Privacy rankings: LinkedIn and Bebo high, Facebook and MySpace average, Badoo low

Open discussion of privacy on social networking sites puts off the average user, so websites do not produce "explicit or accessible privacy guidelines", according to researchers at Cambridge University who carried out the research.

The research ranked Bebo and LinkedIn highest for their privacy settings, while the British site Badoo was given the lowest mark. Facebook and MySpace were placed slightly above average.

"Sites want users to be relaxed and have fun, but when privacy is mentioned users feel less comfortable sharing data," said co-researcher Joseph Bonneau. "Even sites with good privacy feel that they cannot promote it, so users have no idea of what they are getting."

Personal information goes public

The research of 45 online social networks across the world revealed that the personal information of users is being made public. It says the "furious competition between social networking sites" is to blame.

The researchers found that sites which promoted their privacy controls as a selling point tended to attract fewer members. In their report, they suggest that this may be because the vast majority of people, while they may claim to be concerned about privacy, tend to forget about or ignore the possibility that this may be jeopardised when offered an attractive social networking service.

The report called for an "opt-out" approach to privacy. This would mean users' details are kept private until otherwise stated. It also called for stronger across-the-board regulation of these websites.

Measurement of privacy

The websites studied ranged from MySpace and Facebook to lesser-known foreign networks.

The academics recorded the amount of personal information required to sign up to each site. They measured how much they were told about its privacy policy and settings in the process, and looked at how much they could see about the site's existing members before they joined.

The research identified misleading privacy policies and inaccessible privacy guidelines.

The research, which is freely available online, found:

  • 90% of sites needlessly required a full name or date of birth for permission to join.
  • 80% failed to use standard encryption protocols to protect sensitive user data from hackers.
  • 71% reserved the right to share user data with third parties in their privacy policies.


Security advice for social networking
  • The Information Commissioner's Office advices social networking website users to:
  • Choose sites that offerplenty of control over who can find your profile and how much information they can see.
  • Read privacy policies and understand how sites will use your details.
  • Do not allow people to work out your "real life" location, such as your place and hours of work. Your personal safety offline could be affected by what you tell people online.
  • Change passwords regularly. Avoid using obvious words such as your pet's name and don't use the same passwords on social networking sites as you do for services such asinternet banking.
  • Use a separate e-mail address for social networking, preferably one that does not contain your year of birth or full name.

This article was first published by Computer Weekly

What’s hot on Infosecurity Magazine?