Privacy on Social Networking Sites

08 · 6 · 15

Reading Time: ( Word Count: )


As the emergence of new internet era, the so called “web 2.0”, many people have created their own space in the Internet and post their personal information freely to create their unique content. However, the dilemma of revealing all this personal data and protecting the information provider against predators has caused headaches among many practitioners, notably social networking sites. This study examines why people on these social networking sites want to reveal their identity even though they are aware that it could be used in another, and unexpected, way. A case study will be presented to explore how this personal information is disclosed and shared with others and what types of privacy concerns arise and how the service provider could address these problems about privacy issues. Analysis of the case, according to our findings, will lead to the discussion of the main research question – how we regard this people’s behaviour – is this a privacy invasion or a new concept of privacy


Jeremy Bentham’s idea of the panopticon – the constant viewing of individuals without being seen – is often used to describe the Internet (Barnes, 2006, and Woo, 2006): it provides an effective and powerful mechanism to observe online users’ interactions.

In the same way, online social networking sites, the second generation of the Internet, are being criticised by allowing a high level of surveillance, while at the same time, being regarded as an emergence of “modern social control” (Woo, 2006).

These critiques stem from the high possibility of online social websites to breach the privacy of the tens of millions of users joining this web service and giving away a myriad of personal data. Consequently, this voluntarily abandoned data can be obtained, aggregated easily by some malicious recipients, and when the data is out of individual’s control, a privacy issue occurs.

There have been several attempts to the study of information revelation in online social networks site. However, how and why people reveal and transit their data from private to the public area is hardly examined (Gross and Acquisti, 2005).

This paper will attempt to reveal this matter by examining how social networking sites contribute to the privacy problem and, in turn, how they address this concern.

The first part of this paper is a brief description of the history of the privacy concept to help understanding of the general discourse about the privacy concept, especially as an “informational privacy” (Devries, 2003).

The following section will discuss the definition of social networking sites and the related privacy issues to raise awareness about our basic research question.

In the next section, we present one case study about one of the best-known social networking sites in Korea to facilitate understanding of our research question.

Finally, we will offer an analysis of the case study while examining the research question and revisiting the current privacy concept.

This paper does not attempt a fully-fledged account of these privacy concerns on the online social networking sites, but simply points to the possibility of an emerging new concept of privacy according to the arguments presented.

Evolving concept of privacy

What is privacy? Is there any consolidated concept of privacy in this era? If we have to define the meaning of privacy as a concept, one plausible starting point question could be? How the meaning of privacy has evolved in a social context, especially with technology development?

Privacy has changed its form and concept in accordance with the developments in historical and technological contexts. As privacy has been conceptualised variously according to environmental and personal factors (Kimmel, 1996, quoted from Sheehan, 2002), it is thus unlikely that we are able to make a solid definition of it.

More importantly, all individuals do not perceive privacy similarly, because privacy is highly contextual (Schoeman, 1984, quoted from Sheehan, 2002). Not only is privacy contextual, but also it can be said to be “subjective” – one that varies from individual to individual based on that person’s own perceptions and values (DO’ Neil, 2001). Due to this contextual and subjective nature of privacy, it conflicts with other important values within the society (Fred, 1997)

If privacy allows me to avoid the inconvenience of junk mail, it is somewhat valuable to me, but less so to others, who benefit from the subsidy paid by bulk mailers and from the ability to target advertisements for products and services. If, however, privacy permits me to avoid paying taxes or obtain employment for which I am not qualified, it may be very valuable to me, but extremely costly to society as a whole. It is clear, therefore, that neither privacy values nor costs are absolute. (Fred, 1997, p. 31)

Privacy as a legal right in the modern sense appeared in the late 19th century, when Warren and Brandies (1890) in their article “The Right to Privacy “ defined privacy as “the right to be let alone”. This 19th century concept of privacy was mainly concerned with people’s control over their private space against external forces. Its main concern was the relationship between the individual and authorities, that is, the people’s right to be free from invasion by the government into their private lives. (Woo, 2006)

A more recently developed notion of privacy is related to “informational privacy” (Devries, 2003). The discussions of this type of privacy can be found in Alan Westin’s seminal work (1967) “Privacy and Freedom”. In his work, Westin summarises informational privacy as “the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”. This definition has been widely adopted in many contexts, including Fried’s (1968) definition of privacy as “control over knowledge about oneself” (Introna, 1997). This idea of control over the distribution of personal information is very useful in our research where it is important to determine whether or not there is a loss of control of access to anything we disclose on the net.

In his paper Fried argues that privacy provides the “moral capital” for the development of personal relationship, with the way of exchanging personal information about oneself (Introna, 1997). Many recent philosophical notions of privacy have similarly emphasised privacy’s importance to the individual for the establishment of intimate relationships (Regan, 1995).

The point to be gained from this is that the importance of privacy has been framed primarily in terms of its value to the individual. As Introna (1997) argues, privacy plays a crucial role in shaping everyday social relationships: without privacy, human beings cannot maintain the most important human relationships, i.e., intimate relationships.

Now, in this computer age, privacy as an evolving concept has become stretched further with the development of technology. Traditionally, technology was thought to “threaten individual privacy”. When we take the new surveillance technology into consideration, such as telephone tapping and electronic eavesdropping, the development of technology also makes it easier for public or private authorities to collect, store and manipulate individual’s information, thereby, as a result, giving them more opportunities to control individuals (Regan, 1995).

However, the dominant view is that technology has played a pivotal role in defining the relationship between technology and privacy. Westin (2003), within this context, points out further that what drive privacy development are not only technologies itself but also organisations’ applications of them.

Privacy is a concept that has been dramatically evolving over time. Although, this privacy in contemporary use is heavily grounded in informational privacy, however, other aspects of the concept remain important. (Moor, 1997)

In this paper, as mentioned above, we will mainly deal with issues about the “informational privacy” – control over knowledge about oneself, thus descriptions about other aspects of the concept are inevitably omitted.

Social networking sites and its privacy concern

In recent years online social network sites have experienced periods of viral growth in terms of participation (Gross and Acquisi, 2005). While these Web sites are useful tools for serving as an individual’s digital representation of their identity, there has been growing concern over breaches in privacy caused by their services.

Definition of social networking sites

As it is highly possible that these social networking sites will use their user’s profile information to mine data for targeting specific advertisement, the term for “social networking websites” is defined in newly proposed Deleting Online Predators Act of 2006 as “commercial social networking website” – which is offered by a commercial entity and allows users to create an on-line profile that includes detailed personal information, and, at the same time, offers a mechanism for communication among users.( Danah and Jenkins, 2006)

These sites play a key role in youth culture because they give youth a space to hang out amongst friends and peers, share cultural artefacts and work out an image of how they see themselves. In this way, they attract many youngsters and mainly appeal to them rather than to older generations.

While social networking sites have drawn criticism from privacy advocates for the way they operate, several attempts have done to ease people’s concern about privacy.

For example, Myspace, one of the biggest social networking sites in the U.S, announced that it will release tools to identify and ban US sex offenders from it service since it has been criticised about some cases (BBC, 2006)

Currently, according to the popular press and recent reports, the main social concern associated with social networking sites is about the protection of children against predators. However, it seems that there is more to worry about on these sites than predators or paedophiles – we are giving anyone with access to the Internet access to our personal lives. (Kerrison, 2006)

Privacy issues and classification

As defined previously, privacy as a concept of “information privacy” is “the right to control information about oneself.” To certain extents, for individuals, privacy means that others have limited, or no, access to information about ourselves, to the intimacies of their lives. However, when we posted on the Internet, we have no control over the information – simply, because once our personal information is posted on the Internet, it becomes public, even though we think it is private (Barnes, 2006).

“You should always assume anything you write online is stapled to your résumé. People don’t realise you get Googled just to get a job interview these days.” (Marks, 2006)

Review of literatures about online user’s reported concerns with privacy reveal that internet privacy poses something of a paradox. That is, despite their privacy concerns, internet users hardly engage in self-protection (La Rose and Rifon, 2006): This paradox can be explained with the highly contextual nature of privacy, which means, individual’s different level of perception about privacy concept (Sheehan, 2002). According to Sheehan (2002), online consumers fall into three distinct groups according to their privacy concern: a quarter of online consumers are unconcerned– they are not concerned about privacy and are willing to give up their personal information in exchange for service benefit; a fourth are highly concerned –they tend always to choose privacy over consumer benefits; and, half are pragmatic – their concern about privacy depends on the situation presented.

Seemingly, this type of privacy issue focuses on the trade-off between the privacy and convenience people can obtain. The theory of privacy behaviour presumes that the consumer’s privacy-related behaviours occur within the context of a marketing exchange; they exchange their personal information for website benefits (La Rose and Rifon, 2006):

Surveys on the online users’ willingness to reveal their information clearly indicate that users are protecting themselves by discriminating about information they are willing to reveal (Earp and Baumer, 2003). People invoke different levels of privacy depending on the party they interact with, balancing the advantages gained by revealing information against the possible risk (Graham, 1999):“This implies that they are aware of the possible negative consequences of allowing personal information to be in the “wrong hand”.

When it comes to social networking sites, however, it does not seem that we can apply the same rule about privacy concern and self-protection.

Although there are no, on the surface, perceived benefits or advantages to revealing their
data anonymously on the net, people are providing information about themselves, in some cases about their friends, freely without giving many thoughts to the issue of privacy (DERI, 2004).

The question arises from here is: why are people voluntarily giving up their privacy under the risk of inappropriate use of information they provide – is it just because of their lack of appreciation of privacy concept or are there more complicated social context factors? What encourages them to do it and how does this affect our current appreciation of the issues surrounding privacy?

This privacy-paradox will find its place in the course of our discussion following the presentation of one case study.

Case study – Cyworld

The central motivation for this paper is to understand the multi-faceted nature of privacy mainly concerned in social networking sites, which has necessitated the conceptual exploration above. However, in an effort to make this perspective more tangible, we explore one case drawn from some research papers and articles. Our goal is to illustrate how one of the most well-known social networking sites has developed, while addressing the privacy concerns.

Brief description of the site

Cyworld is one of the most popular social networking sites in South Korea and the most noticeable character of this website is “personal relationship based” sites.
It has been reported that there are 20 million Cyworld members, or more than a third of the country’s entire population and almost 90 percent of all Koreans in their 20s have signed up (Cho, 2007). Due to its unusual addiction, there is a term those who become addicted to the site: a Cyholic (BBC, 2006).

Following its success in Korea, it has launched customised versions in Japan, China, Taiwan, and the U.S. This was founded in 1999 by four graduates of KAIST (Korea Advanced Institute of Science and Technology, South Korea’s MIT) who initially thought of it as a personal contact website, a way to connect to their immediate and extended circle of friends and family (it is called in this site “il- chon”). Its users are able to upload photos, write a blog, and create mini-room – a three-dimensional virtual space on the mini-homepage.

Arisen privacy concern

One of feature that helps Cyworld take off is ‘wave-surfing’ – the function of transporting to another person’s mini-homepage easily just by clicking on the name of someone who has added a remark on the posted photos or blogs. When people find it interesting, they can introduce themselves and put in a request to become a buddy. If it is accepted, they becomes a ‘il-chon’ and they are privileged to scrap and post each other’s contents –from art to photos – on their own mini- homepage.

Through this function, people are encouraged to make new online-relationships very easily. At the same time, users are induced to observe the lives of other people by this ‘wave-surfing’.

After I became a true cyholic, I often visited my ex-boyfriend’s mini home. It started as mere curiosity and ended almost like stalking. Cyworld makes what is impossible in real life possible in cyber world. I live far from my ex-boyfriend and can’t invest the money and time required to hunt him down. So I simply “hired” Cyworld to do the spying for me. Peeking at his mood indicator, message, board, and album, I knew exactly what was going on in his life. The only thing that stopped me from stalking him was the messages that his friends left on his board congratulating him on finding a new girlfriend. (Park, 2004).

Unlike U.S. social networking site ‘MySpace’, there is no anonymity or the predator problems that are causing legal trouble for ‘MySpace’ since users have to provide their national ID number, which is the equivalent of a Social Security Number in the U.S (Kanellos, 2006). However, ironically, it faces more serious privacy problems.

To sign up for the service, would-be members are required to register their real name and national ID number along with other critical personal information, such as date of birth, allowing other users to search for a member by the name and the age. While this search function contributed to the site’s popularity, a lot of private information is revealed on mini-homepage without protection.

Most of the reported issues concerning to the ‘side-effect’ of the searching function show that people use this function when they need to locate someone who has become the subject of a “witch- hunt”. When there are is a controversial social issue, people track down the person involved in the case through this searching function, publicising the person’s personal information, especially personal appearance, on the Internet, and this is frequently followed by an influx of malicious online attacks.

In one incident, one student A beat up another student B at a university library and then ran away. A was apparently irritated when he, while talking with his girlfriend, was asked to be quiet in the library. As the method for retaliation, the victim B posted the offender A’s girlfriend’s name and the year of her class on several popular websites, including Cyworld, after having found such information written on the book left behind after the attacker had flied. Many people, angry on reading the post, found the web address of A and his girlfriend’s Cyworld mini-hompages using the convenient searching function. They could identify the real name and photos of the offender A’s homepage. Within 24 hours, vast amount of personal information and assessments of character traits were widely disseminated over the net, with strong condemnation of his behaviour. Due to all the unwanted publicity, A was eventually suspended from the school.

Efforts to address the privacy problem

After suffering similar incidents in the past few years, Cyworld has drastically upgraded its privacy protection features (Citizen’s Action Network, 2007).

The first attempt was done in July, 2004, mainly focusing on strengthening the function of disclosure level of postings and photos – by “open-to-all”, “open-to-il-chon”, and “open-to-none”. Also, they introduced restrictions on the right to leave a message on the message board, that is, the operator of the mini-homepage can grant a privilege to leave a message on his/her message board only to a legal member of Cyworld. (The notice for the first service improvement, 5th May, 2004)

The second attempt reflected the demand for privacy protection of the user and for more detailed and classified online buddy relationship, which happened in March, 2005. More powerful functions for protecting user’s privacy introduced through this improvement. It allowed users to create lists of “il-chon” and manage the access to mini-homepage via group filters and locks. The disclosure level of the mini-homepage was classified as “open-to-all”,” open-to-buddy” according to the privilege of each “il-chon” group. The most important change has been made to the searching function – user can protect them from being searched by others, if they do not want this to be done. Also, users have been provided with an improved notice board service, which means, they are able to lock the message from being read by anyone but the intended reader. (The notice for the second service improvement, 6th April, 2005)

Interestingly, after these two attempts to protect the user’s privacy and address the privacy concern problems, the number of visiting users on this site remains almost the same, though their time spent on the site has declined slightly since 2005, the year of the second service improvement (Kim, 2007).

Analysis and Findings from the case study

Trust –Based Information Sharing and network

Amongst several social networking sites, Cyworld is one of the “trust network” based networking sites for information sharing.

A trust network is the network derived from an individual’s social network that represents the degree of trust the individual has in the members of his network for a particular situation (Goecks and Mynatt, 2002).

This approach provides a very useful method by which to analyse the underlying assumption of this type of social networking sites in that the goal of this approach is to empower users with the type of privacy as “control over information ourselves” (Goecks and Mynatt, 2002).

According to this privacy enhanced model, building a personal trust network requires two steps: first, users invite one another to put them on his/her trust list, and in the same way, the invited individuals invite the people on their trust lists. As a result, the trust network places the user at the centre and extends its relationship with others in two degrees: user-those he/she trust and those they trust. (Goecks and Mynatt, 2002)

Cyworld is also operated on the same conceptual algorithm: the algorithm to make intimate relationships between users (“il-chon” relationship).

The term “il-chon” is derived from the meaning of the closest relationship among family members and this “most intimate relationship” is formed when one member sends an invitation to another one. A member’s photo, profile and postings are only shown to the member in their personal network. This can be viewed as the first degree in the trust network model. Once there is a relationship between members, each obtains a less limited access to the information of each other’s “il-chon”. Again, a second degree trust network established.

Seemingly, trust network based social networking sites help users manage their personal information by this closely-connected intimate relationship. Concerns about privacy have surfaced as a serious issue when hundreds thousands of users are classified as friends of friends of an

individual, and all the friends are able to access his/her personal information as a result, leading to loss of control over information about themselves. In the case of Cyworld, the previously described function of “wave-surfing” is a powerful supporting tool to help this happening of “breached privacy” in over-stretched trust network.

When individuals exchange their personal or private information, each individual develops a trust relationship with the others. Through this communication, each individual determines what information to reveal, based on this trust relationship (Graham, 1999).

However, when this information flows from node to node in somebody’s social network (Gross and Acquisti, 2005). It tends to breach the trust relationship. After all, we cannot control who will get access to our information and the information recipient is not necessarily the person who is in a trust relationship with us. Trust is a complex issue, and when it comes to online interactions, it tends to be more complicated since it consists of a complex blend of human actors and technological system (Friedman et al., 2000).

Based on this discussion, we are to address our previous questions: why are people voluntarily giving up their privacy? What encourages them to do so and how does this affect our current appreciation of the issues surrounding privacy?

As participation in the social world requires the disclosure of personal information in some degrees (Palen and Dourish, 2003), the loss of privacy can be said to be an inevitable consequence. This voluntary giving up one’s personal information, however, does not seem to an invasion of privacy. It may be seen as the loss of privacy hence no one has violated it.

This is the starting point of an explanation as to why people reveal their private information to the public on online social networks. As argued above, there is no privacy invasion; however, voluntary privacy loss has occurred. Then, we should regard this as users giving up their right to privacy? The reasonable answer can be found in Fried (1968)’s clear argument about “privacy as a necessity to maintain intimate relationship”.

Love and friendship, as analysed here, involve the initial respect for the rights of others which morality requires of everyone. They further involve the voluntary and spontaneous relinquishment of something between friend and friend, lover and lover. The title to information about oneself