After Mark Zuckerberg, the owner of Facebook, said privacy is no longer a ‘social norm’, Facebook changed its privacy policy and set default privacy settings of most user personal data as “public” without their consent. Facebook has been criticized drastically for this change and was forced to improve its privacy settings. And now Facebook says the new settings are much better and easier.
It is a known fact that people are the weakest link in the security chain. Strong privacy settings should be supported with the wisdom of users. They need to known possible threats and how to protect themselves. Considering Facebook, it is inevitable to keep friends list “secure”. That means one should add a person to his friend list if only he is sure about the identity of this person. This is critical because Facebook’s privacy protection system is mostly based on this distinction.
While I was recently working on an article about privacy issues of Facebook, I did analyze the behaviors of Facebook users for accepting friendship requests and adding a person to their friends list. The analysis showed that people are quite careless and may forget their privacy easily.
For this analysis, I created one male and one female “faked” Facebook accounts. For the female account I uploaded a beautiful girl photo and similarly for the male account I uploaded a handsome boy photo. For each account, I chose randomly 100 female and 100 male victims and sent them requests for adding as a friend. After one month I checked the acceptance results and the incoming messages.
| Faked User | Victim User | # of Accepted Requests/Total Requests | # of Messages sent by Victim Users | # of Sent Messages after accepting the request | # of Sent Messages before reacting to the request |
|---|---|---|---|---|---|
| Faked Female | Male | 48/100 | 24 | 7 | 17 |
| Female | 30/100 | 15 | 5 | 10 | |
| Faked Male | Male | 21/100 | 6 | 2 | 4 |
| Female | 35/100 | 10 | 2 | 8 |
As the results are shown in Table 1, the male users were quite careless when they got requests from the faked female user. 48% of the male users did accept the requests. 24 male users sent messages to the faked female user asking if they knew each other. Interestingly, 7 of these male users sent the message after they had already accepted the request. On the other hand, when the males got friend requests from a faked male, they became more sensitive. Only 21% of the males accepted the friend requests sent by the faked male user. On the other hand, I did not reply the messages. If I had replied and interacted with the victims, I believe that could increase the success ratio of the accepted friendship requests.
As a result, this study showed that people are not very careful regarding their privacy. They can easily become victim of social engineering and get deceived regarding the identity of their communication partner. In addition, they are especially more insensitive for the opposite sex.
The article I mentioned in this post can be downloaded from here. Actually it was written a few months ago and therefore some privacy settings explained in the article are not up-to-date, since Facebook has recently updated its privacy settings many times.
Hi Emin. Could I use this blog entry as part of a high school science unit on cyber safety?
Do you have a more up-to-date version of your“On the Internet, nobody knows you are a dog”: A Facebook case study document from Aug 2009?
Hi Lorraine,
>> Could I use this blog entry as part of a high school science unit on cyber safety?
yes, you can.
>> Do you have a more up-to-date version of your“On the Internet, nobody knows you are a dog”: A Facebook case study document from Aug 2009?
no, it is the last version.
Very interesting! I'd be interested to see the results with a larger data set, especially given the Facebook population. How were these 'victims' chosen? Did you disclose to them that they were a part of your study afterwards?
Hi Ashley,
the "victims" were chosen based on first names. For example, I sent invitations to the people whose name is Michael.