demand. and click Login. The date of its creation is the date which Facebook was opened to that school.php?id = U SERID (2) Facebook will read the school and user ID. The first user at every school is called “The Creator. and give the user either the requested user’s profile page. and explore the service.com/. The main page of the service is spartan.” This profile’s USERID is the lowest userid at any given school. and does not provide any personally identifiable information or technical insight.com/login. http://www. Facebook’s service creates and gives a user a unique checksum at every login. is written to a file so the user does not have to enter his or her e-mail at the next login. Facebook does require a school e-mail address to use their service.4. which the browser stores as a session cookie and generally does not write to a file. Some of this information. This information is vulnerable to detection by a third party. Once logged in to the service. or browse the small amount of information available to the general public.5 A brief technical description of Facebook from a user perspective Facebook uses server-side Hypertext Preprocesser (PHP) scripts and applications to host and format the content available on the service. User Ids continue to be assigned sequentially from the first valid number. At the main Facebook page. Scripts and applications at Facebook get. For example. but other parameters do not. a user can log in to the service. The majority of features on Facebook are requested via simple. This checksum varies from login to login. a user is free to interact with Facebook.facebook. To log in to Facebook.php?email = U SERN AM E@SCHOOL. Users begin their Facebook session at the service’s top level site. created at the time of creation of each new account. During the login process. and deliver it to users in real time.edu&pass = P ASSW ORD (1) Note that this URL contains a user’s login credentials in clear text. Content is stored centrally on Facebook servers. 10 . The user may edit their profile.

” In addition to implementing the above algorithm. many of these “servers” redirect to the same machine.facebook. i. This generally means that once a user exits the service. In the past. Log in to Facebook and save session cookies. We discuss how we and others have done this in the next section. mit.facebook.5.edu will go through http://SCHOOL. Users with a school e-mail address @SCHOOL. When a user logs out of Facebook or closes their web browser. 4. and save the profile as a file. For the most part.25.php?id = U SERID . 5. Increase the USERID until you find the ID of a user who joined recently. Each separate school has its own Facebook “server” for its content.Facebook’s human-readable URLs and regularly formatted HTML make automated acquisition.” the first profile at a given school. To implement our algorithm. easy to understand URLs to automatically request information and save user information for further analysis. “the non-interactive network downloader. the session cookies are lost. nyu. Save this number as USERID-HIGH.15. others have utilized Facebook’s use of predictable.com/. Our approach used the incremental profile identifier to download information in large quantities.e.facebook.1 Data acquisition We are not the first to download user profiles from Facebook in large numbers. within the past day.20.com. we used wget.facebook. making their information accessible. Save this number as USERID-LOW. Many users do not change their default settings. 4. they must enter at least their password to use the service again.com all redirect to 204. parsing. Decrease the USERID until you find the ID of “The Creator. For example. 2.com. and ou. 3.com. harvard. and analysis relatively easy.com/prof ile. By default. For every profile from USERID-LOW to USERID-HIGH at a given school SCHOOL: Get the profile. using URL http : //SCHOOL. we made wget pretend to be another web browser 11 (3) . Load your home page and note the USERID of the page. but not visible to anyone at another school. This architecture allows Facebook to easily move different schools to different servers if necessary.facebook.f acebook. a new user’s profile and all information are fully visible to all other users at the same school. The algorithm we used to gather this data is very straightforward: 1.

MIT. We took advantage of the fact that logins and passwords are not encrypted. At a confidence level of 95%. Reflecting an MIT student population of 4. to keep load off of Facebook’s servers and make our requests less difficult to detect. At a confidence level of 99%. p is the percentage picking a choice. For small populations. The respondents were mostly undergraduates (90%). and the confidence interval by the formula S= Z 2 p(1 − p) c2 (4) Where S is our sample size. the percentage picking a choice. 0.6 Statistical significance Survey data Over the course of the two weeks we ran the survey. expressed as a decimal (with a worst case value of 0. The users answering our profile questions came from all of campus. and a worst case answer uncertainty of 50%. In other words. and c is the confidence interval. and a sample size of 419 applying to an MIT student population of 10. Collected Facebook data In general.68%.e. [17] Our survey results are good enough to make coarse extrapolations to the MIT community in general.000 graduate students. Z is a value proportional to the confidence level (1. we can find the statistical significance of our findings using the results of confidence levels and confidence intervals from statistics. we use the correction S = S 1 + S−1 P (5) Where S is our original sample size.04).5).04 ± 0.96 for a 95% confidence interval). 419 MIT students responded to the questions asked. the University of Oklahoma (OU).17%. we find our confidence interval to be 4. and New York University (NYU). We ran this script four times: once for Harvard. with strong concentrations in dorms where we e-mailed the survey. We also had wget randomly insert a delay between requests. we were able to collect large numbers of user profiles from Facebook using our information collection system. and P is our sample population. our uncertainty increases to 6. 4. we can be 95% certain that our survey responses fall within 4. which we include in the appendix. The sample size of a survey group is related to the confidence value. and can be sent as part of the login URL as an email and password pair. S is our new sample size. expressed as a decimal (i. We exhaustively downloaded every profile 12 .68% of the true values. There were 224 female respondents and 195 male respondents.000 total undergraduates and graduate students.000 undergraduates and 6.by changing its user agent (to avoid potential suspicion at using wget to log in to Facebook). The final application we used to download profiles was a short (five line!) BASH shell script.

Movies. Users give imperfect explicit consent to the distribution and sharing of their information. and Books). Privacy concerns differ across genders. Clubs/Jobs. Facebook is ubiquitous at the schools where it has been established. High School. Success Rates In Downloading Profiles School MIT Harvard Oklahoma U. we found some general trends in Facebook usage. and Books). Users share lots of information but do not guard it. Users put real time and effort into their profiles. we analyze the collected data along numerous lines.available at our four subject schools. Students tend to join as soon as possible. From there. as well as a sub-score reflecting disclosure of user interests (Interests. Interests. and Clubs/Jobs). Dorm.71% 66. Music. We will attempt to statistically correlate certain variables to prove hypotheses. classes. Major. one to reflect contact information that could conceivably be used to contact or locate users (Dorm. and statistically justify our findings. so there is no sampling uncertainty. we created two sub-scores. Mobile Phone. AIM Screenname. as long as we limit our conclusions to generalizations about the population of students with accessible Facebook profiles. often before arriving on campus. In the following pages. and genders. AIM Screenname.54% 77.41% 72.1 End-Users’ Interaction with Facebook Major trends After processing the results of our user survey and downloaded Facebook profiles. Movies. Clubs. 5 5. The overall score is the sum of the percentage disclosure of (Gender. Our full numerical findings are included in the appendix. and at other points we will show raw data when we want to indicate a trend. Mobile Phone.16% 70.28% Aggregate Statistics We established a ”disclosure score” to quantitatively rank the amount of PII disclosed by different colleges. Music. The following table summarizes our success in downloading information. NYU Total Number Profiles 10063 25759 28201 32250 97273 Number Downloaded 8021 17704 24695 24695 70311 Percentage 79. 13 .

Aside from her romantic attachments perhaps. the majority of Facebook accounts are updated at least monthly. There are 948. As shown below.000. 4012. 2008.Figure 2: Number of Profiles identifying as a class divided by students in that class 5. 374 (91%) claimed to have Facebook accounts. [16] 3 Until recently. a Paris Hilton account 3 would not need to be constantly updated. Indexing the Facebook seemed to indicate a similar result. the fact that the Facebook user base is quite similar to the MIT undergraduate population point to the fact that a large percentage of Facebook users are genuine. while only 39 (9%) did not.2 Facebook is ubiquitous Survey results indicated that large majority of MIT students Possession of a Facebook account have Facebook profiles. At NYU. Although fake accounts could bloat the number of accounts. respectively. 4076) correspond closely to the class sizes of 4. the Facebook FAQ warned against creating fake accounts. which fits the profile of large numbers of users updating information about themselves. where potential pranksters are limited to two e-mail addresses[18]. and 921 accounts that provide the class years of 2007. telling users that “Everyone knows that you’re not Paris Hilton” 14 . the vast majority of undergraduates have Facebook accounts. and 2009. 1016.250. Of 413 respondents. the number of accounts for the classes of 2007-2009 (3850. compared to a class size of roughly 1.

and 6% of Oklahoma profiles do not have an update timestamp. At present. Given the exponential tail-off of the last update times. 5 Our experience is that MIT sends out Athena coupons around this time 6 Note that these numbers may be skewed by accounts for fictional people or celebrities. 15 . We were able to access 1016 members of the class of 2008 with Facebook profiles 6 . The majority of the class of 2008 joined Facebook from June 2004 to August 2004. This indicates that not only do the majority of undergraduates have Facebook accounts. and the remainder created their profiles at later times. 10% of NYU profiles.000 freshmen.4 Students join Facebook before arriving on campus We looked at the distributions of profile creating dates of members of the classes of 2008. Note that MIT admits classes of approximately 1. Because no update timestamps exist before June 2004. 699 members of the class of 2008 created their profiles. 15% of MIT Facebook profiles. The class of 2009 had an even more pronounced spike at matriculation time. it is probable that the feature was implemented at that point. with over half updating in November 20054 . The class of 2008 enrolled at MIT admission and had access to Athena by May of 2004. users exhibit similar behavior in creating their Facebook profiles. the majority of them also keep them constantly updated. and all unstamped profiles were last updated before that point. whereas the class of 2009. In this time.3 Users put time and effort into profiles The vast majority of users update their accounts frequently. This hypothesis is substantiated by the fact that the number of blank update fields at a school is proportional to the length of time before June 2004 Facebook was available at that school. as soon as they could). The Harvard trends are even more pronounced as we can see from the graph.e. Freshmen create their accounts as soon as they can. which was generally over the summer or during orientation. indicating the extraordinary draw of the Facebook. the current freshman class.Month 53% Three Months 82% Six Months 92% One Year 98% Figure 3: Virtually all users update profiles often 5. 5. At other schools. Strikingly. 921 members of the class of 2009 have unrestricted Facebook accounts. 538 members of the class of 2009 created Facebook accounts. During May and June of 2005. it is also likely that this 15% compose users who signed up right at the launch of Facebook for their school and did not update their accounts afterwards. dropping to approximately 10 per month. with most 2008 freshmen signing up 4 19% of Harvard profiles. Members of the MIT class of 2008 tended to create their profiles as soon as they heard about Facebook. over 948 (roughly 60%) Harvard Class of 2009 freshmen created their accounts within a month of getting their email address. Approximately 100 created their profiles in May of 2004 (i. had Athena accounts by May of 2005 5 . and 2009.

we found that. and became increasingly protective of their information regarding residence hall. the level 16 . Of the 5279 MIT profiles updated on or after September 1. while the class of 2009 obtained their Facebook accounts immediately. the relative willingness to disclose all information increased. interests. If Facebook continues to grow in popularity. and close to 100% penetration at certain schools.Figure 4: Freshmen create accounts sooner and sooner after matriculation over a three-month period. clubs and jobs. particularly that which might be valuable to advertisers. 2005. 5. and mobile telephone number. Furthermore. Using another heuristic for determining active users.5 A substantial proportion of students share identifiable information Facebook users at MIT tend to give a large amount of personal information.6 The most active users disclose the most Users who frequently update their profiles tend to be even more open. 5. music interests. Users were most willing to indicate their high school. screen name. Facebook users are more wary of some kinds of personal information than others. users with lots of friends tend to be much more forthcoming with their personal information. favorite books. establishing a user base of 8. favorite movies. and tend not to restrict access to it. the average user will likely become more and more like the “well-connected” user.000. although the general trends of relative disclosure did not change.000 users. Facebook has grown extremely rapidly. If this trend continues.

Figure 5: Users disclose personally identifiable information Figure 6: Recent users disclose even more 17 .

151 for the contact score.8% 10.187 for the interest score.1% Mobile 25. screen name. This means that there is a correlation between being in a younger class and disclosing more information.5% Figure 7: Connected users disclose more personal information. we found subtle differences in the way student interact with Facebook. 2008. We ran a regression of number of years in attendance at the college 7 against the disclosure index. 7 0.0% Music 82. such as the social atmospheres at the school.5% 29.1% 8. and music. 2 for the Classes of 2009. movies. Students at the University of Oklahoma were much less likely to share contact information (such as residence. 1.9% Books 76. and classes keep sharing more As shown in the table below.7 Undergraduates share the most. Such topics are outside the scope of this paper. The differences we noted are probably a function of many variables specific to the school.6% 17.All Schools: Disclosure of PII Clubs 300+ Friends All Users Difference 81. r = -. and -.4% Gender 92.496 for the overall score.9% 64.7% 19.2% Movies 81. We did this at all four schools. Difference between classes In order to determine if there is a statistically significant difference between courses. we attempted to correlate disclosure scores to class years. especially commercially valuable information of information disclosure will keep increasing correspondingly. As the majority of new registrants for Facebook each year are going to be undergraduates.0% 18. Of the universities.1% 17. administrative advice on Facebook usage. 5.6% 59.0% 51.4% Interests 85.3% 64. and mobile phone number) than students from any other university in our study.8% 82. and the contact and interest subscores. The differences we found really speak to the notion that Facebook is different at every school it supports. respectively. students at Oklahoma were the most forthcoming about their tastes in books. 18 .7% 62. Harvard provided us with the lowest percentage of visible profiles from existing profiles (66%). whereas MIT provided the highest (79%). 5.1% 21. and the result was that all disclosure scores were weakly correlated to class year (r = -. policies on information sharing. this is another indication that more and more data will become available on Facebook.8 Differences among universities Among the four universities we investigated. and 2007. and so on. undergraduates share much more data than average. and the undergraduates most likely to disclose information no less. On the other hand. in almost every case.).

Difference in Disclosure Harvard Gender Major Dorm Room? High School AIM Mobile Interests Clubs/Jobs Music Movies Books 22% -6% 30% 23% 32% 26% 3% 29% 17% 33% 31% 31% MIT 17% 23% 23% 4% 18% 18% 10% 16% 23% 18% 19% 17% Figure 8: Difference between Class of 2009 exposure and all users MIT Major Dorm AIM Mobile Interests Clubs/Jobs Music Movies Books 81% 96% 71% 24% 78% 49% 77% 74% 74% Harvard 64% 94% 72% 27% 81% 58% 82% 80% 80% OK 91% 85% 62% 17% 89% 76% 93% 90% 81% NYU 79% 89% 76% 15% 81% 50% 84% 82% 77% Figure 9: Disclosure rates of the Class of 2009 19 .

and 12 (3.9 Even more students share commercially valuable information The information most relevant to advertisers would likely be demographic data (age. gender.10 Users are not guarded about who sees their information As a whole. which may be a leading indicator of even greater disclosure. 76 (23%) are not concerned with Facebook privacy.45%) never friend strangers.11 Users Are Not Fully Informed About Privacy We asked Facebook users if they had read Familiarity with the TOS and the Privacy Policy Facebook’s policies regarding their use of the service.” while 100 (26%) say they are not.5%) are barely concerned. Of 389 users indicating familiarity with “My Privacy”.6%) are very concerned. and social security numbers. This tendency of users is further evidence that Facebook use is more characteristic of physical relationships than that of an exclusively online community. Of 389 respondents. Facebook users at MIT tend to friend people they know.83%) claim to friend strangers. of the 380 users who gave information regarding their use of “My Privacy. dedicated users have a tendency to disclose this information much more often. location). a powerful metaphor that is at the heart of the way users share their information on Facebook. and choose not to use them. this database of interests could easily be cross-referenced by a database from a third-party vendor. 243 people (63. 104 (31.5. 110 people (28. while 146 (38%) said they do not. Concerns about Facebook privacy As a whole.72%) friend strangers on occasion. 353 (91%) had not read 20 . At the same time. As shown above. 117 (35. 5. Of 329 respondents. over 70% of users are willing to disclose both categories of information. 5. as paired with interests. Likelihood of “friending” strangers. it merits further attention. doing so almost exclusively. Only allowing people whom users know in real life to access their information is a good Facebook security strategy when combined with other privacy features and selective posting.1%) are quite concerned. making the Facebook a valuable trove of demographic data for marketers.” 234 (62%) said they use the feature. 20 (6. In addition.6%) are somewhat concerned. matching the details about users’ interests and current location to addresses. Actively choosing to not use “My Privacy” indicates that users believe there is a benefit to providing information and allowing others to see it. Although this seems like an intuitive notion. phone numbers. users are familiar with the privacy Knowledge and use of “My Privacy” feature features Facebook offers. 289 (74%) say they are familiar with “My Privacy. and 30 (7. Women and men are equally unlikely to add a stranger to their list of friends. Of the 383 respondents to this question. In general. survey respondents expressly indicated low con- cern for Facebook’s privacy policies.

Facebook can indeed share your information with other companies for advertising or other purposes. although most users are familiar with the feature.462. states that “we may share your information with third parties. Women were more likely to use Facebook’s “My Privacy” feature in our survey. and some 84 (20%) did not know. as indicated in their privacy policy 8 . with a correlation coefficient r = -. 347 (89%) had never read the Privacy Policy. as shown in the table9 . In addition. but not to a statistically significant level. Of 374 respondents.” The Facebook then lists reasons that they may share information. some 342 (87. including legal requests and “facilitating their business. More Risks Are Presented The overwhelming majority of Facebook users are familiar Familiarity with “My Photos” feature with the “My Photo” feature. 196 users of 416 respondents (47%) said yes. Of 389 respondents. on restricting access to photos posted on the service. 9 The correlation coefficient of male to female mobile phone disclosure is . 5.” The Privacy Policy. on the other hand. while 200 (53%) believed Facebook could. 174 (47%) believed Facebook could not do this. We found that schools with more women share proportionately less contact information. The FAQ states that “We don’t distribute your user information to third parties. or did not provide an answer. we calculated the correlation between self-reported gender percentages at the different universities. indicating an extremely strong link between the behavior of the genders at any particular school. Women are more likely to log into Facebook. and have a higher percentage of friends from MIT. 5. few seem to worry about its potential implications. This is pronounced in the number of mobile phone numbers made available to the public. and a strict reading would imply that Facebook can share information with third parties. Understanding of Privacy Policy We asked users to guess whether or not Facebook can share your information with other companies.” Although the policy could be construed to imply they will not share information.992. specifically. it is certainly not clearly stated. including responsible companies with which we have a relationship. Both genders are equally unfamiliar with Facebook’s Terms of Service and Privacy Policy. Women definitely self-censor their Facebook data more than men do. Furthermore. have more friends. 8 The FAQ and Privacy Policy are actually in direct contradiction on this point.9%) were familiar with the feature. we compared the trends of male and female users. and correlated these to the contact information index.the Terms of Service. 21 . Of 390 respondents.13 Women self-censor their data In addition to the above analysis. When asked if users have any control over the “My Photo” content of others.12 As Facebook Expands. 139 users (33%) said no.

Access.2 Notice Notice is the first and most important requirement of fair information practices. the Federal Trade Commission published Privacy Online. disclosure rates are likely to rise. As time goes on. clubs. etc.Disclosure of phone number. and favorite books.6% 8% Figure 10: Women self-censor the information they share 5.1 Facebook and “Fair Information Practices” Overview In 1998. These areas cover the basic principles of online privacy. The correlation coefficient between self-reported female percentage and the interest index was r=. by gender Male Harvard MIT NYU Oklahoma 33% 29.15 General Conclusions Facebook is an institution at the colleges we surveyed.625. Choice.14 Men talk less about themselves In contrast. Although they tend to self-censor. and Redress. including. among other things: 22 . As Facebook becomes more entrenched. or there are enough newsworthy privacy stories to change users’ perceptions. 6 6. This report identified the five “widely accepted fair information practices”: Notice. we compared gender ratios to the interest data index (the extent to which users share their interests. Here we found that the male-dominated schools tended to share less information. before data is collected. The basic “notice” requirements are a clear statement given to the consumer. Security. [6] 6. until Facebook changes the parameters of their system. areas Facebook needs to address if they are to protect the privacy of its users. which may indicate that women are more likely to share information about themselves which will not lead to phone calls or unwanted visits. it is becoming even more entrenched in college life.). a report to Congress assessing the state of privacy on the Internet. especially women.2% 21% Female 26.7% 22. users still share a lot of personal information that could be valuable to many parties. 5.5% 11.5% 20. Customers must be aware of information collection and their rights regarding that collection before they can exercise them.

[6] The Facebook Privacy Policy aims to fulfill this requirement. 6. however.” [6] Clearly. • Whether the provision of the requested data is voluntary or required. there is large amounts of additional disclosure going on. choice means giving consumers options as to how any personal information collected from them may be used. • The nature of the data collected and the means by which it is collected if not obvious (passively. as no setting related to this information is available in the “My Privacy” feature. integrating their marketing efforts seamlessly into the site via giving them special “Groups” for interested students. integrity and quality of the data. our survey showed that 46% of Facebook users believed that Facebook could not share their information with third parties. uses beyond those necessary to complete the contemplated transaction. This information is gathered regardless of your use of the Web Site. Parts of the policy are vague.” This passage is either inaccurate or outdated. Facebook has close relationships with several corporations. and does a good job of identifying which data will be collected in most cases. The identification of the uses to which the data will be put are nonexistent. Specifically. including non-obvious data such as session data and IP addresses. the uses to which the data will be put. and the identification of the targets of potential disclosure is anybody Facebook deems appropriate. by means of electronic monitoring. primarily 23 .e. We use the information about you that we have collected from other sources to supplement your profile unless you specify in your privacy settings that you do not want this to be done. This disclosure is certainly legal. and users are receiving the use of an extremely useful and popular site for free in exchange for it. by asking the consumer to provide the information).• Identification of the entity collecting the data. it is necessary to enter some personal information if one wishes to participate in a social networking website. and any potential recipients of the data. The two types of disclosure are disclosure to other users of the site. and some are seemingly contradictory and confusing. Even though Facebook accurately addresses what information they will be including on the whole. and the consequences of a refusal to provide the requested information. not all users understand the terms of the bargain. or actively.3 Choice “At its simplest. • The steps taken by the data collector to ensure the confidentiality. Unfortunately. their Privacy Policy falls short in other areas.. It specifies Facebook as the entity collecting the data. such as “Facebook also collects information about you from other sources. However. such as newspapers and instant messaging services. and disclosure to third parties. choice relates to secondary uses of information – i. including marketing partners.

6. it gives users control over the existence of information about themselves in the Facebook database.” Although Facebook is certainly vague about the uses to which the data will be put. There is way to request that Facebook not share your information with others. as third parties can upload pictures and associate them with one’s account. their use of encryption is nonexistent. and because Facebook provides users with the ability to control this information.” By this standard. the license granted above (that permits Facebook to use the data) will automatically expire. The privacy features provided by Facebook. This is clearly inferior to the current best practices for password protection. and the storage of data on secure servers or computers that are inaccessible by modem. See later in the paper for more details. such as using only reputable sources of data and cross-referencing data against multiple sources. The “My Photos” feature seems to run counter to the Security principle. It also allows advertisers to set cookies that are not governed by the privacy policy. The issue here is that there are virtually no controls on what Facebook can expose to advertisers. but it is not transparent and there is no evidence that one’s request is actually honored. making them exceedingly easy to sniff off of a public network. and destroying untimely data or converting it to anonymous form. All authorization information is sent in the clear. including the account passwords. Both are essential to ensuring that data are accurate and complete.5 Security Security is the process that ensures data integrity and restricts access to those who have been granted it legitimately. allow the interested user to easily control what other users of the site can see about their profile data. collectors must take reasonable steps. Privacy Online states in part “To assure data integrity.” [6] This attribute is more targeted at credit agencies and other organizations which maintain files on users which they may not want to disclose. 6. Facebook follows this principle fairly well. without any checks on the accuracy or 24 .e. to a large extent. Their terms of service clearly state that “You may remove your Member Content from the site at any time. to view the data in an entity’s files – and to contest that data’s accuracy and completeness. use of passwords.. The blanket statement regarding disclosure allows Facebook to disclose any personal data to advertisers. Although Facebook uses passwords to protect accounts and a MD5 hash as authorization. Because Facebook is based on the sharing of information. Facebook falls short. If you choose to remove your Member Content.” “Security measures include encryption in the transmission and storage of data.4 Access “[Access] refers to an individual’s ability both to access data about him or herself – i. providing consumer access to data.advertisers.

as large data warehouses are often targets of intruders. Even if users seek to disassociate themselves with any photos. In the case of security breaches. no site is perfectly secure. 7 7. This is not a risk that can be eliminated. redress should entail acknowledgment of user requests and transparency in followthrough on them. a clear policy on this matter would have been beneficial for users.” Much like the other privacy principles.6 Redress “To be effective. there is no policy for notification of customers. The fear of a security breach is certainly a reasonable one. The “prevent my information from being transmitted to third parties” request would be much improved if one could track the ramifications of that request. In addition. either from an outsider locating vulnerability or from a disgruntled insider. there are absolutely no user controls akin to “My Privacy” relating to photos at all.appropriateness of the data. [3] While a Facebook breach would not be sufficient to start performing identity theft. or even the default Facebook per-university controls. Redress requires that customers be aware of ways in which they may be harmed. MySpace: A Comparison MySpace has several clauses in its Privacy policy that deal directly with contingencies that are not pleasant for the company to admit. ChoicePoint’s databases were breached and 145. The company tells users that security breaches can never 25 . In addition. with no regard for privacy settings.000 records were compromised. a trove of so much personal information would contain much information that people would not want to make public. Users have no way of preventing pictures of them from being uploaded. For example. In light of holes such as the “advanced search” hole described below. self-regulatory regimes should include both mechanisms to ensure compliance (enforcement) and appropriate means of recourse by injured parties (redress). even if one is logged into the MIT facebook. One can ask to see all of the pictures of “Michael Smith” at Stanford and view them.1 Threat Model Security Breach Threat and Feasibility A security breach at Facebook.000. 6.000 Facebook records at risk. the most they can do is remove the tag that links the photo directly to the user’s profile. We have found that any Facebook picture is accessible from any Facebook account. would potentially put all 8.

Additionally. Thus. attached as an appendix. Current Precaution Facebook’s Terms of Service state that using the site for data-harvesting purposes is forbidden. as users have an incentive to make information accurate.. The fact that we (two students) were able to data-mine the Facebook in a week. Facebook has a database on 8 million college students that is far more accurate than the usual commercial data. which have records of dubious accuracy[15]. A clearly stated requirement in their terms of service that they notify end-users whose privacy was violated would empower end-users.” “Clickwrap” licenses like the terms of 26 . for the purposes of sending unsolicited emails or other unsolicited communications. Feasibility Using our code.be completely prevented. Their notification requirements regarding changes to their privacy policy appear to be aimed at this contingency. MySpace does not have a notice requirement in the case of security breaches. Unfortunately. which states that “You further agree not to harvest or collect email addresses or other contact information of members . creating a comprehensive data-set spanning all accessible profiles. This is in marked contrast to the accuracy of databases such as those maintained by ChoicePoint and Acxiom. have built billion-dollar business on selling databases of personal information. even if “reasonable” steps are taken to prevent security breaches. Recommendation for Facebook: Security Disclosures Facebook should have a policy regarding disclosures of private information due to security breaches or unethical employees. This ensures that an unreasonable expectation of data security is not established[10]. using the time allotted to us for one class is evidence that data-mining the Facebook is evidence that it is not only possible. and notifies its users that their new owners could be less than scrupulous about using personal data. you agree not to use automated scripts to collect information from the Web site or for any other purpose. but easy. if it is possible to use the site for these purposes. we can conclude that it is possible to harvest data from the site. MySpace confronts the possibility that they will be acquired. however. as they are maintained by their subjects. Profiles used for social networking are likely to be 100% accurate. Our data collection violates the Terms of Service for Facebook. and there is no recourse against those who may seek to do so. In addition. we were able to crawl Facebook for four schools.2 Commercial Datamining Threat Companies such as ChoicePoint. This statement offers no protection. Inc. 7..

and assign user IDs randomly out of that.edu account. those IPs/accounts could be monitored for signs of abuse. The problem is that when people hide their profile page. but the danger posed to a person breaching this contract is uncertain at best. Then.3 Database Reverse-Engineering Threat and Feasibility Facebook’s “advanced search” allows one to query the database of users using any of the fields in a profile. performing a query at a certain college requires that one be logged in from an @thatcollege.facebook. He was only interested in using data on MIT students in an aggregated manner. Recommendations To Facebook: Better URL System Because of the method by which Face- book assigns User IDs. 7. This information is not actually secure unless they also exclude their profile from searches. An MIT student could write “getting drunk” as an interest and set their profile so that only their friends could see their profile. He also discovered that most fields are indexed by ID number. they expect the information on it to remain private. he could perform the query on any school without having a valid account for that school. A high school student at an MIT summer program discovered that by changing the server in the query URL from “mit.000 students at 8 Boston-area schools. but with that knowledge. Up until November 10. There are no provisions for the violation of the Terms of Service.com”. Over the course of a month. A better system would be to make the profile number space 10 times the number of people eligible for accounts at the university. Further research found a student that actually employed this strategy to create a database of at other local schools. “102”. 2005. one can search for sophomore males at Duke that enjoy Kurt Vonnegut.facebook. one could easily reconstruct all Facebook profiles regardless of privacy preferences.com” to “school. etc. and the termination of the offending account would not be a sufficient deterrent for those determined to obtain and use this information. he was able to systematically build up a database from queries on Facebook’s database. Zeidenberg. one can easily download all accessible profiles. For example. when invalid UIDs are accessed. Normally. The problem was compounded by a security hole that multiple people have discovered. so he was able to systematically query who lived in dorm “101”. until he had a comprehensive list of where everyone said they lived in their profiles.service have generally been upheld by courts 10 . he compiled information on over 82. 10 ProCD v. An advanced search for “getting drunk” would still associate the students’ name with this string. expecting that this information is secure. referenced in [19] 27 .

we did not attempt to steal passwords.php&name = John (6) 28 . It is a simple.Current Facebook Precaution Facebook blocks Advanced Search. An adversary could read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic. It should be noted. as well as any additional accounts they use those passwords for. MIT WebMail.” 7.f acebook. which limits the scope of the problem. the service uses a variant of this URL: http : //mit. Because many many users use their university email passwords as their Facebook passwords. Recommendation to Facebook: Encrypt the Passwords Using SSL for login is the industry best practice for protecting passwords on login.com/photo search. that MIT cited password theft as a real problem when they maintained telnet servers that had login data sent as cleartext.5 Incomplete Access Controls Threat and Feasibility In searching for user photos on Facebook. eBay. The University of New Mexico cited this as the main reason they chose to disable Facebook access from their network. however. Recommendation to Facebook: Restricting Search When users set their profile to be friends- only. except at one’s school. and countless other sites to protect sensitive information as it is being transferred.4 Password Interception Threat The fact that the username and password were sent in cleartext is a security vulnerability. however. cheap solution that would close a major security hole. 7. all information save their name should be withheld from being searched by “Advanced Search. It is used by Google Mail. UNM views Facebook as a security liability for their network. obtaining access to users’ Facebook passwords. Because of the ethical and legal implications of doing so. The “Exclude my name from searches” preference in the “My Privacy” section actually solves the problem. Current Facebook Precaution Facebook currently takes no steps to protect user passwords in transit. it takes the same intuitive leap for users to see the risk and protect themselves from it. Because an intuitive leap is needed to see how to use the Advanced Search for data-mining.

Without detailing specific cases. makes it easy for others to find photographs with few restrictions. the problem lies in the additional unrestricted method of searching all photos by name. he would have to act on it. It is also his personal belief that Facebook data would be admissible in Committee on Discipline hearings. and the search by name should be disabled. The one other MIT case involved a freshman in the class of 2008 advertising a party in his soon-to-be dorm room on Facebook before he even arrived on campus. he alluded to the fact that Facebook incidents that MIT has had to deal with so far have related to a student posting unflattering or untrue information about another student. In addition. Feasibility MIT MIT has not had any high-profile Facebook-related cases yet. users are unable to view others’ profiles on other websites.6 University Surveillance Threat Students in many cases are unaware of the complex interactions between university policy and the information they are making available online. but they can view all pictures. The ability of users to upload and tag photographs easily. they exist all over the nation. and their students’ activities.. the usual access controls do not apply to “My Photos. which generated a complaint to the Department for Student Life. 7. 29 . and the difficulty for a user to de-tag large numbers of photographs. He did say. but there are no restrictions akin to “My Privacy” for photographs. Administrators are using Facebook to learn about their students. “My Privacy” should extend to the “My Photos” feature as well. and a growing realization of the importance of Facebook in a college environment. Recent months have seen a rash of incidents coming from students disclosing information that they never thought would end up in deans’ offices.” anyone from any university can search for and see any other photograph by editing the query URL.. that if public or quasi-public Facebook information was brought to his attention. but has. Recommendation to Facebook: Restrictions on Pictures Search This is weaker than any other access controls on the site. Current Facebook Precaution Facebook limits photograph searches by profile in the same way they limit regular searches. but there have been smaller incidents. however. Dean of Residential Life Programs Andrew Ryder has stated that MIT is not actively monitoring Facebook for rule infractions.There is nothing inherently wrong with allowing users to search for photos. These problems are not limited to technical schools like MIT. by default.

the University of Oregon[24]. there has been an explosion of articles in college newspa- pers relating to the privacy concerns of Facebook.” News at Other Schools In recent weeks. pressured Walker to remove the group. University policies are two-fold. and vague” (Walker’s words) student codes of conduct. Brown[28]. University of Tennessee at Chattanooga[29]. The wealth of new information available to administrators pushes the enforceability much closer to the literal readings of school policies. MA. which could have many unintended consequences. School officials who monitored Facebook. especially as they pertain to harassment. cautionary articles have appeared in the newspapers of Emory[21].Cameron Walker and Fisher College In October of 2005. and what is actually enforced. ambiguous. Walker’s expulsion could set a dangerous precedent for university officials. Since November 1. GW. administrators are not free to set whatever policies they see fit. and that he “was naive about Facebook. Dartmouth[23]. and ultimately canceled Fisher’s student status. because it wasn’t affiliated with a university. He was a sophomore in the class of 2008 in October 2005. Walker claims that his expulsion was an example of a “few administrators doing whatever they wanted”. Current Facebook Precaution The Facebook currently does not take steps to prevent this type of disclosure. it is the one case that many news articles mention. Georgia College[22]. and in an age of litigation. Cameron Walker. The reason for this action given by Fisher College was Walker’s creation of a Facebook group committed to the dismissal of a campus security officer believed to regularly overstep the limits of his line of duty. Syracuse[27]. Trinity College[25]. UNC Greensboro[30]. Macalester[26]. when the events leading to his expulsion occurred. On the other hand. To do so would be to make the university vulnerable to lawsuits in cases where forbidden behavior goes too far undetected. Facebook has been an area relatively free of administrative interference until now. they cannot afford to selectively enforce policies. Mr. particularly at schools with strict codes of discipline. Students believe that the information they post to Facebook should be protected as correspondence. Recommendation to Universities: From a student perspective. was expelled from the school and barred from the campus. then a second year student at Fisher College in Boston. The recent expulsion of Cameron Walker may have created a concrete example of the harm that can come from Facebook activity. His expulsion demonstrates the issues that can arise from the interactions of Internet publication and “unclear. This is the first incident of a student being expelled for actions on Facebook. 30 . there is the letter of the law. while school officials. will use evidence posted on Facebook to bring formal disciplinary charges against students. We conducted a phone interview with Walker in mid-Novemnber. and UPenn[31].

privacy protection cannot be an “opt-in” option.4 times the number that do when it is not set by default. Recommendation to Facebook: Merge “My Privacy” Facebook is unique. as demonstrated by Shah and Sandvig in “Software Defaults as De Facto Regulation. Students can only claim that they have been treated unfairly if they can establish an expectation of privacy. in that users are expected to return often and update their “preferences” (who their friends are. Facebook could clearly state that they could provide no guarantees regarding the security of their data. Recommendation to Universities: Educate Students The university’s most important role. a program during Orientation would help students from running afoul of university policy or being harassed. which requires a relatively open network. Facebook is becoming a key component of college life. Facebook could leverage this culture by merging the functions of profile updating and privacy settings. Until the societal norms regarding this new use of computers become well-established. Because of this complex interaction. Recommendation to Facebook: Opt-Out Privacy In a world where a minority of users change software preferences. To fulfill this mission. 31 . Yet. Because students are getting accounts earlier and earlier. however. and college administrators would not be doing their jobs if they didn’t understand and explore how a large portion of their student body was using their spare time and interacting with each other. Recommendation to Facebook: Warnings Page In an environment of growing misuse of in- formation made public by Facebook. Facebook would do its users a great service to explain the dangers of security breaches and outside monitoring. 96% of users employ it. colleges should look at their primary interaction with Facebook an educational one. their profile information). thereby greatly increasing the number of views the privacy settings get daily. Facebook faces a tough choice here: their business model is based on many ad views. all information contained therein may be viewed by job interviewers and college administrators. 3.” Their study found that if encryption on WAPs is set by default. One page could contain fields regarding basic profile information as well as privacy settings. Thus. they should tell their students this up-front. however. If universities are going to use this information. which requires extended browsing sessions. opt-out protection is far more effective.In addition. and that if users make their profiles public. universities should educate their students about the dangers that online disclosure of information can pose. is that of education. and the differing goals that administrators have.

It will be clear at the point of collection who is collecting the personal information and whose privacy statement will apply. Unlike Facebook. Friendster agrees to never share your information with any outside agency. your name. so the prospect of them doing so is clearly realistic. Current Facebook Precautions Facebook offers an “opt out” link on their Privacy Policy page. MySpace MySpace also has a much more explicit and user-oriented disclosure policy. among others. They say that they “will make every effort to implement any choice you make as soon as possible. which. The scope of disclosure to third parties is much more explicitly dealt with. Apple and JetBlue. have their own “groups” that interested users can join. and limited to: • Disclosure to advertisers whom users have “explicitly requested” to receive information from 11 . we are going to use users’ personally identifiable information in a manner materially different from that stated at the time of collection we will notify by posting a notice on our Web site for 30 days. However. if clicked. with narrower goals. MySpace will not disclose personal information to any 32 . e-mail address. 11 Users may be asked to provide personal information including name. Facebook’s privacy policy explicitly says that they may disclose profile information to third parties. or for a chance at giveaways.7 Disclosure to Advertisers Threat and Feasibility Facebook has a relationship with several companies currently. to show their brand loyalty. and user agent. Friendster only collects the data you enter into your profile. Other Services’ Precautions Friendster Friendster’s privacy policy is indicative of a more mature service. however. 12 • Disclosures required to enforce their TOS. 12 “A User is bound by any minor changes to the policy when she or he uses the site after those changes have been posted If.7. unless expressly required to do so by law. or to protect the safety of the public13 . • The use of cookies by advertisers. and is couched in language that does not actually imply any sort of binding agreement.” 13 “Except as otherwise described in this privacy statement. the feature has no followup or feedback. We may transfer personal information to certain ad partners that you have explicitly requested to receive information from. means that one can “submit a request” to Facebook to not share information with third parties. email address or home address or to answer questions in order to participate. IP address. dealing with smaller amounts of personal information than Facebook. to protect them legally.” Offering the user choice in this matter is clearly to the user’s benefit.

com.com Terms of Use Agreement or to protect our rights. (2) to enforce the MySpace. Facebook should seek to emulate MySpace in this manner. Current Facebook Precaution Facebook allows users to de-associate themselves from unwanted data. search warrant or other legal process received by MySpace. If the process is complex. the link is buried in the privacy policy. 7. which is a legal agreement. but in the case of photographs. In addition. it should be located in “My Privacy.” 33 . This is also an “opt-in” function that requires constant monitoring of the system.” Recommendation to Facebook: Privacy Policy Improvements Facebook’s privacy policy is vague and subject to change at the whim of the owners of the website. The university is currently considering removing her from that role. A user-centered Terms of Service would clearly delineate which information is shared with which partners. third party unless we believe that disclosure is necessary: (1) to conform to legal requirements or to respond to a subpoena.” To actually make the option effective. or (3) to protect the safety of members of the public and users of the service. which allows users to upload photos and tag them with the names of the people in the pictures. then a method for tracking one’s request would increase the transparency of the process. This functionality has already resulted in trouble for an underage student at University of Missouri-Columbia when college administrators found a picture of her duct-taped to a chair while another student poured beer in her mouth. The Facebook policy allows any disclosure of information to third parties that Facebook feels is appropriate.Recommendation to Facebook: Accountability and Accessibility for Third-Party Opt-Out An opt-out feature that guaranteed that the user’s information would not be disclosed in the future would allow users much more control over their privacy. depending on whether a user clicked on a third party’s ad or joined a third party’s group. the data remains on the server. A notice period announcing a change in the Terms of Service is another change that would improve the user experience. whether or not a response is required by applicable law. This was a matter of considerable embarassment as she had just been elected student body vice president.8 Lack of User Control of Information Threat Other users can upload and associate information to one’s Facebook account. and perhaps even go farther. The most prominent feature of this type is the “My Photos” feature. users who want to take action would look to “My Privacy.

Although Facebook allows users to delete Wall postings and de-associate themselves with photographs. Nobody can fault Facebook for students making questionable decisions. 8 8. lasting change in online privacy will only come from a gradual development of common sense regarding what is appropriate to post in social networking forums. and Facebook should take strides to inform users of their rights and responsibilities.Recommendation to Facebook: Better Restrictions on Third-Party Information Third parties’ ability to submit and associate information about users violates one of the key principles of information practices: the idea that users should have the ability to control and correct the information about them in a particular database. and to be cautious with the information they make available. We strongly advise all Facebook users to restrict access to their profiles. 7.9 Summary and Conclusion Ultimately. Although Facebook has flaws. mistakes regarding privacy will continue to occur. This lasting change will only come with time and understanding. Until users view alluding to underage drinking or drug use on their profiles as risky. Revealing this sort of information needs to be viewed as the equivalent of going alone to the apartment of a person one met on the Internet. realize that the photos that you upload of other people may be viewed by their high school friends or their family.1 Conclusion Postscript: What the Facebook does right A paper that analyzes the threats to privacy a system poses will inevitably adopt a negative tone about the target of its examination. Unfortunately. there are also areas in which it is a leader among social networking sites. The fact that each university Facebook is effectively its own 34 . but the environment that Facebook creates should be one that fosters good decision-making. Privacy should be the default. In addition. Recommendation to Users: Exercise Caution Users should be aware that there are effectively no access controls on pictures. this is not an easy fix. It is vital that Facebook users everywhere appreciate the potential for use of the system by administrators. this is an “opt-in” mechanism that requires constant monitoring. to not post information of illegal or policy-violating actions to their profiles. encryption should be the norm. and that they should only upload the pictures that they would feel comfortable having anybody on the Facebook viewing. Modifying the “My Privacy” feature to allow a blanket disabling of these features for a particular user would help users control their information. Don’t post anything of them doing anything that you wouldn’t want your parents to see you doing.

let alone one used by so many. References [1] Adamic. a body of common knowledge about disclosing information online would protect the public. the existing security model is robust enough to solve most of the problems associated with it. The current model would be close to ideal if the defaults and behaviors of settings were changed. which would not require a substantial engineering effort. and Adar..pdf 35 . As information retrieval and analysis tools become more powerful.” The “My Privacy” settings model is fundamentally sound. though not impossible. Buyukkotken. which explicitly notes that there is no way to restrict profile information. Although no national attention has been devoted to the issue. it would be allow users to control their data very easily. From a technological perspective. but no academic study has been done of its effect on end-users.2 Final Thoughts Facebook is used by over 8 million college students. 2002. The requirement of having a school email account to sign up is largely effective in preventing fake accounts and what could otherwise be a problem of Facebook “identity theft. and encourage the publication of personal data to an unprecedented extent. Security by obscurity is not the best practice for any system. This research aims to begin that dialogue. Lada A. Although the flaws with “My Photos” are pronounced. 8. Orkut. Although the Internet has made it possible to publish personal information online for a decade. Much as it is now common sense to not meet people online without taking significant precautions.” http://www.hp. more stories of students being disciplined because of Facebook appear in college newspapers every week. If the name search for photos followed “My Privacy” rules. social networking sites are unique in that they standardize. As with any emerging technology.site virtually firewalled off from the rest of the network is a much more private-by-default system than Friendster or MySpace. there has been little dialogue about investigating the protections put in place at one of the most-visited sites on the internet. the common sense regarding its proper use has lagged behind what technology has made possible.hpl. This system makes data harvesting much harder. centralize. The user community of this site and future sites will benefit from increased attention to these issues.com/research/idl/papers/social/social. which contains detailed files on more than 8 million young adults. “A Social Network Caught In The Web. The consequences of excessive disclosure of personal information and false senses of security are just beginning to emerge. the public needs to develop common sense about accepted practices on these sites. Eytan.

“Palo Alto.com/misc/privacy. & Shah. 8:30 am ET. available online at http://www.com/misc/terms. 2005. Rachel. USA.edu/fast facts/ [17] Sample Size Calculator.php.org/docs/DataAggregatorsStudy. [15] Data Aggregators: A Study of Data Quality and Responsiveness. http://admissions. Chicago-Kent Intellectual Property Law Society Journal of Intellectual Property.com/sscalc. available online at http://viewmorepics. “Do You MySpace?” By Alex Williams. 36 .html. [12] Friendster Privacy Policy. Pierce. [8] Facebook Terms of Service.facebook. Calif. Steven. “Burned by ChoicePoint breach. [10] MySpace Privacy Policy. 2005.php. and Internet Policy. “Facebook Expands Operations at Terremark’s NAP West Facility” Tuesday November 1.eff. August 28.php. 2005.” San Jose Mercury News. (2005). Virginia. [14] Marshall. Heath.[2] Sandvig. [7] Facebook Privacy Policy. Daniel Dedap [19] Contracts. 1999. May 19. February 24.” [4] Terremark Worldwide.org/wp/eula.facebook. Inc. http://www.html. potential ID theft victims face a lifetime of vigilance. Annalee. Paper presented at the 33rd Telecommunications Policy Research Conference (TPRC) on Communication. Deborah and Linda Ackerman. Defaults as De Facto Regulation: The Case of Wireless Access Points.” http://www. [5] Newitz.com/policy. “Fast Facts”. Loaded December 14. [13] New York Times. available online at http://viewmorepics. Associated Press. Privacy Online: Report to Congress. “Dangerous Terms: A User’s Guide to EULAs. Information. Arlington. and Confusion: Revisiting the Enforceability of ’Shrinkwrap’ Licenses.myspace. 2005 http://www.php. available online at http://www.com/terms. [9] MySpace Terms of Service. C. R.-based Facebook brings social networking online. [11] Friendster Terms of Service.htm [18] Phone Interview.php.privacyactivism. August 29. Copyright.surveysystem.friendster. 2005. Matt and Anna Tong.com/info/tos.com/info/privacy.myspace. [3] Konrad.html [16] New York University Admissions.nyu. available online at http://www. [6] Federal Trade Commission.friendster. available online at http://www.

8.3

College Newspaper Articles

[20] Sealy, Will. “What facebook doesnt tell you.” The Flat Hat, student newspaper of The College of William and Mary. http://flathat.wm.edu/story.php?issue=2005-11-04&type=2&aid=3. Loaded December 14, 2005. [21] Zelkowitz, troversy.” Rachel. The “ Emory ‘Wasted’ Wheel Facebook Online, group November causes 22, con2005. Loaded

http://www.emorywheel.com/vnews/display.v/ART/2005/11/22/43829c13eb4d8. December 14, 2005. [22] “Public Safety considers Facebook and a valuable tool for party

busts.” 4,

The 2005.

Colonnade,

Georgia

College

State

University.

November

http://www.gcsunade.com/media/paper299/news/2005/11/04/CampusNews/ Public.Safety.Considers.Facebook.A.Valuable.Tool.For.Party.Busts-1046210.shtmlLoaded December 14, 2005. [23] Paquin, Christine. “Administrators advise caution in Facebook postings” The Dartmouth, November 21, 2005. http://www.thedartmouth.com/article.php?aid=2005112101070. Loaded December 14, 2005. [24] “Facebook could invite more than your friends.” Oregon Daily Emerald, November 28, 2005. http://www.dailyemerald.com/vnews/display.v/ART/2005/11/28/438aca3122ba8. Loaded December 14, 2005. [25] Montermini, Fabrizio. “Facebook Raises Privacy Concerns.” The Trinity Tripod, November 29, 2005. http://www.trinitytripod.com/media/paper520/news/2005/11/29/News/ Facebook.Raises.Privacy.Concerns-1115345.shtml. Loaded December 14, 2005. [26] Martucci, Brian. “As Facebook grows, more than just friends are watching.” The Mac Weekly, December 9, 2005. http://www.themacweekly.com/article.php?arid=133. Loaded December 14, 2005. [27] Shoffel, olating Jessical. conduct “SUNY-ESF codes.” The warns Daily students of Facebook December content 2, vi2005.

Orange,

http://www.dailyorange.com/media/paper522/news/2005/12/02/News/ SunyEsf.Warns.Students.Of.Facebook.Content.Violating.Conduct.Codes-1119079.shtml. Loaded December 14, 2005. [28] Woo, Stu. “The Facebook: not just for students.” The Brown Daily Herald, November 3, 2005. http://www.browndailyherald.com/media/paper472/news/2005/11/03/CampusWatch/ TheFacebook.Not.Just.For.Students-1044229.shtml. Loaded December 14, 2005. 37

[29] Walker, Rachel. “UTC cops check Facebook for underage drinkers.” The Echo online, November 10, 2005. http://www.utcecho.com/media/paper483/news/2005/11/10/Culture/UtcCops.Check.Facebook.For.Underage.Drinkers-1053481.shtml. Loaded December 14, 2005. [30] McIntyre, book land Luke. you in “FAILURE jail.” TO The COMMUNICATE: Carolinian Online, Don’t November let 8, Loaded Face2005. De-

http://www.carolinianonline.com/media/paper301/news/2005/11/08/Opinions/ Failure.To.Communicate.Dont.Let.Facebook.Land.You.In.Jail-1048102.shtml. cember 14, 2005. [31] Kramer, Melody Joy. “Forfeiting privacy, one post at a time.” The Daily Pennsylvanian, November 30, 2005. http://www.dailypennsylvanian.com/vnews/display.v/ART/438d34a676ff6. Loaded December 14, 2005. [32] Wang, Jiao. “Facebook Profiles Become Handy Tool for Recruiters.” The Tech, December 13, 2005. http://www-tech.mit.edu/V125/N61/facebook.html. Loaded December 14, 2005.

9

Acknowledgements

Harvey and Jose would like to thank Hal Abelson, Danny Weitzner, Keith Winstein, and Les Perelman for being available to answer questions and edit a 40-page paper multiple times. We would also like to thank the students that took our survey, and the numerous students that took time to discuss the Facebook with us. We would also like to thank Laura Martini and the rest of EC Second West for putting up with us, and the TEPs who gave us feedback. Without Dan Dedap and Sheeva Azma, this project would not have happened. Finally interviews we conducted provided invaluable background and insight.

9.1

Interview subjects

• Andrew Ryder, Assistant Dean, MIT Residential Life Programs • Sharon Snaggs, Residential Life Associate, MIT • Christopher Varenhorst, MIT Undergraduate • Facebook scraper (name withheld) • Jeff Gassaway, University of New Mexico Security Administrator • Cameron Walker, Fisher College student • Daniel Dedap, NYU alumnus, class of 2005 38

A

Facebook Privacy Policy

[7] This policy is effective as of June 28, 2005. Introduction The Facebook Privacy Policy is designed to assist you in understanding how we

collect and use the personal information that you provide to us and to assist you in making informed decisions when using the Facebook web site located at www.facebook.com (the “Web Site”). The Information We Collect When you visit the Web Site you may provide us with two types of

information: personal information you knowingly choose to disclose that is collected by us and Web Site use information collected by us on an aggregate basis as you and others browse our Web Site. When you register on the Web Site, you provide us with certain personal information, such as your name, your email address, your telephone number, your address, your gender, schools attended and any other personal or preference information that you provide to us. When you enter our Web Site, we collect the user’s browser type and IP address. This information is gathered for all users to the Web Site. In addition, we store certain information from your browser using “cookies.” A cookie is a piece of data stored on the user’s computer tied to information about the user. We use session ID cookies to confirm that users are logged in. These cookies terminate once the users close the browser. We do not use cookies to collect private information from any user. Facebook also collects information about you from other sources, such as newspapers and instant messaging services. This information is gathered regardless of your use of the Web Site. Children Under Age 13 Facebook does not knowingly collect or solicit personal information from

anyone under the age of 13 or allow such persons to register. If you are under 13, please do not send any information about yourself to us – including information like your name, address, telephone number, or e-mail address. No one under age 13 is allowed to provide any personal information or use our public forums. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at: info@facebook.com. Children Between the Ages of 13 and 18 Internet. Use of Information Obtained by Facebook When you register on the Web Site, you create your We recommend that minors over the age of 13 ask

their parents for permission before sending any information about themselves to anyone over the

own profile and privacy settings. Your profile information, as well as your name, email and photo, 39

your user information would likely be transferred to the new owner. • If the ownership of all or substantially all of the Facebook business were to change. lawyers. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. For example: • We may provide information to service providers to help us bring you the services we offer. If you do not want to receive promotional email from Facebook and/or do not want us to share your information with third parties for marketing purposes. • We may be required to disclose customer information pursuant to lawful requests. Links This site may contain links to other websites. saw their advertisements and determine which advertisements are clicked. Third Party Advertising Advertisements that appear on the Web Site are delivered to users by our advertising partners. such as to send email solicitations. or in compliance with applicable laws. Specifically.facebook.com/help. No personal information that you submit to Facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings. Sharing Your Information with Third Parties We may share your information with third parties. In this way. Facebook is not responsible for the privacy We will make every effort to implement any practices of other web sites. or others who are using your computer. Additionally. occasionally. we may share account or other information when we believe it is necessary to comply with law or to protect our interests or property. new services we think you may find valuable. such as subpoenas or court orders. We use the information about you that we have collected from other sources to supplement your profile unless you specify in your privacy settings that you do not want this to be done. please submit a request by clicking here http://mit. In connection with these offerings and business operations.php?add=1. Doing this allows the advertising network to recognize your computer each time they send you an advertisement. we may use third parties to facilitate our business. In addition.are displayed to people in the groups specified in your privacy settings to support the function of the Web Site. including responsible companies with which we have a relationship. we may use your name and email address to send you notifications regarding the Web Site and. our service providers may have access to your personal information for use in connection with these business activities. This may include sharing information with other companies. Our advertising partners may download cookies to your computer. This information allows 40 . This privacy statement applies solely to information collected by Facebook Web Site. choice you make as soon as possible. they may compile information about where you. agents or government agencies.

By using the Facebook web site (the “Web site”) you signify that you have read. Your account information is located on a secured server behind a firewall. understand and agree to be bound by these Terms of Use (this “Agreement”). It is your responsibility to regularly review these Terms of Use. an online directory that connects people through net- works of academic and geographic centers. or delete portions of these Terms of Use at any time without further notice. Security Facebook takes appropriate precautions to protect our users’ information.facebook. please visit our Help page http://mit.com/help. Contacting the Web Site If you have any questions about this privacy policy.an advertising network to deliver targeted advertisements that they believe will be of most interest to you. add. If we do this. please visit our Help page http://mit. we will post the changes to these Terms of Use on this page and will indicate at the top of this page the Terms of Use’s effective date. modify. we will post the changes to this policy on this page and will indicate at the top of this page the policy’s effective date. Information will be updated immediately. If we do this. 2005.com/help. we request that you do not send private information to us by email. to change. This privacy statement covers the use of cookies by Facebook and does not cover the use of cookies by any of its advertisers. If you have any questions about the security of Facebook Web Site. 41 .php for more information. We reserve the right. Your continued use of the Web site after any such changes constitutes your acceptance of the new Terms of Use.facebook. The Facebook service is operated by the Facebook network (“Facebook”). Changing or Removing Information Facebook users may modify or remove any of their personal information at any time by logging into their account. B Facebook Terms Of Service [8] These Terms of Use are effective as of October 3. Facebook does not have access to or control of the cookies that may be placed by the third party advertisers.php for more information. We therefore encourage you to refer to this policy on an ongoing basis so that you understand our current privacy policy. Because email is not recognized as a secure medium of communication. Changes in Our Privacy Policy We reserve the right to change our privacy policy at any time. at our sole discretion. Introduction Welcome to the Facebook. please do not use or access Web site. If you do not agree to abide by these or any future Terms of Use..

other files. trademark. or create a false identity on this website. In addition.” “pyramid schemes. Additionally. You further agree not to harvest or collect email addresses or other contact information of members from the Web site by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications. including but not limited to design. Facebook may terminate your membership for any reason. If you are under the age of 13. you represent and warrant that you agree to and to abide by all of the terms and conditions of this Agreement. • upload. • intimidate or harass another. Member Conduct You understand that the Web site is available for your personal. post. or contain libelous. at any time. post. or falsely state or otherwise misrepresent yourself or your affiliation with any person or entity. graphics. non-commercial use only. vulgar. you agree not to use the Web site to: • upload.” “spam. obscene. Proprietary Rights in Content on Facebook All content on Web site. email. text. transmit or otherwise make available any unsolicited or unauthorized advertising. You agree that no materials of any kind submitted through your account will violate or infringe upon the rights of any third party. hateful. abusive. privacy or other personal or proprietary rights. • upload. transmit or otherwise make available any material that contains software viruses or any other computer code. or racially. • use or attempt to use another’s account. ethnically or otherwise objectionable. overburden or impair Web site. You further agree that you may not use Web site in any unlawful manner or in any other manner that could damage. features and services on the Web Site. including copyright. transmit or otherwise make available any content that we deem to be harmful. defamatory or otherwise unlawful material. By using the Web site.” “chain letters. and their selection and arrangement (the “Content”). promotional materials. harassing. service or system without authorization from Web site. files or programs designed to interrupt. email. email. destroy or limit the functionality of any computer software or hardware or telecommunications equipment. you agree not to use automated scripts to collect information from the Web site or for any other purpose. Membership in the Service is void where prohibited.” or any other form of solicitation. disable.Eligibility You must be thirteen years of age or older to register as a member of Facebook or use the Web site. are 42 . threatening. “junk mail. post. • impersonate any person or entity. you are not allowed to register and become a member of Facebook or access Facebook content.

posted. Any other use of the Content is strictly prohibited.the proprietary property of Facebook or its licensors. All rights reserved. translate. you automatically grant. transmitted. You may remove your Member Content from the site at any time.com and provide us with the following information: an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest. your address. a description of the copyrighted work that you claim has been infringed. a description of where the material that you claim is infringing is located on the Web site. Member Content Posted on the Site You are solely responsible for the content. distributed. By posting Member Content to any part of the Web site. made under penalty of perjury. If you choose to remove your Member Content. copy. or transmit to other Members (collectively the “Member Content”). such information and content. harm. “post”) on the Service. You may not republish Content on any Internet. Copyright Policy Facebook respects the intellectual property rights of others. and to grant and authorize sublicenses of the foregoing. or the law. copied. to Facebook an irrevocable. please contact us at copyright@facebook. a statement by you. excerpt (in whole or in part) and distribute such information and content and to prepare derivative works of. without Web site’s prior written permission. that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf. logos. non-commercial use. telephone number. the license granted above will automatically expire. display. imitated. worldwide license (with the right to sublicense) to use. a written statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner. You may download or print a copy of any portion of the Content solely for your personal. and email address. framed. You understand and agree that Facebook may review and delete or remove any Member Content that in the sole judgment of Facebook violate this Agreement or which might be offensive. downloaded. perpetual. The Content may not be modified. republished. If you believe your work has been copied in a way that constitutes copyright infringement or are aware of any infringing material on the Web site. All trademarks. or used. photos or profiles Content that you publish or display (hereinafter. or threaten the safety of Members. in whole or in part. reproduced. displayed. illegal. without the prior written permission of Facebook. and you represent and warrant that you have the right to grant. perform. provided that you keep all copyright or other proprietary notices intact. reformat. or that might violate the rights. fully paid. non-exclusive. Intranet or Extranet site or incorporate the information in any other database or compilation. trade dress and service marks on the Web site are either trademarks or registered trademarks of Facebook or its licensors and may not be copied. 43 . transferable. its agent. in whole or in part. or sold in any form or by any means. or incorporate into other works.

to monitor disputes between you and other Privacy Policy. whether online or offline. Disclaimers Facebook is not responsible for any incorrect or inaccurate Content posted on the Web site or in connection with the Service. Facebook is not responsible for any problems or technical malfunction of any telephone network or lines. The Service may be temporarily unavailable from time to time for maintenance or other reasons. Facebook assumes no responsibility for any error. delay in operation or transmission. 44 . THE SERVICE AND THE CONTENT ARE PROVIDED “AS-IS” AND FACEBOOK DISCLAIMS ANY AND ALL WARRANTIES. defect. Click here to view the Web site’s You are solely responsible for your interactions with other Facebook Members. or any interactions between users of the Web site. or alteration of. interruption. monitored or checked for accuracy or completeness by us. Facebook reserves the right. INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF TITLE. Facebook is not responsible for the conduct.Links to other websites The Web site contains links to other web sites. WHETHER EXPRESS OR IMPLIED. Facebook is not re- sponsible for the content. deletion. of any user of the Web site or Member of the Service. THE WEB SITE. Under no circumstances will Facebook be responsible for any loss or damage. you do so at your own risk. but has no obligation. whether caused by users of the Web site. and such web sites are not investigated. resulting from anyone’s use of the Web site or the Service. servers or providers. accuracy or opinions express in such web sites. Member Disputes Members. software. Privacy Facebook cares about the privacy of its members. whether online or offline. theft or destruction or unauthorized access to. omission. failure of email or players on account of technical problems or traffic congestion on the Internet or at any web site or combination thereof. computer equipment. any Content posted on the Web site or transmitted to Members. If you decide to leave Facebook Web site and access these third-party sites. FACEBOOK CANNOT GUARANTEE AND DOES NOT PROMISE ANY SPECIFIC RESULTS FROM USE OF THE WEB SITE AND/OR THE SERVICE. MERCHANTABILITY. Inclusion of any linked web site on Facebook Web site does not imply approval or endorsement of the linked web site by Facebook. FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Members or by any of the equipment or programming associated with or utilized in the Service. including injury or damage to users and/or Members or to any other person’s computer related to or resulting from participating or downloading materials in connection with the Web and/or in connection with the Service. communications line failure. computer online systems. including personal injury or death. user or Member communications.

If any provision of this Agreement is held invalid. harmless from any loss. BY YOU TO FACEBOOK FOR THE SERVICE DURING THE TERM OF MEMBERSHIP. and other partners and employees. the remainder of this Agreement shall continue in full force and effect. IN NO EVENT WILL FACEBOOK BE LIABLE TO YOU OR ANY THIRD PERSON FOR ANY INDIRECT. Indemnity You agree to indemnify and hold Facebook. officers. C Facebook “Spider” Code: Acquisition and Processing The following code extracts all Facebook accounts from a given school that are accessible given the user account provided. EXEMPLARY. Questions Please visit our Help page for more information. or demand. Governing Law and Venue If there is any dispute about or involving the Web site and/or the Service. claim. INCIDENTAL. liability. EVEN IF FACEBOOK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. California and waive all defenses of lack of personal jurisdiction and forum non conveniens. You also agree to the exclusive jurisdiction and venue of the courts of the state and federal courts of Santa Clara County. you agree that the dispute will be governed by the laws of the State of California without regard to its conflict of law provisions. affiliates. its subsidiaries. INCLUDING ALSO LOST PROFITS ARISING FROM YOUR USE OF THE WEB SITE OR THE SERVICE. Any cause of action by you with respect to the Web site and/or the Service must be instituted within one (1) year after the cause of action arose or be forever waived and barred. SPECIAL OR PUNITIVE DAMAGES. IF ANY. FACEBOOK’S LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER. agents. CONSEQUENTIAL. WILL AT ALL TIMES BE LIMITED TO THE AMOUNT PAID. The failure of Facebook to exercise or enforce any right or provision of these Terms of Use shall not constitute a waiver of such right or provision. AND REGARDLESS OF THE FORM OF THE ACTION. made by any third party due to or arising out of your use of the Service in violation of this Agreement or your violation of any law or the rights of a third party. including reasonable attorney’s fees.Limitation on Liability EXCEPT IN JURISDICTIONS WHERE SUCH PROVISIONS ARE RE- STRICTED. Other These Terms of Use constitute the entire agreement between you and Facebook regarding the use of the Web site and/or the Service. 45 . superseding any prior agreements between you and Facebook relating to your use of the Web site or the Service. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN.

COUNT++ )) C.txt ’http://www.php?email=LOGIN&pass=PASS’ for (( do wget --cookies=on --wait=12 --random-wait --user-agent=’Mozilla/5.com/profile. "Screenname".0 (Windows.7. "Hometown". data) attrib=["Name".0.*" % str.facebook.php?id=$COUNT done COUNT = USERID_LOW . U.7’ --save-cookies=cookies. COUNT <= USERID_HIGH. "Favorite Books"] 46 . "Clubs and Jobs". "Favorite Music". "Concentration". "Status".1 Data Downloading BASH Shell Script wget --cookies=on --user-agent=’Mozilla/5.1.*?>’) def make_search(str): lam = lambda data: re. "Site".7. rv:1.12) Gecko/20050915 Firefox/1.com/login.sub("". "Residence". "School". "Sex".12) Gecko/20050915 Firefox/1.search(". "High School".*%s\:. "Mailbox". "Last Update".txt --keep-session-cookies --load-cookies=cookies.7’ --save-cookies=cookies. en-US.2 Facebook Profile to Tab Separated Variable Python Script import string import sys import re import os htmltag = re. rv:1.0 (Windows. en-US.0.txt --keep-session-cookies --load-cookies=cookies. data) return lam def strip_html(data): return htmltag. "Interests". Windows NT 5.txt http://SCHOOL. "Favorite Movies".1. "Member Since".C.compile(’<. U.facebook. Windows NT 5. "Mobile".

attrib) def process(fname): f = open(fname. ":")[1] if attrib[x] == "Name": fields[x] = string. "&")[0] for f in fields: 47 . " ")[0][2:] except IndexError: friends= "" try: data = string.split(data.split(data. "Groups")) == 2: data = string. "category_id=2")[1] friends = string. "r") data = f.split(data.split(field[0].write("Error! %s" % fname) data = dbak if len(string.split(data. data) fields=[""]*len(attrib) for x in range(len(attrib)): field = filter(lambdas[x]. "<h2>Information</h2>")[1] data = string. "Groups")[0] data = string. data) if field == []: fields[x] = "" else: fields[x] = string.userprofile -->")[0] except IndexError: sys.lambdas = map(make_search.read() dbak = data try: friendstr = string.split(fields[x].split(data. "\n") data = map(strip_html.split(friendstr.split(data. "<!-.stderr.

listdir(sys.argv[1]) val = string.argv[1]+"/"+ f) C.strip(sys. "March":"03". "July":"07". print friends for f in os.py col val # afterdate prints all records whose column #col is after val # val is of the form yyyymmdd col = int(sys. "November":"11". "May":"05". "February":"02".} while True: 48 .3 C. "June":"06". "October":"10".3. "\t". import string import sys # usage: python afterdate.1 Data Analysis Scripts The after date script. "April":"04".argv[1]): if f[:5] == "profi": process(sys. "September":"09".print f.argv[2]) s = "foo" month={"January":"01". "August":"08". "December":"12".

"\t")[col]) except IndexError: sys.strip(string. import string import os import sys vals=[0]*150 col = int(sys.argv[2]): print s C. month[fs[0]].write("PROCESS ERROR\n") continue fs = string.3.split(field) if len(field) > 2: date = int("%s%s%02i" % (fs[2].stderr.split(s.argv[2]) s = "foo" while True: try: s = raw_input() except EOFError: break try: 49 .argv[1]) bin = int(sys.try: s = raw_input() except EOFError: break try: field = string. int(fs[1][:-1]))) if date> int(sys.2 The bin count script.

etc.split(s.3.field = string. field try: vals[fval/10] += 1 except IndexError: print len(vals) print "ERROR:" + str(fval) if int(sys. import string import sys # usage: bindate col # col = number of column to use MUST BE A DATE COLUMN # bindate prints the number of records where # column #col = January 2004.argv[2]) == 1: for k in vals: print k C.argv[1]) 50 . then February 2004. col = int(sys. "\t")[col] except IndexError: print "PROCESS ERROR" continue if field == "one": field = "1" if field == "": continue try: fval = int(field) except ValueError: print "ERROR:".3 The bin date script.

s = "foo" month={"January":"01".write("PROCESS ERROR\n") continue fs = string. "November":"11". "May":"05". "June":"06".split(s. "October":"10". "February":"02".split(field) if len(field) > 2: bins[year[fs[2]]*12 + int(month[fs[0]])-1] += 1 51 .} year={ "2004": 0.stderr. "2005": 1} bins=[0]*24 while True: try: s = raw_input() except EOFError: break try: field = string. "July":"07".strip(string. "December":"12". "April":"04". "March":"03". "August":"08". "September":"09". "\t")[col]) except IndexError: sys.

argv[1]) s = "foo" n = 0 while True: try: s = raw_input() except EOFError: break try: field = string.split(s. y. "\t")[col] except IndexError: print "PROCESS ERROR" continue 52 .3.4 print "%s/%s\t%i" % (m.for x in range(len(bins)): y = str(2004 + x/12) m = str((x % 12) + 1) print bins[x] # C. import string import os import sys # countnumber col printall # Countnumber reads from stdin and generates a histogram of the column # col = the column to read from # printall = whether to print each individual value vals={} col = int(sys. bins[x]) The count number script.

strip(sys. do nothing col = int(sys.argv[1]) val = string.vals[" "] import string import sys # usage: python filterfield.if n % 500 == 0: print field if field in vals. print this record # otherwise. vals[k] if " " in vals.keys(): print k. n C.keys(): vals[field]+=1 else: vals[field] = 1 n += 1 if int(sys.argv[2]) s = "foo" while True: try: s = raw_input() except EOFError: break 53 . vals[" "] print "NOTBLANK : ".3. "\t".py col val # if col is equal to val.5 The filter field script. n . print "TOTAL : ".argv[2]) == 1: for k in vals.keys(): print "BLANK : ".

strip(string.6 The greater than script.argv[1]) val = int(sys.3.split(s.write("PROCESS ERROR\n") continue if field == val: print s C. "\t")[col]) except IndexError: sys.stderr.try: field = string.argv[2]) s = "foo" while True: try: s = raw_input() except EOFError: break try: field = string. "\t")[col] except IndexError: print "PROCESS ERROR" continue if field == "one": field = "1" if field == "": 54 . import string import os import sys vals=[0]*150 col = int(sys.split(s.

field try: if fval > val: print s except IndexError: print len(vals) print "ERROR:" + str(fval) 55 .continue try: fval = int(field) except ValueError: print "ERROR:".

Which gender describes you best? n=419 Number No Response Male Female 9 186 224 Percentage 3% 44% 53% Figure 11: Gender of survey takers D Supplemental Data In this section. We referred to many. but not all. of these figures earlier. 56 . we included the numerical results of the numerous analyses we performed on the data we collected from users and directly from Facebook. This data is useful alone in looking for trends and correlations that did not find their way into this paper.

48% 20.95% 0.76% 0.43% 0.24% 0.72% 0.02% 1.24% 0.54% 0.24% 15.24% 0.24% 0.48% 25.15% 0.74% 0.24% 0.39% 0.24% 0.24% 0. 57 . 6 Phi Delta Theta Phi Kappa Sigma Phi Kappa Theta Pi Lambda Phi Pika Random Hall Senior House Sidney-Pacific Sigma Alpha Epsilon Sigma Chi Sigma Kappa Sigma Nu Simmons Hall Tau Epsilon Phi Theta Xi WILG Zeta Beta Tau Number Responding 45 1 1 4 4 1 2 87 2 107 1 2 2 9 2 3 4 1 2 1 1 1 1 42 6 1 1 1 1 1 63 7 1 10 1 Percentage 10.04% 1.24% 0.24% 10.24% 0.48% 2.24% 0.24% 2.48% 0.48% 0.67% 0.24% Figure 12: Chart of survey takers over dorms and ILGs.95% 0.24% 0.48% 0.Which best describes your living arrangements? n=419 House No Response Alpha Chi Omega Alpha Epsilon Phi Alpha Phi Baker House Beta Theta Pi Bexley Hall Burton Conner House Chi Phi East Campus Kappa Alpha Theta Kappa Sigma Lambda Chi Alpha MacGregor House McCormick Hall New House Next House No.24% 0.95% 0.

1% 3. What is your student status? n=419 Number No Answer Undergrad Grad Student Alumnus 10 380 13 14 Percentage 2.34% Figure 14: Status of survey takers 58 .69% 3.Figure 13: Distribution of survey takers over dorms and ILGs.39% 90.

61% 17.25% 10.89% Number Male 66 36 27 22 11 Number Female 70 57 37 18 10 Figure 15: Logins per week 59 .47% 25.Facebook Logins Per Week n=371 Number 1 to 3 4 to 8 9 to 15 20 to 30 31 or more 139 95 64 40 33 Percentage 37.78% 8.

96% 2.81% 30.Number of friends n=378 Number 1 to 10 11 to 50 51 to 100 101 to 200 201 to 349 350 or more 5 56 117 143 49 8 Percentage 1.95% 37.32% 14.12% Males 3 31 54 58 15 4 Females 2 23 62 84 33 2 Figure 16: Number of Friends at MIT 60 .83% 12.

77% 11.56% Males 2 20 56 72 12 Females 3 23 49 101 28 Figure 17: Percentage of Friends from MIT 61 .34% 11.76% 46.Percentage of friends from MIT n=372 Number 1-15% 16-33% 34-50% 51-75% 76-100% 5 43 107 174 43 Percentage 1.56% 28.

45% 7.Number Allowing Strangers To Friend n=383 Number No Yes Sometimes 243 30 110 Percentage 63.72% Males 109 17 44 Females 129 12 65 Figure 18: Analysis of users friending strangers on Facebook 62 .83% 28.

Facebook and My Privacy: Familiarity and Utilization n=419 Number Familiar No Answer No Yes 30 100 289 Males 15 38 133 Females 33 59 152 Number Using 39 234 146 Males 18 111 57 Females 19 119 86 Figure 19: My Privacy. and knoweldge and utilization thereof 63 .

65% Males 43 43 39 7 7 Females 31 71 64 12 5 Figure 20: Concern for Facebook Privacy 64 .1% 35.08% 3.56% 31.How concerned are you about Facebook and privacy? n=329 Number Not at all Barely Somewhat Quite Very Concerned 76 117 104 20 12 Percentage 23.61% 6.

65 .25 % 8.Reading of Facebook Terms of Service and Privacy Policy n=419 Read TOS? No Answer No Yes 30 353 36 Percentage 7.92 % 82.16 % 84.82 % 10.26 % Figure 21: Most users do not read the policies that regulate their Facebook use.59 % Read PP? 29 347 43 Percentage 6.

78% Figure 23: Are you familiar with “My Photo?” Can you restrict access to it? 66 .53 % 47.16% 11.22% 81.62% Can you restrict access? 84 139 196 Percentage 20.Can Facebook Share Information? n=419 Number Responding No Answer No Yes 45 174 200 Percentage 10.05% 33. n=419 Familiar No Answer No Yes 30 47 342 Percentage 7.17% 46. Familiarity with “My Photo” feature and policies.74 % 41. indicating a guess.73 % Figure 22: Users are split on whether or not Facebook can share your information with other companies.

24% Males 48 67 70 Females 50 68 106 Figure 24: Users show indifference and approval for Facebook’s security practices.Does Facebook do an adequate job in protecting your privacy? n=419 Number No Answer No Yes 102 139 177 Percentage 24.34% 33.17% 42. 67 .

5% 10.83% 15.49% 1.44% 19.52% 44.37% 0.74% 39. self reported.21% 30.11% 0.12% 0.46% 4.37% 27. and Harvard University.25% 16. University of Oklahoma.59% 0.34% 9.17% 10. New York University.74% 6.06% 8.03% 33.66% 11.5% 0.75% 0.81% 3.48% 1.51% 0.12% – Oklahoma 19910 8863 8814 78 630 2224 2952 3039 3151 2690 162 4984 2662 81 1312 188 10406 4 5239 44.72% 9. User Distribution: Kinds of Users at each school.41% 6.17% 14.94% 52. 68 .03% 13.92% 0.63% 10.26% 15.15% – Number Reporting Gender: Distribution Class Distribution: Graduating class of year indicated.31% NYU 24696 8689 12118 200 961 2643 3353 3850 4012 4076 60 5541 4730 183 1511 187 18055 26 – 35.11% – Harvard 17750 7461 5940 876 1351 1605 1657 1710 1785 1583 132 7051 7010 208 1933 438 8085 27 – 42.Distributions Of Facebook User Categories At Four Universities MIT Size Males Females 2003 2004 2005 2006 2007 2008 2009 2010 Other Alumnus/Alumna Faculty Grad Student Staff Student Summer Student Undergraduate 8023 3868 2483 189 539 762 878 948 1016 921 93 2677 2226 76 845 161 4702 10 – 48.15% 0.72% 39.61% 0.18% 49.27% 0.) Figure 25: Summary of Facebook usage statistics at four schools: the Massachusetts Institute of Technology.53% 2.16% 33.55% 0.89% 2.59% 16.16% 11.76% 73.89% 10.81% 25.02% 26.94% 11.58% 15.27% 0.07% 0.36% 6.24% 22. (“Undergraduate” unique to OU.01% 58.95% 10.83% 13.95% 2.04% 9.61% 9.7% 13.39% 3.82% 12.47% 45.94% 7.

49 % 66.03 % 67.39 % 76.8 % 74.24 % 75.76 % 67.46 % 79. All Students Residence High School Screen Name Mobile Interests Clubs/Jobs Music Movies Books Gender After 10/1/05 Residence High School Screen Name Mobile Interests Clubs/Jobs Music Movies Books Gender Total MIT 5172 5252 4341 1700 4453 3400 4236 4084 3956 6351 MIT 3309 3433 2890 1159 2996 2373 2894 2808 2710 3817 4100 80.46 % 65.31 % 79.55 % 13.27 % 73.35 % 48.04 % 79.28 % 83.55 % 94.9 % 74.11 % 81.71 % 83.32 % 66.46 % 100 % 46.48 % 100 % 24 % 40.19 % 55.62 % 68.Willingness to Share Personal Information at each school.73 % 70.93 % 58.01 % 70.05 % 16.49 % 28.42 % 13.11 % 21.07 % 63.06 % 68.47 % 84.25 % Harvard 4260 7270 8186 8582 8607 8758 9116 10694 11271 13401 Harvard 7466 7613 5965 3100 6661 5452 6457 6295 6293 8497 9391 79.7 % 50. at four schools.88 % 70.01 % 90.16 % Oklahoma 7190 16133 10860 2637 15099 13170 15608 15255 13626 17677 6316 13841 9396 2228 13075 11562 13564 13251 11848 14906 15603 36.5 % Oklahoma Figure 26: Willingness of Facebook users to disclose personal information on the service.8 % 50.46 % 54.48 % 88.71 % 60.25 % 63.03 % 54.93 % 84.52 % 33.49 % 49.59 % 68.69 % 65.5 % 42.78 % 40.93 % 95.53 % 100 % NYU 11582 18359 16157 3443 16473 12426 16470 16218 15427 20807 NYU 9601 14341 12627 2698 13047 9839 13091 16387 12216 15479 16387 58.51 % 77.93 % 75. showing all users and only those who have updated their profiles on or after October 1.34 % 51.94 % 66.34 % 65.84 % 66.96 % 46. 2005. 69 .62 % 60.1 % 100 % 64.1 % 93.5 % 81.07 % 57.59 % 87.44 % 88.22 % 14.15 % 78.38 % 52.89 % 100 % 74.36 % 60.5 % 75.1 % 86.12 % 48.67 % 62.9 % 49.

7 % 50.36 % 64.71 % 85.58 % 61.44 % 56.99 % 29.05 % 58.12 % 11.55 % 84.69 % 77.9 % 20.28 % 59. by gender.36 % 74.59 % 87.94 % 100 % NYU 4536 7066 6374 1930 6468 4897 6513 6369 5960 8689 NYU 6736 10631 9103 1407 9276 7032 9289 9233 8846 12118 55.48 % 26.68 % 77.21 % 74.59 % 84.3 % 68.59 % 61.89 % 67.44 % 59.29 % 81. Males Residence High School Screen Name Mobile Interests Clubs/Jobs Music Movies Books Gender Females Residence High School Screen Name Mobile Interests Clubs/Jobs Music Movies Books Gender MIT 3005 2979 2514 1147 2580 1941 2470 2335 2244 3868 MIT 2003 2083 1667 510 1661 1325 1595 1594 1550 2483 80.2 % 81.54 % 66.18 % 63.89 % 53.02 % 64.Willingness to Share Personal Information at each school.65 % 76.2 % 100 % 77.49 % 75.73 % 75.96 % 73.97 % 88.24 % 64.19 % 73 % 100 % 52.95 % 90.73 % 50.67 % 83.61 % 32.53 % 61.61 % 76. 70 .42 % 100 % 77.98 % 62.5 % 72.44 % 56.5 % 59.01 % 60.65 % 66.36 % 22.81 % 73.03 % 76.86 % 60.79 % 73.14 % 20.55 % 58.37 % 58. by gender.36 % 59 % 8.59 % 100 % Harvard 5804 5479 4224 2461 4680 3770 4572 4439 4410 7461 Harvard 4852 4577 3474 1577 3763 3064 3624 3599 3635 5940 81.35 % 51.1 % 86.2 % 62. at four schools.41 % 100 % 40.32 % 73.11 % 100 % Oklahoma Figure 27: Willingness of Facebook users to disclose personal information on the service.01 % 100 % Oklahoma 3377 7661 5309 1859 7888 6168 7471 7223 6418 8863 3609 7964 5200 710 7211 6497 7540 7447 6693 8814 38.06 % 81.55 % 63.99 % 69.

11 % 0% 0.32 % 0. 05 Mar 1.16 % 1. 05 Apr 1.22 % 1. 05 Jul 1.91 % 1. 05 Sep 1. 05 Feb 1.38 % 1.11 % 0.42 % 2.26 % 0.24 % 4.When Users Join And Update Facebook at MIT Month Of Mar 1.76 % 20.89 % 9. 04 May 1.96 % 22. 04 Jan 1.48 % 1.3 % 2.98 % 0.49 % 4.05 % 2.38 % 1.69 % 0.98 % 0.99 % 2. 04 Jun 1.48 % Figure 28: Facebook usage data for the Massachusetts Institute of Technology.18 % 3.3 % 12.89 % 1.43 % 0.07 % 13.99 % 4. 04 Apr 1.49 % 0.22 % 0.57 % 0.7 % 7.82 % 2.19 % 4.11 % 0.87 % 3.49 % 0.9 % 3.69 % 0.71 % 4.95 % 2.11 % 0.88 % 0.91 % 15.71 % 3. 05 Total Join 1087 879 601 329 340 392 403 274 240 230 245 226 196 184 515 400 336 378 335 285 146 8021 13.03 % 2007 Join 320 195 83 21 18 37 27 26 20 21 27 21 14 12 13 15 11 12 24 21 10 948 33.44 % 2.85 % 2.08 % 0.89 % 5.83 % 4. 05 Nov 1.82 % 2008 Join 3 9 98 143 198 196 165 64 30 21 5 10 9 11 7 5 2 14 16 7 3 1016 0.65 % 14.02 % 36. 04 Sep 1.02 % 3.49 % 19.9 % 2.76 % 2.78 % 2.24 % 6.55 % 85.42 % 4.55 % 10.05 % 11.75 % 0.54 % 34. 05 Jun 1.3 % 24.57 % 0.07 % 0.22 % 1.2 % 1.43 % 11.58 % 1.74 % 2.29 % 6. 04 Oct 1.42 % 16.27 % 1.11 % 0.48 % 2. 71 . 04 Nov 1. 04 Jul 1.55 % 1.67 % 2009 Join 0 0 0 1 4 2 1 1 0 3 2 1 1 5 322 211 142 155 44 22 4 921 0% 0% 0% 0.45 % 1.22 % 1.85 % 2.39 % 0.53 % 2.22 % 2.1 % 4.96 % 7.67 % 3. 05 Aug 1.3 % 0. 05 May 1.22 % 0. 05 Oct 1. 04 Aug 1.57 % 8.37 % 1.29 % 16.82 % 100 % Update 0 0 0 0 18 22 39 51 60 67 62 99 94 101 185 250 252 482 907 1638 2493 6820 0% 0% 0% 0% 0. 04 Dec 1.07 % 19.33 % 0.11 % 2.27 % 2.

49 % 1.25 % 2.34 % 2.25 % 4.01 % 2.92 % 2007 Join 1 141 254 813 458 218 208 107 122 103 71 75 127 174 130 37 3039 0.03 % 4.57 % 0.84 % 3.25 % 3.36 % 26.02 % 0.17 % 6.73 % 3.61 % 7.07 % 7.83 % 15.44 % 1. 05 Total Join 1 448 966 3908 2723 1388 1411 836 1008 862 905 1117 1631 1237 1083 369 19893 0.56 % 13.63 % 2.When Users Join And Update Facebook at U. 04 Jan 1.2 % 6.85 % 100 % Update 0 5 4 38 79 68 95 122 151 223 179 274 564 1242 3329 12311 18684 0% 0.47 % 3.86 % 19.14 % 0. Oklahoma Month Of Aug 1.51 % 0.69 % 6.96 % 1. 72 .82 % 65.07 % 4.39 % 2.62 % 8. 05 Jun 1.16 % 10.81 % 1.52 % 4. 05 Oct 1.38 % 3.2 % 0.18 % 5.89 % 93.46 % 2.22 % 15.03 % 0.36 % 0.75 % 15. 05 Jul 1. 05 Mar 1.52 % Figure 29: Facebook usage data for the University of Oklahoma.16 % 4.16 % 29. 05 Aug 1. 04 Sep 1. 05 May 1.65 % 17.32 % 4.78 % 13.65 % 13.2 % 5.55 % 5.22 % 5.64 % 8.11 % 0. 05 Feb 1. 04 Oct 1.97 % 5.03 % 34. 04 Dec 1.63 % 3.28 % 2008 Join 0 131 316 1089 432 188 183 86 109 83 71 73 131 134 99 26 3151 0% 4.71 % 5.93 % 9. 05 Sep 1.81 % 2.33 % 4.89 % 1.73 % 4. 05 Apr 1.01 % 3.65 % 0.19 % 0.09 % 4.42 % 0.47 % 4. 05 Nov 1.98 % 7.89 % 0.39 % 24.29 % 15.11 % 0.78 % 0.02 % 6.84 % 2009 Join 0 3 3 24 21 24 40 37 97 196 414 650 805 259 96 21 2690 0% 0.28 % 1. 04 Nov 1.

18 % 3.01 % 0.13 % 6. 05 May 1. We strongly recommend that Facebook read and consider this valuable user feedback.52 % 5.39 % 1.07 % 0.08 % 0. 04 Dec 1.15 % 2.37 % 4. 05 Feb 1.59 % 2008 Join 3 18 218 230 566 957 736 382 209 96 69 58 46 52 82 60 51 71 65 36 7 4012 0.7 % 13.03 % 5.01 % 3. 05 Apr 1.31 % 2.21 % 2. 04 Oct 1. 04 May 1. 73 .07 % 0.16 % 2.12 % 0.07 % 0.87 % 3. 04 Aug 1.43 % 5.8 % 3.34 % 5.34 % 9.63 % 15.05 % 0% 4. E Selected Survey Comments The paper and web form survey we gave to users provided space for user feedback.07 % 0.9 % 0.64 % 0. 04 Jan 1. but then again you’re putting it up for the world to see. • give me a break.49 % 8. 04 Sep 1.61 % 89..11 % 4.72 % 0.88 % 3.5 % 1.44 % 0.When Users Join And Update Facebook at NYU Month Of Mar 1. • I don’t give them much personal data anyway. 05 Aug 1. 04 Nov 1.25 % 2009 Join 0 5 3 1 1 3 1 3 4 3 2 0 179 429 839 850 800 621 251 69 12 4076 0% 0.29 % 16.11 % 0.92 % 6. 05 Jul 1.17 % 16..5 % 52.02 % 0.16 % 1.07 % 0.02 % 0.57 % 7.53 % 20. 129 (29%) found the need to tell us their thoughts.58 % 20.81 % 3.24 % 0.04 % 33.88 % 3.69 % 0. 04 Jun 1.76 % 0. 05 Total Join 667 3350 1868 785 968 1509 1672 1396 1236 958 813 692 769 1019 1489 1319 1248 1187 955 664 131 24695 2.95 % 2007 Join 348 1287 338 75 72 138 229 217 142 111 132 82 63 73 89 79 60 106 127 71 11 3850 9.95 % 1. All included feedback results are as entered by the users.64 % 1.25 % 2.1 % 0.51 % Figure 30: Facebook usage data for New York University.29 % 15. 05 Nov 1.87 % 2.43 % 2.62 % 0.77 % 1.45 % 5. 05 Jun 1.11 % 6.9 % 2.3 % 1.77 % 5.69 % 0. Of 441 respondents. 05 Oct 1.53 % 100 % Update 0 0 0 3 18 24 54 98 143 161 169 177 222 278 477 480 526 998 1923 4776 11686 22213 0% 0% 0% 0.66 % 21.15 % 1.13 % 1. 05 Mar 1.05 % 1.56 % 3.05 % 4.39 % 10.73 % 14. The feedback we received was insightful.69 % 2.78 % 1.1 User Feedback • Facebook doesn’t really secure your data. Facebook is not a tool of big brother. 05 Sep 1.95 % 5. 04 Jul 1.02 % 0.29 % 2.11 % 23.04 % 1.58 % 5. E.75 % 3.27 % 1. all of this information is readily available to anyone will to put 15 minutes into stalking a person.72 % 1.3 % 2.85 % 18.64 % 3.65 % 5. 04 Apr 1.24 % 6.56 % 2.8 % 1% 1.84 % 0.85 % 19.43 % 8.45 % 1.

84 % 1.34 % 1.57 % 0. 04 Aug 1. having to untag it and possibly report it.8 % 100 % Update 0 0 0 0 2 30 52 70 110 145 138 173 192 209 237 382 480 462 840 1419 2887 6564 14392 0% 0% 0% 0% 0.When Users Join And Update Facebook at Harvard Month Of Mar 1.76 % 1.08 % 2009 Join 9 4 0 7 3 4 4 1 1 0 4 5 3 2 2 6 930 255 197 115 22 9 1583 0.15 % 2.67 % 3.75 % 16.77 % 2. 04 Oct 1.15 % 1. 05 Jul 1.94 % Figure 31: Facebook usage data for Harvard University.07 % 0.28 % 10. • I think you should have to approve a tagged pictured before it goes up rather than having to check periodically to see if any pictures are not something you want up. 05 Sep 1.38 % 58.19 % 0. 05 Total Join 5698 1387 698 850 491 410 711 556 387 394 380 417 402 324 285 346 1261 594 620 636 538 319 17704 32. 04 Jan 1.11 % 12.) • I think that it is primarily the users’ responsibility to be careful what is placed up on the facebook. 05 Dec 1.52 % 9.25 % 0.36 % 2.25 % 0. 04 Apr 1. 05 Aug 1.39 % 0.57 % 8.13 % 0. 05 Nov 1.96 % 1.22 % 1.87 % 1.18 % 0.06 % 0.26 % 1.52 % 1. not the other way around.81 % 0.29 % 2007 Join 1065 80 71 31 16 10 38 33 32 32 26 19 28 11 13 18 32 21 36 35 37 26 1710 62.83 % 3.18 % 7.12 % 3.02 % 3.27 % 1.36 % 3.15 % 45. 04 Dec 1.44 % 7.65 % 2. 05 Mar 1.68 % 4.9 % 20. 05 May 1.78 % 0. 05 Oct 1. 04 Jul 1.87 % 1.5 % 3.87 % 1.4 % 2.06 % 0.43 % 24.86 % 9.93 % 1.32 % 4.46 % 1. Even though I’m not sure of the legalities.11 % 1.23 % 2.19 % 2.74 % 1.66 % 2008 Join 21 14 9 298 206 204 431 195 51 27 19 22 15 19 14 24 31 25 47 71 37 5 1785 1.5 % 16.22 % 5.64 % 0.81 % 81.78 % 1.05 % 2.51 % 1.13 % 0.34 % 1. 05 Jun 1. 04 May 1.94 % 0.54 % 11.05 % 1.63 % 3.01 % 0.8 % 2.28 % 4.25 % 0% 0.83 % 1.69 % 11. 05 Feb 1.49 % 0.44 % 0.04 % 1. 04 Nov 1.92 % 2.21 % 1. • I wish I could automatically block all photo “tags” 74 .59 % 3.86 % 1.95 % 7. 04 Sep 1.01 % 0.77 % 1. 04 Jun 1.61 % 1.35 % 3. 05 Apr 1.64 % 0.25 % 0.06 % 0% 0.21 % 0. I don’t put information up that is too personal (phone numbers.14 % 2.19 % 0.32 % 0.98 % 2. • I think people need to be aware that anything they put on Facebook is public domain.11 % 2.23 % 0.15 % 10.36 % 0. • I dont really care about my privacy on the facebook because i lie in my profile a lot • I set the option that prevents non-friends from seeing my cell phone number.16 % 1.94 % 4.06 % 1. etc.58 % 2.23 % 2.

• Since you willingly submit information to Facebook . . especially since users other than yourself can “tag” you in their photos. not on Facebook via restricting access to what I choose to post.such as your name. • what i think is interesting is that third parties can post photos of you and link them to you and it is unclear to me if you have any control over that or who can view those. but only if you take advantage/know about them • They need to support SSL. but there is an option to request that your information is not shared with third-parties. age. I am even more careful about posting information (such as my sexuality) that I might not want acquaintances from high school asking about. Not. Very. Since my peers have such easy access to the data and can be sure it actually belongs to me. etc. 75 . F Paper Survey The paper survey follows. I do so specifically because I want it to be in the public domain. the my photo is nice but needs a seurity on it as well . Barely.asking permission of the people in it ahead of time etc.• it is hard to tell whether ppl take facebook seriously or goof off with it. • To clarify my privacy concerns. gender. The web form survey asked the same questions. Quite. Somewhat. I put the burden of protecting my privacy on myself via posting responsibly. There is obviously information that I would like to keep private.you should be fully aware that practically anyone from your school can view your personal information if you do not change your privacy settings. • When I place information on thefacebook. • the photo feature is highly questionable. plus an additional question: “ How concerned are you about the privacy of your data on the Facebook?” Possible answers here were: N/A. Basically. • There are appropriate options. but I don’t place it on thefacebook. and filter things through the concern that anyone may view the information. that Facebook can share your information with third-party companies is somewhat alarming. I treat Facebook like any other open internet forum.

)' )> ))' ?> ?)' )>> F "" @! >' )?G A = B (! " )> ( " )D' 55G " " )) 4 )1 4 )5 )7 )? )D (! " # 9 % 9 ( ! ! ( ( ( . $ . $ $ .! $ ( ! $% ! & ' ! & " # ( ! ) 1 * * 2 + + 3 2 0% 2 % 3 . !" I( . . 0 2 $ 23 9 : % $* 6 $ 3$% $ % $= . + + " . 3 $ %4 ( !. $ 9 H/ ( ! J ( ( ! ! !! ! 76 %4 : $2K . $ 9 : % $* ( ! / %. . < 1>>5 ? "" @! > D "" @! )' 5 ! 7' A ! / 1>>7 ! B' )? 1>' 5> ( )>)' 1>> + ( 57' ?>G ! $/ % / 9 H/ ( . $ . $ $ " . 1>>' 5?> ( ?>' F?G ! 0* I( & $ ! " $ ( . H/ I( ( / . F?' )>>G . ! " E 5?> ( ! / %." .%2 % + . 7 $ 8 8* . ' % 4$2 / (. % . 2 1>>? + 5)C . / 0 / 0 $ % $ $ %4 5 * $ / %$ 03 " $ / 2 " " 6 $ " (.

Sign up to vote on this title
UsefulNot useful