Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
To cite this article: Alyson Leigh Young & Anabel Quan-Haase (2013) PRIVACY PROTECTION
STRATEGIES ON FACEBOOK, Information, Communication & Society, 16:4, 479-500, DOI:
10.1080/1369118X.2013.777757
Information, Communication & Society Vol. 16, No. 4, May 2013, pp. 479 –500
# 2013 Taylor & Francis
http://dx.doi.org/10.1080/1369118X.2013.777757
480 INFORMATION, COMMUNICATION & SOCIETY
Introduction
The concept of Internet privacy has received considerable attention since the
increased collection of personal information online and the enhanced capabilities
for searching, tagging, and aggregating this information. One area of study that
has drawn particular attention is the provision of personal information on social
network sites (SNSs). There are two reasons for this increased interest. First,
SNSs represent a unique social sphere, where large amounts of personal infor-
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
mation are stored and aggregated (Govani & Pashley 2005). Second, data pro-
vided on these sites can easily be copied, forwarded, replicated, and taken out
of context (boyd 2006).
Internet users express significant concern about the release of personal infor-
mation in the online environment (Govani & Pashley 2005; Acquisti & Gross
2006). At the same time, and in apparent contradiction, users actively construct
their identity online through the disclosure of personal information (Sundén
2003; boyd 2008). Thus, there is a sharp disconnect between the concern
people express and their willingness to disclose personal information. This is
in line with what Barnes (2006) and Norberg et al. (2007) have identified as
the privacy paradox, a finding that has shown how despite expressing a
concern about Internet privacy, people often do very little to protect themselves.
The privacy paradox has been well-documented in the literature, with research-
ers consistently finding a contradiction between the privacy concerns that users
express and their disclosure of personal information on SNSs (Govani & Pashley
2005; Gross & Acquisti 2005; Tufecki 2008). Acquisti and Gross (2006), for
example, found that Facebook users reported higher levels of concern for
issues of privacy than for issues related to terrorism and the environment;
despite their concern, users continued to disclose personal information on Face-
book, including their birth dates, political views, and sexual orientation.
Users, however, are not necessarily naı̈ve in their disclosure practices. A
number of studies have emerged suggesting that users employ a wide range of
privacy protection strategies to address their concerns (Debatin et al. 2009;
Madden & Smith 2010; Stutzman et al. 2011; Dey et al. 2012). These strategies
range from simply untagging photos to more extensive deletion of content, to
blocking Friendship requests, and managing default privacy settings. This litera-
ture suggests that users are actively engaged in guarding their data and are not
passive users as originally suggested. There is, however, a gap in the literature
as to why SNS users choose specific privacy protection strategies over others,
and how these strategies address specific privacy needs.
To fill this gap, the present study employs Raynes-Goldie’s (2010) distinction
between social and institutional privacy to better describe the privacy protection
strategies that university students have developed to protect themselves from
potential privacy threats. We examine both the strategies made available
through the system, as well as those strategies that students have developed,
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 481
as they engage with their online community and become more avid users. Our
goal is to examine differences in social and institutional privacy in order to illus-
trate that a more nuanced understanding of privacy is necessary to help explain
why people disclose personal information despite their concerns.
Literature review
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
SNSs are traditionally defined as ‘spaces on the Internet where users can create a
profile and connect that profile to others to create a personal network’ (Lenhart
& Madden 2007, p. 1). While differences exist among the various contemporary
SNSs, a set of core features can be identified. First, users construct a profile
within the site, which provides personal information that can be used to help
the user find or be found by others to create a personal network. Second,
most sites allow anyone to join, while requiring user authorization before friend-
ship connections can be made. Finally, upon joining the service, new members
are usually asked to provide personal information, such as name, age, and
email address, as well as a picture of themselves and a self-description. Although
there are several different SNSs, some of the most popular include Facebook,
LinkedIn, and Google+ (Wasserman 2012).
The widespread adoption of SNSs has led many scholars and the media to
examine and raise pragmatic concerns about the disclosure of personal infor-
mation associated with participation in these sites (Gross & Acquisti 2005;
Barnes 2006; Govani & Pashley 2005; Klien 2006; Michaels 2006; Lenhart &
Madden 2007; Debatin et al. 2009; Young & Quan-Haase 2009; Madden &
Smith 2010). By their very nature and design, SNSs encourage users to disclose
substantial amounts of personal information, such as full name, birth date, and
sexual orientation. The popularity of these sites, according to boyd and Jenkins
(2006), lies in the users’ ability to converse with friends, develop a personal
image online, share digital cultural artifacts and ideas, and publicly articulate
their social networks. Despite the benefits accruing from the use of SNSs, the
disclosure of personal information on these sites has raised concerns about poten-
tial and real privacy risks.
Users actively construct their identity on SNSs through the disclosure of per-
sonal information (boyd 2008). Despite this apparent openness, research has
suggested that SNS users may not be completely naı̈ve in their disclosure prac-
tices; even though individuals disclose large quantities of personal information,
they take measures to protect themselves, and to address their privacy concerns.
For example, in 2008 danah boyd found that teenagers frequently used the
privacy settings to prevent parents from unwanted lurking. More recently,
research has shown increases in the use of protective measures among SNS
users, including greater use of privacy settings to restrict what information is
visible to others (Debatin et al. 2009; Madden & Smith 2010; Stutzman et al.
482 INFORMATION, COMMUNICATION & SOCIETY
2011; Dey et al. 2012), the deletion of content and friends from one’s profile
(Robards 2010; Madden 2012), the creation of sub-set friends lists to establish
varying levels of privacy (Robards 2010), and the use of private modes of com-
munication, such as text messaging and Facebook chat, to discuss confidential,
embarrassing, or self-exposing content (boyd & Marwick 2011). The falsification
of information on SNSs also has been identified in the literature as a frequently
used privacy protection strategy (Lenhart & Madden 2007; Lampe et al. 2008;
Grubbs Hoy & Milne 2010).
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Research has also shown that Facebook users manage their online personas
by removing information that might place them in a negative light (Lampe et al.
2008; Madden & Smith 2010). In a recent study for the PEW Internet and Amer-
ican Life Project, Madden and Smith (2010) revealed that users often manage
their reputation by untagging controversial or unflattering photos, or deleting
wall posts that depict them negatively. In particular, they found that nearly 50
percent of SNS users between the ages of 18 and 29 have deleted comments
friends have made on their profile wall, and approximately 40 percent have
untagged themselves (i.e. removed their names) from photos posted by
friends. Noting that users often perceive SNSs as public or semipublic spaces,
Brandtzæg et al. (2010) further suggest that SNS users manage their online per-
sonas through conformity – that is, sharing only a part of themselves in order to
maintain their social privacy as they interact with their different social ties within
the same confined space. This strategy enables users to engage with their entire
social network without being either too public or too private.
Research questions
Raynes-Goldie (2010) has suggested that the types of privacy concerns users
express likely influence their choice of privacy protection strategies. In particu-
lar, she contends that, while users care about protecting their personal infor-
mation, their concerns about privacy tend to reflect a desire to protect their
social privacy rather than their institutional privacy. In other words, SNS
users are more concerned about controlling who has access to their personal
information rather than how companies and third parties will use their infor-
mation. While a body of the literature has emerged examining the strategies
users have developed to address their privacy concerns on SNSs, it is unclear
whether these strategies are geared toward protecting their social or institutional
privacy. To fill this gap, the present study investigates the following two research
questions:
active Facebook users are more likely to have private profiles; third, female stu-
dents are more likely to have private profiles; and, fourth, students who prefer
popular music tend to be more likely to have private profiles. In line with
Lewis et al.’s (2008) finding that more active Facebook users tend to have
private profiles, boyd and Hargittai (2010) found that the level of Facebook engage-
ment has an impact on the use of privacy settings; Facebook users who are more
engaged are also more likely to modify their privacy settings on a frequent basis.
The expectation of a violation by weak ties has also been found to influence Face-
book users to enact a friends-only profile (Stutzman & Kramer-Duffield 2010).
Research has also found that individuals who have experienced a negative
social consequence as a result of their disclosure practices on Facebook are
more likely to alter their privacy settings. Strater and Lipford (2008), for
example, found that Facebook users who had experienced a privacy intrusion
from an unknown person had altered their profiles to ‘friends-only’ following,
and in response to, the violation. Debatin et al. (2009) also revealed that
people who use Facebook are significantly more likely to alter their privacy set-
tings following a negative personal experience than if they hear about a privacy
violation experienced by others. As a result, the motivation to alter or customize
privacy settings was found to be largely a direct result of an individual having
personally experienced a privacy invasion. This suggests that for some Facebook
users privacy is only a concern once they have experienced a negative conse-
quence as a result of their disclosures and lax privacy settings. Therefore,
their motivation to enact (stricter) privacy settings is to ensure that they do
not experience a similar violation in the future. Based on this prior research,
our third research question is:
Methods
Participants
Participants were students from a research-intensive university in English
Canada. University students were chosen for three reasons: first, university
484 INFORMATION, COMMUNICATION & SOCIETY
students are avid Internet users (Madden & Jones 2002; Zickuhr 2010) and
heavy users of SNSs (Lenhart et al. 2010; Zickuhr 2010). Second, university
students in North America are heavy users of social media (Quan-Haase &
Young 2010). Third, university students in general have free time and fairly
flexible schedules, allowing them to frequently log onto SNSs, update their
profile, and connect with peers and family. Not only do they engage in a
wider range of activities when conversing on SNSs, but they also perform
any one of these online activities more frequently than the general population
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Procedures
Eighty-five students completed a paper-and-pencil questionnaire. Nineteen
respondents participated in a face-to-face interview, and two respondents
opted for an email-based interview. All interviews conducted face-to-face
were recorded and transcribed with participants’ consent.
During the interviews, profile analyses were conducted, which consisted of
asking the respondents to log onto Facebook and discuss the information revealed
in their profiles, the privacy settings they had in place, and the protective strategies
they had employed (Young et al. 2011). This afforded the respondents the oppor-
tunity to expand and elaborate on the information already provided in the inter-
views. The profile analysis showed that students were often unaware, or had
forgotten, what information they had disclosed and what privacy settings they
had enacted. By discussing the profiles in the presence of students, rather than
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 485
Quantitative measures
Frequency of Facebook use. The questionnaire had five items measuring Facebook
usage. The first item was adopted from Lenhart and Madden (2007) and asked,
‘How often do you visit Facebook?’ The second item asked, ‘On average, how
much time did you spend every day on Facebook last week?’ The third item
asked participants to report on how long they have been using Facebook (they
reported months of usage). The fourth item, which consisted of five parts,
asked respondents to first report their total number of Facebook friends and
then indicate how many they considered close friends, acquaintances, distant
friends, and people only met on Facebook. The fifth item asked respondents
to indicate which of the four media they employed to communicate with
friends on Facebook: wall, group message, private message, and poke
(Lenhart & Madden 2007).
their data, for instance, ‘I have changed the default privacy settings activated by
Facebook.’ They were asked to rate the eight items on a 5-point Likert scale
ranging from 1 ¼ ‘strongly disagree’ to 5 ¼ ‘strongly agree’ (for item
wording see Table 2).
be their friend. They were asked to select from one of six options: (1) ‘just
ignored the request for authorization or deleted the request for authorization’,
(2) ‘accepted the request for authorization so I could find out more information
about the person’, (3) ‘accepted the request for authorization and told them to
leave me alone’, (4) ‘reported the person to Facebook staff’, (5) ‘blocked the
person from contacting me’, and (6) ‘other’.
Interview schedule
The interviews were semi-structured using an interview guide designed to
examine university students’ privacy protection on Facebook. A semi-structured
interview technique was chosen to allow for focused, conversational, two-way
communication between the researcher and the participant (Legard et al.
2003; Babbie & Benaquisto 2009). In the interviews, we asked respondents to
discuss their general concern for online privacy and privacy on Facebook, and
whether or not they had encountered any negative experiences. We then
probed for the various strategies they had developed to address their privacy con-
cerns and to protect against potential violations. We probed for use of an ident-
ifiable profile image, if respondents excluded any personal information and their
reasons for exclusion, and if they had falsified any profile data. We also asked
respondents to discuss who currently has access to their profile, and if they
had blocked anyone from access.
Data analysis
We conducted descriptive statistics to obtain an overview of the privacy protec-
tion strategies used by university students. The qualitative data were analyzed
using the framework-based approach proposed by Ritchie et al. (2003). This con-
sisted of classifying and organizing the data into a thematic framework based on
key themes, concepts, and categories. The main themes were then subdivided
into a succession of related subtopics, and the data from each respondent
were synthesized and placed under the appropriate subtopic of the thematic fra-
mework. The data were also analyzed with Raynes-Goldie’s (2010) privacy dis-
tinctions in mind.
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 487
Results
Facebook use
University students are heavy Facebook users: 82 percent reported logging onto
Facebook ‘several times a day’ and using the site on average for about 3 hours and
48 minutes per week. At the time of the survey, students had been using Face-
book for approximately 1.5 years, and had an average of 401.62 Facebook
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Privacy settings
Seventy-one percent of respondents altered the default privacy settings to either
‘friends-only’ or ‘some networks and all friends’. By contrast, 14 percent left the
default settings untouched, providing profile access to ‘all networks and all
friends’, while 8 percent chose to open their profiles to the entire Facebook
network (Figure 1).
Information visibility
Many respondents altered the visibility of their profile data: 79 percent regulated
access to tagged photos, 77 percent restricted access to their wall, and 71
percent limited access to their news feed.1 In some instances, students did not
know the visibility status of their information: for instance, 23 percent were
FIGURE 1 Profile visibility. This figure illustrates students’ use of profile visibility settings.
488 INFORMATION, COMMUNICATION & SOCIETY
Restricted Unknown
visibility Open visibility visibility
Tagged photos 61 79 12 16 4 5
Tagged videos 46 60 13 17 18 23
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Status update 52 67 18 23 7 9
Friends 49 64 12 16 10 13
Wall 59 77 15 20 3 4
Courses 48 62 13 17 16 21
News feed 55 71 12 16 10 13
unsure if they had restricted access to their tagged photos (also see Young &
Quan-Haase 2009) (Table 1).
To further understand participants’ motivations for altering the visibility of
their profile and of their information, we conducted four correlations, which
examined the relationships between general concern for Internet privacy,
unwanted audiences, profile visibility, and information visibility. These analyses
revealed that concern about unwanted audiences was negatively associated with
information visibility; the greater the participants’ concern about unwanted
TABLE 2 Means and standard deviations for privacy protection strategy items.
Individual items M SD
1. I have sent private email messages within Facebook instead of posting 4.72 0.68
messages to a friend’s wall to restrict others from reading the message
2. I have changed the default privacy settings activated by Facebook 4.33 1.25
3. I have excluded personal information on Facebook to restrict people I don’t 4.08 1.17
know from gaining information about myself
4. I have untagged myself from images and/or videos posted by my contacts 3.85 1.55
5. I have deleted messages posted to my Facebook wall to restrict others from 3.64 1.55
viewing/reading the message
6. Certain contacts on my Facebook site only have access to my limited profile 3.47 1.70
7. I have blocked former contacts from contacting me and accessing my 2.91 1.71
Facebook profile
8. I have provided fake or inaccurate information on Facebook to restrict people I 1.66 1.03
don’t know from gaining information about me
Note: 5-point Likert scale ranging from 1 ¼ ‘strongly disagree’ to 5 ¼ ‘strongly agree’.
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 489
audiences, the less visible they made their profile information, r(48) ¼ 20.307,
p , 0.05. By contrast, the analyses showed no effect of concern for Internet
privacy on profile visibility, r(70) ¼ 20.146, p ¼ n.s., or information visibility,
r(69) ¼ 20.0.74, p ¼ n.s. Moreover, there was no association between concern
for unwanted audiences and profile visibility, r(48) ¼ 20.235, p ¼ n.s.
Friending practices
Participants reported on how they dealt with friendship requests from strangers:
62 percent of participants ‘ignored’ the request, 20 percent ‘accepted the request
to find out more information about the person’, 7 percent ‘blocked the person’,
8 percent indicated engaging in ‘other’ activities, 1 percent ‘reported person to
Facebook staff’, and 1 percent ‘accepted the request and asked person to leave
me alone’.
enabling users to limit the access of friends placed on this list only to information
that the user has made public to the general Facebook community. Justine, a
third year science major, reported placing her sister and their mutual friends
on a limited profile to restrict the amount of information her mother was
able to view. In this example, the limited profile enabled the user to both
control who had access to her profile information, as well as to maintain a
degree of separation between her different audiences.
Perhaps the most pervasive and relevant strategy was to delete photo tags.
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Photo tags are hyperlinks that when applied to a photo, post a tagged version of
the photo to a user’s wall (or more recently their Timeline). Deleting photo tags,
therefore, removes the photo from the user’s profile; however, it does not
remove the original photo from the poster’s wall. Christine, a first year business
student, reported not only deleting photo tags to ensure that the photo was
removed from her own profile, but reported asking the poster to remove the
photo altogether. She explained:
I’d rather censor photos that people see of me. I mean if there is one of me
doing something bad like drinking underage, I’d like to be able to make sure
that I don’t have that on in case people can see my profile. I know that people
say that employers can see it and stuff, so just in case. Even though [my
profile is] private, I’d rather be safe than sorry.
From this comment, we begin to see that some students fear that despite
restricting their profile visibility to ‘only friends’, they believe that it may be
possible for unwanted audiences to still access their information from within
the site. In order to combat this possibility, Cheryl reported restricting others
from seeing her uploaded or tagged photos.
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 491
Other methods used to enhance social privacy were: the exclusion of contact
information (i.e. address and phone number); the use of a semi-concealed profile
image, which did not clearly disclose the identity of the participant, but that
would be recognizable by the participant’s friends if they were to search for
them on the site; and, altering the participant’s profile visibility, namely to
‘only friends’. In contrast to the other methods discussed above, these particular
methods were used predominantly to protect against violations from unknown
others.
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
the possibility of legal action. While the school ultimately settled with the
teacher and no charges were laid, the participant noted that it was a frightening
experience that changed the way he interacted on Facebook, stating: ‘You second
guess everything you do now’. In response to the negative event, he reported
enacting stricter privacy settings, untagging, and removing inappropriate
photos, being more cautious about what he posted to friends’ walls, and being
more selective of which groups he joined and what invitations to social events
he accepted.
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Only one participant in our interview sample expressed concern about insti-
tutional privacy, specifically with how her information might be used (or
misused) without her consent. She notes:
I am concerned with the fact that they own everything you put on there. I
would say that is my biggest concern. I think it’s highly unethical personally,
and I find when my friends post their writing or whatever the only thing I
comment is: “Facebook owns this, just so you know.”
Discussion
There has been much debate about how the use of SNSs has changed individuals’
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
perceptions of privacy (Gross & Acquisti 2005; Lampe et al. 2008; boyd & Har-
gittai 2010). In this study, we employed the privacy paradox framework to
examine what motivates university students to disclose information on Facebook
despite their expressed privacy concerns. Our results suggest that SNS users
employ a number of privacy protection strategies in order to mitigate privacy
threats, while still allowing them to disclose enough information to connect
with peers and friends on Facebook. Thus, SNS users disclose information
despite their privacy concerns, because they have made a conscious effort to
protect themselves against potential violations by establishing who is a part of
their Facebook network and who has access to their data.
Our main concern was to compare strategies associated with social and insti-
tutional privacy to better understand why SNS users choose specific privacy pro-
tection strategies over others, and how these strategies address their specific
privacy needs. The findings show a clear bias toward strategies that mitigate
social privacy threats. In accord with Raynes-Goldie (2010), for instance, partici-
pants reported deleting wall posts and photo tags to control who could see this
information in their Facebook network. Users also employed private messaging
as a means to communicate with Facebook friends, without this information
being broadcast to their entire network. We found that the greater the student’s
concern about unwanted audiences, the less visible they made their profile infor-
mation. Participants felt strongly about what information was included on their
personal profile, and they carefully and actively managed this part of their online
identity. By contrast, students were less concerned about undesired photos on
Facebook if they were not tagged in them, because these photos would not be
visible on their news feed. It would also prevent others from easily finding the
photos in a search, and hence, represented little to no risk to their privacy.
This suggests that the vast amount of information posted daily on Facebook
and other SNSs is perceived as a protection to personal privacy, because infor-
mation cannot be easily located.
Participants in the study showed much greater concern about controlling
access to their data than about how institutions may use or misuse their personal
information. This finding suggests that users have a better understanding of how
friends, family, and other individuals who are a part of their Facebook network
may threaten their privacy than of potential threats coming from institutions and
other third parties. Moreover, our participants showed little to no concern about
494 INFORMATION, COMMUNICATION & SOCIETY
threats coming from Facebook and from companies that collect, record, and
aggregate data on the system. For policy makers, it suggests that more work
needs to be done to increase the transparency of what kinds of data are being
collected, how these are being aggregated, and how they are utilized to target
such features as ads, customized information, friendship recommendations,
and posts. Elli Pariser (2011) describes the application of profile data and user
behavior to customize user experience in SNS profiles, potentially creating a
filter bubble. For these users, data aggregation and targeted advertisement is a
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
normalized part of our society and the price we pay for accessing free services,
such as Facebook. This tilt toward social privacy concerns is relevant when it
comes to policy because it suggests that the collection and use of personal
data for targeted advertisement has become a part of our society’s social
norms. Social norms around privacy and data mining are evolving as people con-
tinue to engage in networked digital spaces, such as Facebook.
The results suggest that privacy protection must be studied with a more
nuanced understanding of privacy. Symbolic interactionism (Blumer 1986)
offers one way to further examine the activities of SNS users by defining an indi-
vidual’s actions in terms of action and reaction. This concept may help explain
why participants show higher concern for social privacy than institutional
privacy. Privacy is maintained within a constant social exchange, where the
self is presented and put on display, and where reactions from Facebook
friends toward that display are assessed. As individuals continue to present infor-
mation about the self on these sites, they carefully examine the reactions from
others in their network. This monitoring helps explain why SNS users are
aware of the consequences of sharing information on these sites and need to
deal with and confront reactions to their postings from other network
members. By contrast, there is little interaction with institutions or companies
that manage this information. Perhaps this lack of direct interaction, paired
with little transparency, prevents users from understanding the implications of
institutional privacy for the information they share.
The results of our study illustrate that university students have developed a
variety of protective measures to mitigate their privacy concerns and to guard
against potential social privacy invasions. The quantitative results show that the
strategies used most often are the exclusion of personal information from profiles,
the use of private email messaging, and the alteration of default privacy settings.
Participants were also likely to alter their information visibility in order to
protect against intrusions from unwanted audiences. In the interviews, we
found the strategies employed were linked to specific privacy concerns and were
influenced mainly by a desire to mitigate threats to social privacy (Raynes-
Goldie 2010). In particular, those students who were concerned about protecting
their social privacy mentioned: untagging or removing photographs, making use of
the limited profile, altering the default privacy settings, using a semi-concealed
photo, excluding contact information, friending only individuals they could
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 495
place in an offline setting, and sending private messages when sharing confidential
information via Facebook. Hence, university students are not naı̈ve in their disclos-
ure practices, because they have developed a number of strategies to protect
against social privacy threats, which allow them to negotiate the desire for
privacy, on the one hand, with the need for socialization and information disclosure
on the other hand. Furthermore, these findings point to the inadequacy of the
system-provided privacy settings in addressing all user privacy needs because
users have developed additional strategies to address their concerns.
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
can help inform the development of privacy controls that more closely mirror
the actual privacy strategies employed by users. Some of these strategies have
recently been integrated into Facebook. For example, unless otherwise specified,
users now have to accept tagged photos and comments before they are posted to
their wall (also known as the Facebook Timeline). This helps ensure that photos
and comments are not viewable by others until the user has approved the content
as acceptable.
The use of profile analyses – having students go through their Facebook
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
profile with the researcher and discuss the decisions made about their privacy set-
tings – was advantageous because we were able to avoid two issues associated with
reliance on solely self-report data (Young et al. 2011). First, this method serves as a
data verification tool. Participants may have forgotten their current settings, or
may have difficulty accurately recalling the settings they implemented last, particu-
larly given that Facebook changes its settings so frequently. It is also possible that
participants may have forgotten what personal information they have disclosed on
their profile. Second, profile analysis avoids problems associated with social desir-
ability, whereby participants tell what they think, the researcher wants to hear.
Profile analyses have implications for the design of future research studies, as
this method can be used to verify the accuracy of users’ online behavior and
also to elicit further explanations and conversations.
The present study has some limitations. First, the findings are based on a small
and non-representative sample. We recruited participants for the survey primar-
ily from media and communications majors, which is a group that could poten-
tially be biased in their use of social media. Second, the results of the study can
only be generalized to university students. Future research could seek to expand
the research by examining other user groups, such as high school or elementary
school students, to see if their privacy protection strategies differ from those of
university students. Third, Facebook privacy settings have changed since the data
were collected. Future research could re-examine the strategies university stu-
dents use in light of these changes, particularly with regards to the implemen-
tation of the Facebook Timeline and Facebook’s integration with sites external
to the Facebook platform.
Note
1 The news feed is a tool that reports all activities undertaken by a user,
such as adding or deleting applications or features, status updates,
changes in relationship status, etc.
PRIVACY PROTECTION STRATEGIES ON FACEBOOK 497
References
Acquisti, A. & Gross, R. (2006) ‘Imagined communities: awareness, information
sharing, and privacy on the Facebook’, in Privacy Enhancing Technologies: 6th
International Workshop, PET 2006, Cambridge, UK, June 28 – 30,
eds. G. Danezis & P. Golle, Springer, Berlin, pp. 36 –58.
Babbie, E. R. & Benaquisto, L. (2009) Fundamentals of Social Research, Cengage
Learning, Boston, MA.
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017
Barnes, S. B. (2006) ‘A privacy paradox: social networking in the United States’, First
Monday, vol. 11, no. 9, [Online] Available at: http://firstmonday.org/htbin/
cgiwrap/bin/ojs/index.php/fm/article/view/1394/1312 (22 October 2007).
Blumer, H. (1986) Symbolic Interactionism: Perspectives and Method, University of Cali-
fornia Press, Berkeley.
boyd, D. (2006) ‘Friends, friendsters, and myspace top 8: writing community into
being on social network sites’, First Monday, vol. 11, no. 12, [Online] Available
at: http://www.danah.org/papers/FriendsFriendsterTop8.pdf (22 October
2007).
boyd, D. (2008) ‘Why youth (heart) social network sites: the role of networked
publics in teenage social life’, in Youth, Identity, and Digital Medias, ed. D. Buck-
ingham, MIT Press, Cambridge, MA, pp. 119–142.
boyd, D. & Jenkins, H. (2006) ‘MySpace and Deleting Online Predators Act
(DOPA)’, MIT Tech Talks, [Online] Available at: http://www.danah.org/
papers/MySpaceDOPA.html (26 May 2006).
boyd, D. & Hargittai, E. (2010) ‘Facebook privacy settings: who cares?’ First Monday,
vol. 15, no. 8, [Online] Available at: http://firstmonday.org/htbin/cgiwrap/
bin/ojs/index.php/fm/article/view/3086/2589 (15 March 2011).
boyd, D. & Marwick, A. E. (2011), ‘Social privacy in networked publics: teens’ atti-
tudes, practices, and strategies’, A Decade in Internet Time: Symposium on the
Dynamics of the Internet and Society, University of Oxford, [Online] Available
at: http://papers.ssrn.com/abstract=1925128 (27 November 2012).
Brandtzæg, P. B., Lüders, M. & Skjetne, J. H. (2010) ‘Too many Facebook
“Friends”? Content sharing and sociability versus the need for privacy in
social network sites’, International Journal of Human –Computer Interaction,
vol. 26, nos 11 – 12, pp. 1006–1030.
Debatin, B., Lovejoy, J. P., Horn, A. K. & Hughes, B. N. (2009) ‘Facebook and
online privacy: attitudes, behaviors, and unintended consequences’, Journal
of Computer-Mediated Communication, vol. 19, no. 2, pp. 83–108.
Dey, R., Jelveh, Z. & Ross, K. (2012) ‘Facebook users have become much more
private: a large-scale study’, 2012 IEEE International Conference on Pervasive Com-
puting and Communications Workshops, Lugano, Switzerland, pp. 346 –352.
Available at: IEEE (27 November 2012).
Donath, J. (2007) ‘Signals in social supernets’, Journal of Computer-Mediated Com-
munication, vol. 12, no. 1, article 12, [Online] Available at: http://jcmc.
indiana.edu/vol13/issue1/donath.html (11 December 2009).
498 INFORMATION, COMMUNICATION & SOCIETY
Madden, M. & Jones, S. (2002) ‘The Internet goes to college’, Pew Internet & American
Life Project, Washington, DC, [Online] Available at: http://www.pewinternet.
org/Reports/2002/The-Internet-Goes-to-College.aspx (9 April 2011).
Madden, M. & Smith, A. (2010) ‘Reputation management and social media’, Pew Internet
& American Life Project, Washington, DC, [Online] Available at: http://pewinternet.
org/Reports/2010/Reputation-Management.aspx (14 March 2011).
Michaels, T. (2006) ‘Future employers may consider Facebook profiles’, Chicago
Maroon, 18 April, [Online] Available at: http://maroon.uchicago.edu/
Downloaded by [UNIVERSITY OF KWAZULU-NATAL] at 22:31 16 November 2017