Privacy concerns with social networking services

Since the arrival of early social networking sites in the early 2000s, online social networking platforms have expanded exponentially, with the biggest names in social media in the mid-2010s being Facebook, Instagram, Twitter and Snapchat. The massive influx of personal information that has become available online and stored in the cloud has put user privacy at the forefront of discussion regarding the database's ability to safely store such personal information. The extent to which users and social media platform administrators can access user profiles has become a new topic of ethical consideration, and the legality, awareness, and boundaries of subsequent privacy violations are critical concerns in advance of the technological age.

A social network is a social structure made up of a set of social actors (such as individuals or organizations), sets of dyadic ties, and other social interactions between actors. Privacy concerns with social networking services is a subset of data privacy, involving the right of mandating personal privacy concerning storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Social network security and privacy issues result from the large amounts of information these sites process each day. Features that invite users to participate in—messages, invitations, photos, open platform applications and other applications are often the venues for others to gain access to a user's private information. In addition, the technologies needed to deal with user's information may intrude their privacy.

The advent of the Web 2.0 has caused social profiling and is a growing concern for internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in social networking media websites like Facebook and MySpace. These social networking sites have seen a boom in their popularity beginning in the late 2000s. Through these websites many people are giving their personal information out on the internet. These social networks keep track of all interactions used on their sites and save them for later use. Issues include cyberstalking, location disclosure, social profiling, third party personal information disclosure, and government use of social network websites in investigations without the safeguard of a search warrant.

History
Before social networking sites exploded over the past decade, there were earlier forms of social networking that dated back to 1997 such as Six Degrees and Friendster. While these two social media platforms were introduced, additional forms of social networking included: online multiplayer games, blog and forum sites, newsgroups, mailings lists and dating services. They created a backbone for the new modern sites. Since the start of these sites, privacy has become a concern for the public. In 1996, a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment after her date tried to play out some of the sexual fantasies they had discussed while online. This is just an early example of many more issues to come regarding internet privacy.

In the past, social networking sites primarily consisted of the capability to chat with others in a chat room, which was far less popular than social networks today. People using these sites were seen as "techies" unlike users in the current era. One of the early privacy cases was in regards to MySpace, due to "stalking of minors, bullying, and privacy issues", which inevitably led to the adoption of "age requirements and other safety measures". It is very common in society now for events such as stalking and "catfishing" to occur.

According to Kelly Quinn, “the use of social media has become ubiquitous, with 73% of all U.S. adults using social network sites today and significantly higher levels of use among young adults and females." Social media sites have grown in popularity over the past decade, and they only continue to grow. A majority of the United States population uses some sort of social media site.

Causes
There are several causes that contribute to the invasion of privacy throughout social networking platforms. It has been recognized that “by design, social media technologies contest mechanisms for control and access to personal information, as the sharing of user-generated content is central to their function." This proves that social networking companies need private information to become public so their sites can operate. They require people to share and connect with each other. This may not necessarily be a bad thing; however, one must be aware of the privacy concerns. Even with privacy settings, posts on the internet can still be shared with people beyond a user's followers or friends. One reason for this is that “English law is currently incapable of protecting those who share on social media from having their information disseminated further than they intend." Information always has the chance to be unintentionally spread online. Once something is posted on the internet, it becomes public and is no longer private. Users can turn privacy settings on for their accounts; however, that does not guarantee that information will not go beyond their intended audience. Pictures and posts can be saved and posts may never really get deleted. In 2013, the Pew Research Center found that "60% of teenage Facebook users have private profiles.” This proves that privacy is definitely something that people still wish to obtain.

A person's life becomes much more public because of social networking. Social media sites have allowed people to connect with many more people than with just in person interactions. People can connect with users from all across the world that they may never have the chance to meet in person. This can have positive effects; however, this also raises many concerns about privacy. Information can be posted about a person that they do not want getting out. In the book It's Complicated, the author, Danah Boyd, explains that some people “believe that a willingness to share in public spaces—and, most certainly, any act of exhibitionism and publicity—is incompatible with a desire for personal privacy." Once something is posted on the internet, it becomes accessible to multiple people and can even be shared beyond just assumed friends or followers. Many employers now look at a person's social media before hiring them for a job or position. Social media has become a tool that people use to find out information about a person's life. Someone can learn a lot about a person based on what they post before they even meet them once in person. The ability to achieve privacy is a never ending process. Boyd describes that “achieving privacy requires the ability to control the social situation by navigating complex contextual cues, technical affordances, and social dynamics." Society is constantly changing; therefore, the ability to understand social situations to obtain privacy regularly has to be changed.

Various levels of privacy offered
Social networking sites vary in the levels of privacy offered. For some social networking sites like Facebook, providing real names and other personal information is encouraged by the site (onto a page known as a 'Profile'). This information usually consists of the birth date, current address, and telephone number(s). Some sites also allow users to provide more information about themselves such as interests, hobbies, favorite books or films, and even relationship status. However, there are other social network sites, such as Match.com, where most people prefer to be anonymous. Thus, linking users to their real identity can sometimes be rather difficult. Nevertheless, individuals can sometimes be identified with face re-identification. Studies have been done on two major social networking sites, and it is found that by overlapping 15% of the similar photographs, profile pictures with similar pictures over multiple sites can be matched to identify the users.

People concern
“According to research conducted by the Boston Consulting Group, privacy of personal data is a top issue for 76 percent of global consumers and 83 percent of U.S. consumers.” Six-in-ten Americans (61%) have said they would like to do more to protect their privacy.

For sites that do encourage information disclosure, it has been noted that a majority of the users have no trouble disclosing their personal information to a large group of people. In 2005, a study was performed to analyze data of 540 Facebook profiles of students enrolled at Carnegie Mellon University. It was revealed that 89% of the users gave genuine names, and 61% gave a photograph of themselves for easier identification. Majority of users also had not altered their privacy setting, allowing a large number of unknown users to have access to their personal information (the default setting originally allowed friends, friends of friends, and non-friends of the same network to have the full view of a user's profile). It is possible for users to block other users from locating them on Facebook, but this must be done by individual basis, and would, therefore, appear not to be commonly used for a wide number of people. Most users do not realize that while they may make use of the security features on Facebook the default setting is restored after each update. All of this has led to many concerns that users are displaying far too much information on social networking sites which may have serious implications on their privacy. Facebook was criticized due to the perceived laxity regarding privacy in the default setting for users.

The “Privacy Paradox” is a phenomenon that occurs when individuals, who state that they have concerns about their privacy online, take no action to secure their accounts. Furthermore, while individuals may take extra security steps for other online accounts, such as those related to banking or finance, this does not extend to social media accounts. Some of these basic or simple security steps would include deleting cookies, browser history, or checking one's computer for spyware. Some may attribute this lack of action to “third-person bias”. This occurs when people are aware of risks, but then do not believe that these risks apply or relate to them as individuals. Another explanation is a simple risk reward analysis. Individuals may be willing to risk their privacy to reap the rewards of being active on social media. Oftentimes, the risk of being exploited for the private information shared on the internet is overshadowed by the rewards of exclusively sharing personal information that bolsters the appeal of the social media user.

In the study by Van der Velden and El Emam, teenagers are described as “active users of social media, who seem to care about privacy, but who also reveal a considerable amount of personal information.” This brings up the issue of what should be managed privately on social media, and is an example of the Privacy Paradox. This study in particular looked at teenagers with mental illness and how they interact on social media. Researchers found that “it is a place where teenage patients stay up-to-date about their social life—it is not seen as a place to discuss their diagnosis and treatment.” Therefore, social media is a forum that needs self-protection and privacy. Privacy should be a main concern, especially for teens who may not be entirely informed about the importance and consequences of public versus private use. For example, the “discrepancy between stated privacy concerns and the disclosure of private information.”

User awareness in social networking sites
Users are often the targets as well as the source of information in social networking. Users leave digital imprints during browsing of social networking sites or services. It has been identified from few of the online studies, that users trust websites and social networking sites. As per trust referred, "trust is defined in (Mayer, Davis, and Schoorman, 1995) as "the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party" (p. 712)". A survey was conducted by Carnegie Mellon University, a majority of users provided their living city, phone numbers among other personal information, while user is clearly unaware of consequences of sharing certain information. Adding to this insight, is the social networking users are from various cities, remote villages, towns, cultures, traditions, religions, background, economic classes, education background, time zones and so on that highlight the significant gap in awareness.

The survey results of the paper suggest, "These results show that the interaction of trust and privacy concern in social networking sites is not yet understood to a sufficient degree to allow accurate modeling of behavior and activity. The results of the study encourage further research in the effort to understand the development of relationships in the online social environment and the reasons for differences in behavior on different sites."

As per reference, a survey conducted among social networking users at Carnegie Mellon University was indicative of following as reasons for lack of user awareness: 1) People's disregard of privacy risks due to trust in privacy and protection offered on social networking sites. 2) Availability of user's personal details to third-party tools/applications. 3) APIs and Frameworks also enable any user, who has the fair amount of knowledge to extract the user's data. 4) Cross-site forgery and other possible website threats.

There is hence a dire need for improving User's awareness swiftly, in order to address growing security and privacy concerns caused due to merely user's unawareness. Social networking sites themselves can take a responsibility and make such awareness possible by means of participatory methods by virtual online means.

To improve user's awareness, a possible method is to have privacy-related trainings for people to understand privacy concerns with the use of social media websites or apps. The trainings can include information of how certain companies or apps help secure user's privacy, and skills to protect user's privacy.

Studies have also shown that privacy literacy plays a role in enhancing use of privacy protective measures and people that are concerned about privacy were less likely to online services and share personal information.

Data access methods
There are several ways for third parties to access user information. Flickr is an example of a social media website that provides geotagged photos that allows users to view the exact location of where a person is visiting or staying. Geotagged photos make it easy for third party users to see where an individual is located or traveling to. There is also growing use of phishing, which reveals sensitive information through secretive links and downloads through email, messages, and other communications. Social media has opened up an entirely new realm for hackers to get information from normal posts and messages.

Share it with third parties
Nearly all of the most popular applications on Facebook—including Farmville, Causes, and Quiz Planet—have been sharing users' information with advertising and tracking companies. Even though Facebook's privacy policy says they can provide "any of the non-personally identifiable attributes we have collected" to advertisers, they violate this policy. If a user clicked a specific ad in a page, Facebook will send the user address of this page to advertisers, which will directly lead to a profile page. In this case, it is easy to identify users' names. For example, Take With Me Learning is an app that allows teachers and students to keep track of their academic process. The app requires personal information that includes, school name, user's name, email, and age. But Take With Me Learning was created by a company that was known for illegally gathering student's personal information without their knowledge and selling it to advertisement companies. This company had violated the Children's Online Privacy Protection Act (COPPA), used to keep children safe from identity theft while using the internet. Most recently, Facebook has been scrutinized for the collection of users' data by Cambridge Analytica. Cambridge Analytica was collecting data from Facebook users after they agreed to take a psychology questionnaire. Not only could Cambridge Analytica access the data of the person who took the survey, they could also access all of the data of that person's Facebook friends. This data was then used to hopefully sway people's’ beliefs in hopes that they would vote for a certain politician. While what Cambridge Analytica did by collecting the data may or may not be illegal, they then transferred the data they acquired to third parties so that it could be used to sway voters. Facebook was fined £500,000 in the UK, $5bn (£4bn) in the US, and in 2020, the company was taken to court by Australia's privacy regulator with the perspective of imposing a fine of A$1.7m (£860,000).

API
Application programming interface (API) is a set of routines, protocols, and tools for building software applications. By using query language, sharing content and data between communities and applications became much easier. APIs simplify all that by limiting outside program access to a specific set of features—often enough, requests for data of one sort or another. APIs clearly define exactly how a program will interact with the rest of the software world—saving time.

An API allows software to “speak with other software.” Furthermore, an API can collect and provide information that is not publicly accessible. This is extremely enticing for researchers due to the greater number of possible avenues of research. The use of an API for data collection can be a focal point of the privacy conversation, because while the data can be anonymous, the difficulty is understanding when it becomes an invasion of privacy. Personal information can be collected in mass, but the debate over whether it breaches personal privacy is due to the inability to match this information with specific people.

There have however been some concerns with API because of the recent scandal between Facebook and the political consulting firm, Cambridge Analytica. What happened was “Facebook allowed a third-party developer to engineer an application for the sole purpose of gathering data. And the developer was able to exploit a loophole to gather information on not only people who used the app but all their friends — without them knowing.”

In 2020, critics praised Apple and Google for their contact tracing API that had technical specifications that were conscious of privacy concerns.

Search engines
Search engines are an easy way to find information without scanning every site yourself. Keywords that are typed into a search box will lead to the results. So it is necessary to make sure that the keywords typed are precise and correct. There are many such search engines, some of which may lead the user to fake sites which may obtain personal information or are laden with viruses. Furthermore, some search engines, like DuckDuckGo, will not violate the user's privacy.

Location data
On most social media websites, user's geographical location can be gathered either by users (through voluntary check-in applications like Foursquare and Facebook Places) or by applications (through technologies like IP address geolocation, cellphone network triangulation, RFID and GPS). The approach used matters less than the result which holds that the content produced is coupled with the geographical location where the user produced it. Additionally, many applications attach the contents of other forms of information like OS language, device type and capture time. The result is that by posting, tweeting or taking pictures, users produce and share an enormous amount of personal information.

Email and phone number leaks
Many large platforms reveal a part of a user's email address or phone number when using the 'forgotten password' function. Often the whole email address can be derived from this hint and phone digits can be compared with known numbers.

Benefit from data
By using this accessible data along with data mining technology, users' information can be used in different ways to improve customer service.

According your retweets, likes, and hashtags, Twitter can recommend some topics and advertisements. Twitter's suggestions for whom to follow are done by this recommendation system. Commerce, such as Amazon, make use of users' information to recommend items for users. Recommendations are based on at least prior purchases, shopping cart, and wishlist. Affinity analysis is a data mining technique that used to understand the purchase behavior of customers.

By using machine learning method, whether a user is a potential follower of Starbucks can be predicted. In that case, it is possible to improve the quality and coverage of applications. In addition, user profiles can be used to identify similar users.

According to Gary Kovacs's speech about Tracking our online trackers, when he used the internet to find an answer to a question, "We are not even 2 bites into breakfast and there are already nearly 25 sites that are tracking me", and he was navigated by 4 of them.

Privacy concerns
Studies have shown that people's belief in the right to privacy is the most pivotal predictor in their attitudes concerning online privacy.

Social profiling and third party disclosure
The Privacy Act of 1974 (a United States federal law) states:
 * "No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains [subject to 12 exceptions]." 5 U.S.C. § 552a(b).

Disclosure in this context refers to any means of communication, be it written, oral, electronic or mechanical. This states that agencies are forbidden to give out, or disclose, the information of an individual without being given consent by the individual to release that information. However, it falls on the individual to prove that a wrongful disclosure, or disclosure in general, has occurred. Because of this social networking sites such as Facebook ask for permission when a third-party application is requesting the user's information.

Although The Privacy Act of 1974 does a lot to limit privacy invasion through third party disclosure, it does list a series of twelve exceptions that deem disclosure permissible:


 * 1. For members of an agency who need such information "in the performance of their duties".
 * 2. If the Freedom of Information Act requires such information
 * 3. If the information that is disclosed "is compatible with the purpose for which it was collected".
 * 4. If the Bureau of Census needs such information to complete a particular census.
 * 5. If the third party explicitly informs the individual that the information collected will serve only as a form of "statistical research" and is not "individually identifiable".
 * 6. If it is historically relevant to be added to the National Archives and Records Administration.
 * 7. If such information was requested by a law enforcement agency.
 * 8. If such information is deemed beneficial to the "health or safety of an individual".
 * 9. If such information is requested by the House of Congress or by one of its subcommittees.
 * 10. If such information is requested by the head of the Government Accountability Office or by one "of his authorized representatives".
 * 11. If such information is requested through a court order.
 * 12. If such information is requested through the Debt Collection Act.

Social profiling allows for Facebook and other social networking media websites of filtering through the advertisements, assigning specific ones to specific age groups, gender groups, and even ethnicities.

Data aggregation sites like Spokeo have highlighted the feasibility of aggregating social data across social sites as well as integrating it with public records. A 2011 study highlighted these issues by measuring the amount of unintended information leakage over a large number of users with the varying number of social networks. It identified and measured information that could be used in attacks against what-you-know security.

Studies have also pointed to most social networks unintentionally providing third party advertising and tracking sites with personal information. It raises the issue of private information inadvertently being sent to third party advertising sites via Referrer strings or cookies.

Civil libertarians worry that social networking sites, particularly Facebook, have greatly diminished user confidentiality in numerous ways. For one thing, when social media platforms store private data, they also have complete access to that material as well. To sustain their profitability, applications like Facebook examine and market personal information by logging data through cookies, small files that stockpile the data on someone's device. Companies, such as Facebook, carry extensive amounts of private user information on file, regarding individuals’, “likes, dislikes, and preferences”, which are of high value to marketers. As Facebook reveals user information to advertising and marketing organizations, personalized endorsements will appear on news feeds based on “surfing behavior, hobbies, or pop culture preferences”. For those reasons, Facebook's critics fear that social networking companies may seek business ventures with stockholders by sharing user information in the exchange of profits. Additionally, they argue that since Facebook demonstrates an illusion of privacy presented by a “for-friends-only” type of platform, individuals find themselves more inclined to showcase more personal information online. According to the critics, users might notice that the sponsorships and commercials are tailored to their disclosed private data, which could result in a sense of betrayal.

Institutional
A number of institutions have expressed concern over the lack of privacy granted to users on social networking sites. These include schools, libraries, and Government agencies.

Libraries
Libraries in the particular, being concerned with the privacy of individuals, have debated on allowing library patrons to access social networking sites on public library computers. While only 19% of librarians reportedly express real concern over social networking privacy, they have been particularly vocal in voicing their concerns. Some have argued that the lack of privacy found on social networking sites is contrary to the ethics supported by Library organizations, and the latter should thus be extremely apprehensive about dealing with the former. Supporters of this view present their argument from the code of ethics held by both the American Library Association and the UK based Chartered Institute of Library and Information Professionals, which affirms a commitment to upholding privacy as a fundamental right. In 2008, a study was performed in fourteen public libraries in the UK which found that 50% blocked access to social networking sites. Many school libraries have also blocked Facebook out of fear that children may be disclosing too much information on Facebook. However, as of 2011, Facebook has taken efforts to combat this concern by deleting profiles of users under the age of thirteen.

Identity theft
As there is so much information provided other things can be deduced, such as the person's social security number, which can then be used as part of identity theft. In 2009, researchers at Carnegie Mellon University published a study showing that it is possible to predict most and sometimes all of an individual's 9-digit Social Security number using information gleaned from social networks and online databases. (See Predicting Social Security Numbers from Public Data by Acquisti and Gross). In response, various groups have advised that users either do not display their number, or hide it from Facebook 'friends' they do not personally know. Cases have also appeared of users having photographs stolen from social networking sites in order to assist in identity theft. According to the Huffington Post, Bulgarian IT consultant Bogomil Shopov claimed in a recent blog to have purchased personal information on more than 1 million Facebook users, for the shockingly low price of US$5.00. The data reportedly included users' full names, email addresses, and links to their Facebook pages. The following information could be used to steal the users' identities : Full names including middle name, date of birth, hometown, relationship status, residential information, other hobbies and interest.

Preteens and early teenagers
Among all other age groups, in general, the most vulnerable victims of private-information-sharing behavior are preteens and early teenagers. According to research, many teens report that social media and social networking services are important to building relationships and friendships. With this fact comes privacy concerns such as identity theft, stealing of personal information, and data usage by advertising companies. Besides from using social media to connect, teenagers use social networking services for political purposes and obtaining information. However, sometimes social media can become the place for harassment and disrespectful political debates that fuels resentment and rises privacy concerns.

There have been age restrictions put on numerous websites but how effective they are is debatable. Findings have unveiled that informative opportunities regarding internet privacy as well as concerns from parents, teachers, and peers, play a significant role in impacting the internet user's behavior in regards to online privacy. Additionally, other studies have also found that the heightening of adolescents' concern towards their privacy will also lead to a greater probability that they will utilize privacy-protecting behaviors. In the technological culture that society is developing into, not only should adolescents' and parent's awareness be risen, but society as a whole should acknowledge the importance of online privacy.

Preteens and early teenagers are particularly susceptible to social pressures that encourage young people to reveal personal data when posting online. Teens often post information about their personal life, such as activities they are doing, sharing their current locations, who they spend time with, as well their thoughts and opinions. They tend to share this information because they do not want to feel left out or judged by other adolescents who are practicing these sharing activities already. Teens are motivated to keep themselves up to date with the latest gossip, current trends, and trending news and, in doing so they are allowing themselves to become victims of cyberbullying, stalking, and in the future, could potentially harm them when pursuing job opportunities, and in the context of privacy, become more inclined to share their private information to the public. This is concerning because preteens and teenagers are the least educated on how public social media is, how to protect themselves online, and the detrimental consequences that could come from sharing too much personal information online. As more and more young individuals are joining social media sites, they believe it is acceptable to post whatever they are thinking, as they don't realize the potential harm that information can do to them and how they are sacrificing their own privacy. "Teens are sharing more information about themselves on social media sites than they did in the past." Preteens and teenagers are sharing information on social media sites such as Facebook, Snapchat, Instagram, Twitter, Pinterest, and more by posting pictures and videos of themselves unaware of the privacy they are sacrificing. Adolescents post their real name, birthdays, and email addresses to their social media profiles. Children have less mobility than they have had in the past. Everything these teenagers do online is so they can stay in the loop of social opportunities, and the concern with this is that they do this in a way that is not only traceable but in a very persistent environment that motivates people to continue sharing information about themselves as well. Consequently, they continue to use social media sites such as Facebook, despite knowing there exists potential privacy risks.

California is also taking steps to protect the privacy of some social media users from users’ own judgments. In 2013, California enacted a law that would require social media sites to allow young registered users to erase their own comments from sites. This is a first step in the United States toward the “right to be forgotten” that has been debated around the world over the past decade.

Sexual predators
Most major social networking sites are committed to ensuring that use of their services are as safe as possible. However, due to the high content of personal information placed on social networking sites, as well as the ability to hide behind a pseudo-identity, such sites have become increasingly popular for sexual predators online. Further, lack of age verification mechanisms is a cause of concern in these social networking platforms. However, it was also suggested that the majority of these simply transferred to using the services provided by Facebook. While the numbers may remain small, it has been noted that the number of sexual predators caught using social networking sites has been increasing, and has now reached an almost weekly basis. In worst cases children have become victims of pedophiles or lured to meet strangers.They say that sexual predators can lurk anonymously through the wormholes of cyberspace and access victim profiles online. A number of highly publicized cases have demonstrated the threat posed for users, such as Peter Chapman who, under a false name, added over 3,000 friends and went on to rape and murder a 17-year-old girl in 2009. In another case, a 12-year-old, Evergreen girl was safely found by the FBI with the help of Facebook, due to her mother learning of her daughter's conversation with a man she had met on the popular social networking application.

Stalking
The potential ability for stalking users on social networking sites has been noted and shared. Popular social networking sites make it easy to build a web of friends and acquaintances and share with them your photos, whereabouts, contact information, and interests without ever getting the chance to actually meet them. With the amount of information that users post about themselves online, it is easy for users to become a victim of stalking without even being aware of the risk. 63% of Facebook profiles are visible to the public, meaning if you Google someone's name and you add "+Facebook" in the search bar you pretty much will see most of the person profile. A study of Facebook profiles from students at Carnegie Mellon University revealed that about 800 profiles included current resident and at least two classes being studied, theoretically allowing viewers to know the precise location of individuals at specific times. AOL attracted controversy over its instant messenger AIM which permits users to add 'buddies' without their knowing, and therefore track when a user is online. Concerns have also been raised over the relative ease for people to read private messages or e-mails on social networking sites. Cyberstalking is a criminal offense that comes into play under state anti-stalking laws, slander laws, and harassment laws. A cyberstalking conviction can result in a restraining order, probation, or even criminal penalties against the assailant, including jail.

Some applications are explicitly centered on "cyber stalking." An application named "Creepy" can track a person's location on a map using photos uploaded to Twitter or Flickr. When a person uploads photos to a social networking site, others are able to track their most recent location. Some smartphones are able to embed the longitude and latitude coordinates into the photo and automatically send this information to the application. Anybody using the application can search for a specific person and then find their immediate location. This poses many potential threats to users who share their information with a large group of followers.

Facebook "Places," is a Facebook service, which publicizes user location information to the networking community. Users are allowed to "check-in" at various locations including retail stores, convenience stores, and restaurants. Also, users are able to create their own "place," disclosing personal information onto the Internet. This form of location tracking is automated and must be turned off manually. Various settings must be turned off and manipulated in order for the user to ensure privacy. According to epic.org, Facebook users are recommended to: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited.". Moreover, the Federal Trade Commission has received two complaints in regards to Facebook's "unfair and deceptive" trade practices, which are used to target advertising sectors of the online community. "Places" tracks user location information and is used primarily for advertising purposes. Each location tracked allows third party advertisers to customize advertisements that suit one's interests. Currently, the Federal Trade Commissioner along with the Electronic Privacy Information Center are shedding light on the issues of location data tracking on social networking sites.

Unintentional fame
Unintentional fame can harm a person's character, reputation, relationships, chance of employment, and privacy- ultimately infringing upon a person's right to the pursuit of happiness. Many cases of unintentional fame have led its victims to take legal action. The right to be forgotten is a legal concept that includes removing one's information from the media that was once available to the public. The right to be forgotten is currently enforced in the European Union and Argentina, and has been recognized in various cases in the United States, particularly in the case of Melvin v. Reid. However, there is controversy surrounding the right to be forgotten in the United States as it conflicts with the public's right to know and the Constitution's First Amendment, restricting one's “right to freedom of speech and freedom of expression” (Amendment I).

Privacy concerns have also been raised over a number of high-profile incidents which can be considered embarrassing for users. Various internet memes have been started on social networking sites or been used as a means towards their spread across the internet. In 2002, a Canadian teenager became known as the Star Wars Kid after a video of him using a golf club as a light sabre was posted on the internet without his consent. The video quickly became a hit, much to the embarrassment of the teenager, who claims to have suffered as a result. Along with other incidents of videos being posted on social networking sites, this highlights the ability for personal information to be rapidly transferred between users.

Employment
Issues relating to privacy and employment are becoming a concern with regards to social networking sites. As of 2008, it has been estimated by CareerBuilder.com that one in five employers search social networking sites in order to screen potential candidates (increasing from only 11% in 2006). For the majority of employers, such action is to acquire negative information about candidates. For example, 41% of managers considered information relating to candidates' alcohol and drug use to be a top concern. Other concerns investigated via social networking sites included poor communication skills, inappropriate photographs, inaccurate qualifications and bad-mouthing former employers/colleagues. However, 24% manager claimed that information found on a social networking site persuaded them to hire a candidate, suggesting that a user image can be used in a positive way.

While there is little doubt that employers will continue to use social networking sites as a means of monitoring staff and screening potential candidates, it has been noted that such actions may be illegal under in jurisdictions. According to Workforce.com, employers who use Facebook or Myspace could potentially face legal action:

If a potential employer uses a social networking site to check out a job candidate and then rejects that person based on what they see, he or she could be charged with discrimination. On August 1, 2012, Illinois joined the state of Maryland (law passed in March 2012) in prohibiting employer access to social media web sites of their employees and prospective employees. A number of other states that are also considering such prohibitory legislation (California, Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, South Carolina and Washington), as is the United States Congress. In April 2012, the Social Networking Online Protection Act (2012 H.R. 5050) was introduced in the United States House of Representatives, and the Password Protection Act of 2012 (2012 S. 3074) was introduced in the United States Senate in May 2012, which prohibit employers from requiring access to their employees' social media web sites.

With the recent concerns about new technologies, the United States is now developing laws and regulations to protect certain aspects of people's information on different medias.[CR4] For example, 12 states in the US currently have laws specifically restricting employers from demanding access to their employees’ social media sites when those sites are not fully public. (The states that have passed these laws are Arkansas, California, Colorado, Illinois, Maryland, Michigan, New Jersey, New Mexico, Nevada, Oregon, Utah, and Washington.)

Monitoring of social networking sites is not limited to potential workers. Issues relating to privacy are becoming an increasing concern for those currently in employment. A number of high-profile cases have appeared in which individuals have been sacked for posting comments on social networking which have been considered disparaging to their current employers or fellow workers. In 2009, sixteen-year-old Kimberley Swann was sacked from her position at Ivell Marketing and Logistics Limited after describing her job as 'boring'. In 2008, Virgin Atlantic sacked thirteen cabin crew staff, after it emerged they used had criticized the company's safety standards and called passengers 'chavs' on Facebook. There is no federal law that we are aware of that an employer is breaking by monitoring employees on social networking sites. In fact, employers can even hire third-party companies to monitor online employee activity for them. According to an article by Read Write Web employers use the service to "make sure that employees don't leak sensitive information on social networks or engage in any behavior that could damage a company's reputation." While employers may have found such usages of social networking sites convenient, complaints have been put forward by civil liberties groups and trade unions on the invasive approach adopted by many employers. In response to the Kimberley Swann case, Brendan Barber, of the TUC union stated that:

Most employers wouldn't dream of following their staff down the pub to see if they were sounding off about work to their friends," he said. "Just because snooping on personal conversations is possible these days, it doesn't make it healthy."

Monitoring of staff's social networking activities is also becoming an increasingly common method of ensuring that employees are not browsing websites during work hours. It was estimated in 2010 that an average of two million employees spent over an hour a day on social networking sites, costing potentially £14 billion.

Burglary
A male burglar in Orange County, California in 2015 targeted 33 women by using GPS data embedded on Facebook and Instagram photos, and stole $250,000 in electronics and jewelry, along with his victims’ underwear and bras. A former burglar probed social media to determine when their victims were away, by looking for photos suggesting a vacation. Instagram posts showing expensive new products have been used by theives to find victims, along with posts featuring new homes showing their address. A survey in the United Kingdom showed that 78% of burglars have used Facebook and Twitter to find victims.

Online victimization
Social networks are designed for individuals to socially interact with other people over the Internet. However, some individuals engage in undesirable online social behaviors, which negatively impacts other people's online experiences. It has created a wide range of online interpersonal victimization. Some studies have shown that social network victimization appears largely in adolescent and teens, and the type of victimization includes sexual advances and harassment. Recent research has reported approximately 9% of online victimization involves social network activities. It has been noted that many of these victims are girls who have been sexually victimized over these social network sites. Research concludes that many of social network victimizations are associated with user behaviors and interaction with one another. Negative social behaviors such as aggressive attitudes and discussing sexual related topics motivate the offenders to achieve their goals. All in all, positive online social behaviors is promoted to help reduce and avoid online victimization.

Surveillance
While the concept of a worldwide communicative network seems to adhere to the public sphere model, market forces control access to such a resource. In 2010, investigation by The Wall Street Journal found that many of the most popular applications on Facebook were transmitting identifying information about users and their friends to advertisers and internet tracking companies, which is a violation of Facebook's privacy policy. The Wall Street Journal analyzed the ten most popular Facebook apps, including Zynga's FarmVille with 57 million users, and Zynga's Mafia Wars with 21.9 million users, and found that they were transmitting Facebook user IDs to data aggregators. Every online move leaves cyber footprints that are rapidly becoming fodder for research without people ever realizing it. Using social media for academic research is accelerating and raising ethical concerns along the way, as vast amounts of information collected by private companies — including Google, Microsoft, Facebook and Twitter — are giving new insight into all aspects of everyday life. Our social media "audience" is bigger than we actually know; our followers or friends aren't the only ones that can see information about us. Social media sites are collecting data from us just by searching something such as "favorite restaurant" on our search engine. Facebook is transformed from a public space to a behavioral laboratory," says the study, which cites a Harvard-based research project of 1,700 college-based Facebook users in which it became possible to "deanonymize parts of the data set," or cross-reference anonymous data to make student identification possible. Some of Facebook's research on user behavior found that 71% of people drafted at least one post that they never posted. Another analyzed 400,000 posts and found that children's communication with parents decreases in frequency from age 13 but then rises when they move out.

Law enforcement prowling the networks
The FBI has dedicated undercover agents on Facebook, Twitter, MySpace, LinkedIn. One example of investigators using Facebook to nab a criminal is the case of Maxi Sopo. Charged with bank fraud, and having escaped to Mexico, he was nowhere to be found until he started posting on Facebook. Although his profile was private, his list of friends was not, and through this vector, where he met a former official of the Justice Department, he was eventually caught.

In recent years, some state and local law enforcement agencies have also begun to rely on social media websites as resources. Although obtaining records of information not shared publicly by or about site users often requires a subpoena, public pages on sites such as Facebook and MySpace offer access to personal information that can be valuable to law enforcement. Police departments have reported using social media websites to assist in investigations, locate and track suspects, and monitor gang activity.

On October 18, 2017, the Department of Homeland Security (DHS) was scheduled to begin using personal information collected using social media platforms to screen immigrants arriving in the U.S. The department made this new measure known in a posting to the Federal Register in September 2017, noting that “...social media handles, aliases, associated identifiable information and search results...” would be included in an applicant's immigration file. This announcement, which was made relatively quietly, has received criticism from privacy advocates. The Department of Homeland Security issued a statement in late September 2017 asserting that the planned use of social media is nothing new, with one department spokesperson saying DHS has been using social media to collect information for years. According to a statement made to National Public Radio, DHS uses “...social media handles, aliases, associated identifiable information, and search results” to keep updated records on persons of interest. According to the DHS, the posting to the Federal Register was an effort to be transparent regarding information about social media that is already being collected from immigrants.

Government use of SMMS, or “Social Media Monitoring Software", may geographically track us as we communicate. It can chart out our relationships, networks, and associations. It can monitor protests, identify the leaders of political and social movements, and measure our influence.” SMMS is also a growing industry. SMMS “products like XI Social Discovery, Geofeedia, Dataminr, Dunami, and SocioSpyder (to name just a few) are being purchased in droves by Fortune 500 companies, politicians, law enforcement, federal agencies, defense contractors, and the military. Even the CIA has a venture fund, In-Q-Tel, that invests in SMMS technology.”

Mob rule
The idea of the 'mob rule' can be described as a situation in which control is held by those outside the conventional or lawful realm. In response to the News International phone hacking scandal involving News of the World in the United Kingdom, a report was written to enact new media privacy regulations.

The British author of the Leveson Report on the ethics of the British press, Lord Justice Leveson, has drawn attention to the need to take action on protecting privacy on the internet. This movement is described by Lord Justice Leveson as a global megaphone for gossip: "There is not only a danger of trial by Twitter, but also of an unending punishment, and no prospect of rehabilitation, by Google".

Location updates
Foursquare, Facebook, Loopt are application which allow users to check- in and these capabilities allows a user to share their current location information to their connection. Some of them even update their travel plans on social networking applications. However, the disclosure of location information within these networks can cause privacy concerns among mobile users. Foursquare defines another framework of action for the user. It appears to be in the interest of Foursquare that users provide many personal data that are set as public. This is illustrated, among others, by the fact that, although all the respondents want high control over the (location) privacy settings, almost none of them ever checked the Foursquare privacy settings before. Although there are algorithms using encryption, k-anonymity and noise injection algorithms, its better to understand how the location sharing works in these applications to see if they have good algorithms in place to protect location privacy.

Invasive privacy agreements
Another privacy issue with social networks is the privacy agreement. The privacy agreement states that the social network owns all of the content that users upload. This includes pictures, videos, and messages are all stored in the social networks database even if the user decides to terminate his or her account.

Privacy agreements oftentimes say that they can track a user's location and activity based on the device used for the site. For example, the privacy agreement for Facebook states that "all devices that a person uses to access Facebook are recorded such as IP addresses, phone numbers, operating system and even GPS locations". One main concern about privacy agreements are the length, because they take a lot of time to fully read and understand. Most privacy agreements state the most important information at the end because it is assumed that people will not read it completely.

The ethical dilemma lies in that upon the agreement to register for SNSs, the personal information disclosed is legally accessible and managed by the sites privately established online security operators and operating systems; leaving access of user data to be "under the discretion" of the site(s) operators. Giving rise to the moral obligation and responsibility of the sites operators to maintain private information to be within user control. However, due to the legality of outsourcing of user data upon registration- without prior discretion, data outsourcing has been frequented by SNSs operating systems- regardless of user privacy settings.

Data outsourcing has been proven to be consistently exploited since the emergence of SNSs. Employers have often been found to hire individuals or companies to search deep into the SNSs user database to find "less than pleasant" information regarding applicants during the review process.

Reading a privacy statement in terms and conditions
One of the main concerns that people have with their security is the lack of visibility that policies and settings have in the social networks. It is often located in areas hard to see like the top left or right of the screen. Another concern is the lack of information that users get from the companies when there is a change in their policies. They always inform users about new updates, but it is difficult to get information about these changes.

Most social networking sites require users to agree to Terms of Use policies before they use their services. Controversially, these Terms of Use declarations that users must agree to often contain clauses permitting social networking operators to store data on users, or even share it with third parties. Facebook has attracted attention over its policies regarding data storage, such as making it difficult to delete an account, holding onto data after an account is de-activated and being caught sharing personal data with third parties.

This section explains how to read the privacy statement in terms and conditions while signing up for any social networking site.

What to look for in the privacy policy:


 * 1) Who owns the data that a user posts?
 * 2) What happens to the data when the user account is closed?
 * 3) How does changes in the privacy policy be made aware to its users?
 * 4) The location of the privacy policy that is effective
 * 5) Will the profile page be completely erased when a user deletes the account?
 * 6) Where and how can a user complain in case of any breach in privacy?
 * 7) For how long is the personal information stored?

The answers to these questions will give an indication of how safe the social networking site is.

Realize the threats that will always exist
There are people out there who want—and will do just about anything—to get someone's private information. It's essential to realize that it's difficult to keep your privacy secured all the time. Among other factors, it has been observed that data loss is correlated positively with risky online behavior and forgoing the necessary antivirus and anti spyware programs to defend against breaches of private information via the internet.

Be thorough all the time
Logging off after every session can help protect account security. It is dangerous to keep your device logged on since others may have access to your social profiles while you are not paying attention. Full names and addresses are typically considered personal information. Children's safety may be compromised if their parents post their whereabouts in a site where others know who their real identities are.

Know the sites
Read the social networking site's fine prints. Many sites push its users to agree to terms that are best for the sites—not the users. Users should be aware about the terms in case of emergencies. Exactly how to read the terms are explained above at "Reading a Privacy Statement in Terms and Conditions" part.

Make sure the social networking site is safe before sharing information. Users shouldn't be sharing information if they don't know who are using the websites since their personally identifiable information could be exposed to other users of the site.

Be familiar with the privacy protection provided. Users should take the extra time to get to know the privacy protection systems of various social networks they are or will be using. Only friends should be allowed to access their information. Check the privacy or security settings on every social networking site that they might have to use.

Protect devices
Encrypt devices. Users should use complex passwords on their computers and cell phones and change them from time to time. This will protect users' information in case these devices are stolen.

Install Anti-virus software. Others would be able to use viruses and other ways to invade a user's computer if he or she installed something unsafe. Use devices that can disable camera, microphone, which mostly used for privacy invasion.

Be careful about taking drastic actions
The users' privacy may be threatened by any actions. Following actions needs special attention.

(1) Adding a new friend. Facebook reports 8.7% of its total profiles are fake. A user should be sure about who the person is before adding it as a new friend.

(2) Clicking on links. Many links which looks attractive like gift cards are specially designed by malicious users. Clicking on these links may result in losing personal information or money.

(3) Think twice about posting revealing photos. A revealing photo could attract the attention of potential criminals.

Facebook
Facebook has been scrutinized for a variety of privacy concerns due to changes in its privacy settings on the site generally over time as well as privacy concerns within Facebook applications. Mark Zuckerberg, CEO of Facebook, first launched Facebook in 2004, it was focused on universities and only those with .edu address could open an account. Furthermore, only those within one's university network could see their page. Some argue that initial users were much more willing to share private information for these reasons. As time went on, Facebook became more public allowing those outside universities, and furthermore, those without a specific network, to join and see pages of those in networks that were not their own. In 2006 Facebook introduced the News Feed, a feature that would highlight recent friend activity. By 2009, Facebook made "more and more information public by default". For example, in December 2009, "Facebook drastically changed its privacy policies, allowing users to see each others' lists of friends, even if users had previously indicated they wanted to keep these lists private". Also, "the new settings made photos publicly available by default, often without users' knowledge".

Facebook recently updated its profile format allowing for people who are not "friends" of others to view personal information about other users, even when the profile is set to private. However, As of January 18, 2011 Facebook changed its decision to make home addresses and telephone numbers accessible to third party members, but it is still possible for third party members to have access to less exact personal information, like one's hometown and employment, if the user has entered the information into Facebook. EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used."

Breakup Notifier is an example of a Facebook "cyberstalking" app, which was taken down on 23 February 2011. The app was later unblocked. The application notifies the user when the person they selected changes their relationship status. The concept became very popular, with the site attracting 700,000 visits in the first 36 hours and the app being downloaded 40,000 times. Before the app was blocked, it had more than 3.6 million downloads and 9,000 Facebook likes.

In 2008, four years after the first introduction of Facebook, Facebook created an option to permanently delete information. Until then, the only option was to deactivate one's Facebook account, which still left the user's information within Facebook servers. After thousands of users complaints, Facebook obliged and created a tool which was located in the Help Section but later removed. To locate the tool to permanently delete a user's Facebook, he or she must manually search through Facebook's Help section by entering the request to delete the Facebook in the search box. Only then will a link be provided to prompt the user to delete his or her profile.

These new privacy settings enraged some users, one of whom claimed, "Facebook is trying to dupe hundreds of millions of users they've spent years attracting into exposing their data for Facebook's personal gain." However, other features like the News Feed faced an initial backlash but later became a fundamental and very much appreciated part of the Facebook experience. In response to user complaints, Facebook continued to add more and more privacy settings resulting in "50 settings and more than 170 privacy options." However, many users complained that the new privacy settings were too confusing and were aimed at increasing the amount of public information on Facebook. Facebook management responded that "there are always trade offs between providing comprehensive and precise granular controls and offering simple tools that may be broad and blunt." It appears as though users sometimes do not pay enough attention to privacy settings and arguably allow their information to be public even though it is possible to make it private. Studies have shown that users actually pay little attention to "permissions they give to third party apps."

Most users are not aware that they can modify the privacy settings and unless they modify them, their information is open to the public. On Facebook privacy settings can be accessed via the drop down menu under account in the top right corner. There users can change who can view their profile and what information can be displayed on their profile. In most cases profiles are open to either "all my network and friends" or "all of my friends." Also, information that shows on a user's profile such as birthday, religious views, and relationship status can be removed via the privacy settings. If a user is under 13 years old they are not able to make a Facebook or a MySpace account, however, this is not regulated.

Although Zuckerberg, the Facebook CEO, and others in the management team usually respond in some manner to user concerns, they have been unapologetic about the trend towards less privacy. They have stated that they must continually "be innovating and updating what our system is to reflect what the current social norms are." Their statements suggest that the Internet is becoming a more open, public space, and changes in Facebook privacy settings reflect this. However, Zuckerberg did admit that in the initial release of the News Feed, they "did a bad job of explaining what the new features were and an even worse job of giving you control of them."

Facebook's privacy settings have greatly evolved and are continuing to change over time. Zuckerberg "believes the age of privacy is 'over,' and that norms have evolved considerably since he first co-founded the social networking site". Additionally, Facebook has been under fire for keeping track of one's Internet usage whether users are logged into the social media site or not. A user may notice personalized ads under the 'Sponsored' area of the page. "The company uses cookies to log data such as the date, time, URL, and your IP address whenever you visit a site that has a Facebook plug-in, such as a 'Like' button." Facebook claims this data is used to help improve one's experience on the website and to protect against 'malicious' activity. Another issue of privacy that Facebook uses is the new facial recognition software. This feature includes the software to identify photos that users are tagged in by developing a template based on one's facial features.[https://www.facebook.com/help/122175507864081 What is the face recognition setting on Facebook and how does it work? | Facebook Help Center]

Similar to Rotenberg's claim that Facebook users are unclear of how or why their information has gone public, recently the Federal Trade Commission and Commerce Department have become involved. The Federal Trade Commission has recently released a report claiming that Internet companies and other industries will soon need to increase their protection for online users. Because online users often unknowingly opt in on making their information public, the FTC is urging Internet companies to make privacy notes simpler and easier for the public to understand, therefore increasing their option to opt out. Perhaps this new policy should also be implemented in the Facebook world. The Commerce Department claims that Americans, "have been ill-served by a patchwork of privacy laws that contain broad gaps". Because of these broad gaps, Americans are more susceptible to identity theft and having their online activity tracked by others.

Internet privacy and Facebook advertisements
The illegal activities on Facebook are very widespread, in particular, phishing attacks, allowing attackers to steal other people's passwords. The Facebook users are led to land on a page where they are asked for their login information, and their personal information is stolen in that way. According to the news from PC World Business Center which was published on April 22, 2010, we can know that a hacker named Kirllos illegally stole and sold 1.5 million Facebook IDs to some business companies who want to attract potential customers by using advertisements on Facebook. Their illegal approach is that they used accounts which were bought from hackers to send advertisements to friends of users. When friends see the advertisements, they will have opinion about them, because "People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. There were 2.2232% of the population on Facebook that believed or followed the advertisements of their friends. Even though the percentage is small, the amount of overall users on Facebook is more than 400 million worldwide. The influence of advertisements on Facebook is so huge and obvious. According to the blog of Alan who just posted advertisements on the Facebook, he earned $300 over the 4 days. That means he can earn $3 for every $1 put into it. The huge profit attracts hackers to steal users' login information on Facebook, and business people who want to buy accounts from hackers send advertisements to users' friends on Facebook.

A leaked document from Facebook has revealed that the company was able to identify "insecure, worthless, stressed or defeated" emotions, especially in teenagers, and then proceeded to inform advertisers. While similar issues have arisen in the past, this continues to make individuals’ emotional states seem more like a commodity. They are able to target certain age groups depending on the time that their advertisements appear.

Recently, there have been allegations made against Facebook accusing the app of listening in on its users through their smartphone's microphone in order to gather information for advertisers. These rumors have been proven to be false as well as impossible. For one, because it does not have a specific buzzword to listen for like the Amazon Echo, Facebook would have to record everything its users say. This kind of “constant audio surveillance would produce about 33 times more data daily than Facebook currently consumes”. Additionally, it would become immediately apparent to the user as their phone's battery life would be swiftly drained by the amount of power it would take to record every conversation. Finally, it is clear that Facebook doesn't need to listen in on its users’ conversations because it already has plenty of access to their data and internet search history through cookies. Facebook specifically states in their Cookies Policy that they use cookies to help display ads that will peak the users interest. They then use this information to help make recommendations for numerous businesses, organizations, associations, etc. to individuals who may be interested in the products, services or causes they offer.

Security Breach

In September 2018, there was an incident of a security breach within Facebook. Hackers were able to access and steal personal information in nearly half of the 30 million accounts. The company initially believed that even more, around 50 million users, were affected in an attack that gave the hackers control of accounts.

Facebook friends study
A study was conducted at Northeastern University by Alan Mislove and his colleagues at the Max Planck Institute for Software Systems, where an algorithm was created to try and discover personal attributes of a Facebook user by looking at their friend's list. They looked for information such as high school and college attended, major, hometown, graduation year and even what dorm a student may have lived in. The study revealed that only 5% of people thought to change their friend's list to private. For other users, 58% displayed university attended, 42% revealed employers, 35% revealed interests and 19% gave viewers public access to where they were located. Due to the correlation of Facebook friends and universities they attend, it was easy to discover where a Facebook user was based on their list of friends. This fact is one that has become very useful to advertisers targeting their audiences but is also a big risk for the privacy of all those with Facebook accounts.

Facebook Emotion Study
Recently, Facebook knowingly agreed and facilitated a controversial experiment; the experiment blatantly bypassed user privacy and demonstrates the dangers and complex ethical nature of the current networking management system. The "one week study in January of 2012" where over 600,000 users were randomly selected to unknowingly partake in a study to determine the effect of "emotional alteration" by Facebook posts. Apart from the ethical issue of conducting such a study with human emotion in the first place, this is just one of the means in which data outsourcing has been used as a breach of privacy without user disclosure.

Several issues about Facebook are due to privacy concerns. An article titled "Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences" examines the awareness that Facebook users have on privacy issues. This study shows that the gratifications of using Facebook tend to outweigh the perceived threats to privacy. The most common strategy for privacy protection—decreasing profile visibility through restricting access to friends—is also a very weak mechanism; a quick fix rather than a systematic approach to protecting privacy. This study suggests that more education about privacy on Facebook would be beneficial to the majority of the Facebook user population.

The study also offers the perspective that most users do not realize that restricting access to their data does not sufficiently address the risks resulting from the amount, quality, and persistence of data they provide. Facebook users in our study report familiarity and use of privacy settings, they are still accepting people as "friends" that they have only heard of through others or do not know at all and, therefore, most have very large groups of "friends" that have access to widely uploaded information such as full names, birthdates, hometowns, and many pictures. This study suggests that social network privacy does not merely exist within the realm of privacy settings, but privacy control is much within the hands of the user. Commentators have noted that online social networking poses a fundamental challenge to the theory of privacy as control. The stakes have been raised because digital technologies lack "the relative transience of human memory," and can be trolled or data mined for information. For users who are unaware of all privacy concerns and issues, further education on the safety of disclosing certain types of information on Facebook is highly recommended.

Instagram
Instagram tracks users' photos even if they do not post them using a geotag. This is through the information within metadata, which is in all photos. Metadata contains information like the lens type, location, time, and more of the photo. Users can be tracked through metadata without the use of geotags. The app geotags an uploaded image regardless of whether the user chose to share its location or not. Therefore, anybody can view the exact location where an image was uploaded on a map. This is concerning due to the fact that most people upload photos from their home or other locations they frequent a lot, and the fact that locations are so easily shared raises privacy concerns of stalking and sexual predators being able to find their target in person after discovering them online. The new Search function on Instagram combines the search of places, people, and tags to look at nearly any location on earth, allowing them to scout out a vacation spot, look inside a restaurant, and even to experience an event like they were there in person. The privacy implications of this fact is that people and companies can now see into every corner of the world, culture, and people's private lives. Additionally, this is concerning for individual privacy, because when someone searches through these features on Instagram for a specific location or place, Instagram shows them the personal photos that their users have posted, along with the likes and comments on that photo regardless of whether the poster's account is private or not. With these features, completely random people, businesses, and governments can see aspects of Instagram users' private lives. The Search and Explore pages that collect data based on user tagging illustrates how Instagram was able to create value out of the databases of information they collect on users throughout their business operations.

Swarm
Swarm is a mobile app that lets users check-in to a location and potentially make plans and set up future meetings with people nearby. This app has made it easier for people in online communities to share their locations, as well as interact with others in this community through collecting rewards such as coins and stickers through competitions with other users. If a user is on Swarm, their exact location may be broadcast even if they didn't select their location to be "checked-in." When users turn on their "Neighborhood Sharing" feature, their location is shared as the specific intersection that they are at, and this location in current time can be viewed simply by tapping their profile image. This is concerning because Swarm users may believe they are being discreet by sharing only which neighborhood they are in, while in fact they are sharing the exact pinpoint of their location. The privacy implications of this is that people are inadvertently sharing their exact location when they do not know that they are. This plays into the privacy concerns of social media in general, because it makes it easier for other users as well as the companies this location data is shared with to track Swarm members. This tracking makes it easier for people to find their next targets for identity theft, stalking, and sexual harassment.

Spokeo
Spokeo is a "people-related" search engine with results compiled through data aggregation. The site contains information such as age, relationship status, estimated personal wealth, immediate family members and home address of individual people. This information is compiled through what is already on the internet or in other public records, but the website does not guarantee accuracy.

Spokeo has been faced with potential class action lawsuits from people who claim that the organization breaches the Fair Credit Reporting Act. In September, 2010, Jennifer Purcell claimed that the FCRA was violated by Spokeo marketing her personal information. Her case is pending in court. Also in 2010, Thomas Robins claimed that his personal information on the website was inaccurate and he was unable to edit it for accuracy. The case was dismissed because Robins did not claim that the site directly caused him actual harm. On February 15, 2011, Robins filed another suit, this time stating Spokeo has caused him "imminent and ongoing" harm.

Twitter
In January 2011, the US government obtained a court order to force the social networking site, Twitter, to reveal information applicable surrounding certain subscribers involved in the WikiLeaks cases. This outcome of this case is questionable because it deals with the user's First Amendment rights. Twitter moved to reverse the court order, and supported the idea that internet users should be notified and given an opportunity to defend their constitutional rights in court before their rights are compromised.

Twitter's privacy policy states that information is collected through their different web sites, application, SMS, services, APIs, and other third parties. When the user uses Twitter's service they consent to the collection, transfer, storage, manipulation, disclosure, and other uses of this information. In order to create a Twitter account, one must give a name, username, password, and email address. Any other information added to one's profile is completely voluntary. Twitter's servers automatically record data such as IP address, browser type, the referring domain, pages visited, mobile carrier, device and application IDS, and search terms. Any common account identifiers such as full IP address or username will be removed or deleted after 18 months.

Twitter allows people to share information with their followers. Any messages that are not switched from the default privacy setting are public, and thus can be viewed by anyone with a Twitter account. The most recent 20 tweets are posted on a public timeline. Despite Twitter's best efforts to protect their users privacy, personal information can still be dangerous to share. There have been incidents of leaked tweets on Twitter. Leaked tweets are tweets that have been published from a private account but have been made public. This occurs when friends of someone with a private account retweet, or copy and paste, that person's tweet and so on and so forth until the tweet is made public. This can make private information public, and could possibly be dangerous.

Another issue involving privacy on Twitter deals with users unknowingly disclosing their information through tweets. Twitter has location services attached to tweets, which some users don't even know are enabled. Many users tweet about being at home and attach their location to their tweet, revealing their personal home address. This information is represented as a latitude and longitude, which is completely open for any website or application to access. People also tweet about going on vacation and giving the times and places of where they are going and how long they will be gone for. This has led to numerous break ins and robberies. Twitter users can avoid location services by disabling them in their privacy settings.

Teachers and MySpace
Teachers' privacy on MySpace has created controversy across the world. They are forewarned by The Ohio News Association that if they have a MySpace account, it should be deleted. Eschool News warns, "Teachers, watch what you post online." The ONA also posted a memo advising teachers not to join these sites. Teachers can face consequences of license revocations, suspensions, and written reprimands.

The Chronicle of Higher Education wrote an article on April 27, 2007, entitled "A MySpace Photo Costs a Student a Teaching Certificate" about Stacy Snyder. She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an allegedly unprofessional photo posted on MySpace, which involved her drinking with a pirate's hat on and a caption of "Drunken Pirate". As a substitute, she was given an English degree.

Other sites
Sites such as Sgrouples and Diaspora have attempted to introduce various forms of privacy protection into their networks, while companies like Safe Shepherd have created software to remove personal information from the net.

Certain social media sites such as Ask.fm, Whisper, and Yik Yak allow users to interact anonymously. The problem with websites such as these is that “despite safeguards that allow users to report abuse, people on the site believe they can say almost anything without fear or consequences—and they do." This is a privacy concern because users can say whatever they choose and the receiver of the message may never know who they are communicating with. Sites such as these allow for a large chance or cyberbullying or cyberstalking to occur. People seem to believe that since they can be anonymous, they have the freedom to say anything no matter how mean or malicious.

Internet privacy and Blizzard Entertainment
On July 6, 2010, Blizzard Entertainment announced that it would display the real names tied to user accounts in its game forums. On July 9, 2010, CEO and cofounder of Blizzard Mike Morhaime announced a reversal of the decision to force posters' real names to appear on Blizzard's forums. The reversal was made in response to subscriber feedback.

Snapchat
Snapchat is a mobile application created by Stanford graduates Evan Spiegel and Bobby Murphy in September 2011. Snapchat's main feature is that the application allows users to send a photo or video, referred to as a "snap", to recipients of choice for up to ten seconds before it disappears. If recipients of a snap try and screenshot the photo or video sent, a notification is sent to the original sender that it was screenshot and by whom. Snapchat also has a "stories" feature where users can send photos to their "story" and friends can view the story as many times as they want until it disappears after twenty-four hours. Users have the ability to make their snapchat stories viewable to all of their friends on their friends list, only specific friends, or the story can be made public and viewed by anyone that has a snapchat account. In addition to the stories feature, messages can be sent through Snapchat. Messages disappear after they are opened unless manually saved by the user by holding down on the message until a "saved" notification pops up. There is no notification sent to the users that their message has been saved by the recipient, however, there is a notification sent if the message is screenshot.

2015 Snapchat privacy policy update
In 2015, Snapchat updated their privacy policy, causing outrage from users because of changes in their ability to save user content. These rules were put in place to help Snapchat create new and cool features like being able to replay a Snapchat, and the idea of “live” Snapchat stories. These features require saving content to snapchat servers in order to release to other users at a later time. The update stated that it has the rights to reproduce, modify, and republish photos, as well as save those photos to Snapchat servers. Users felt uncomfortable with the idea that all photo content was saved and the idea of “disappearing photos” advertised by Snapchat didn't actually disappear. There is no way to control what content is saved and what isn't. Snapchat responded to backlash by saying they needed this license to access our information in order to create new features, like the live snapchat feature.

Live Stories
With the 2015 new update of Snapchat, users are able to do “Live Stories,” which are a “collection of crowdsourced snaps for a specific event or region.” By doing that, you are allowing snapchat to share your location with not just your friends, but with everyone. According to Snapchat, once you pick the option of sharing your content through a Live Story, you are providing to the company "unrestricted, worldwide, perpetual right and license to use your name, likeness, and voice in any and all media and distribution channels."

Privacy concerns with Snapchat
On Snapchat, there is a new feature that was incorporated into the app in 2017 called Snap Maps. Snap Maps allows users to track other users’ locations, but when people “first use the feature, users can select whether they want to make their location visible to all of their friends, a select group of connections or to no one at all, which Snapchat refers to as ‘ghost mode.’”

This feature however has raised privacy concerns because “‘It is very easy to accidentally share everything that you've got with more people than you need too, and that's the scariest portion’. Cyber security expert Charles Tendell told ABC News of the Snapchat update.” For protecting younger users of Snapchat, “Experts recommend that parents stay aware of updates to apps like Snapchat. They also suggest parents make sure they know who their kids' friends are on Snapchat and also talk to their children about who they add on Snapchat.”

An additional concern users have with the privacy of Snapchat is the deletion of Snapchat's after 30 days. Many users become confused as to why it looks like someone has gotten into their account and opened all of their snapchat's which then increases their Snapscore. This has caused great concern over hackers getting into personal Snapchat accounts. To reassure users, Snapchat has added to their Support webpage explaining the expiration of snapchats after 30 days yet it is still very unclear. To clarify, this is exactly what happens: after 30 days, any unopened Snapchats will automatically be deleted or expire (which appears to the user as the same thing as being opened automatically). Therefore, this will change the user's Snapscore. After snaps expire, it will look like all of the snapchats have been opened, shown by many unfilled or open boxes.

Snapchat Spectacles
In 2016, Snapchat released a new product called “Snapchat Spectacles,” which are sunglasses featuring a small camera that allow users to take photos and record up to 10 seconds of footage. The cameras in the Spectacles are connected to users’ existing Snapchat accounts, so they can easily upload their content to the application. This new product has received negative feedback because the Spectacles do not stand out from normal sunglasses beyond the small cameras on the lenses. Therefore, users have the ability to record strangers without them knowing. Furthermore, the simplistic design may result in people using the glasses accidentally, mistaking them for regular glasses. Critics of Snapchat Spectacles argue that this product is an invasion of privacy for the people who do not know they are being recorded by individuals who are wearing the glasses. Many people believe that these spectacles pose a risk in a way that their physical location might be disclosed to various parties, making the user vulnerable. Proponents disagree, saying that the glasses are distinguishable enough that users and people around them will notice them. Another argument in favor of the glasses is that people are already exposing themselves to similar scenarios by being in public.

2016 Amnesty International Report
In October 2016, Amnesty International released a report ranking Snapchat along with ten other leading social media applications, including Facebook, iMessage, FaceTime, and Skype on how well they protect users’ privacy. The report assessed Snapchat's use of encryption and found that it ranks poorly in how it uses encryption to protect users’ security as a result of not using end-to-end encryption. Because of this, third parties have the ability to access Snapchats while they are being transferred from one device to another. The report also claimed that Snapchat does not explicitly inform users in its privacy policy of the application's level of encryption or any threats the application may pose to users’ rights, which further reduced its overall score. Regardless of this report, Snapchat is currently considered the most trustworthy social media platform among users.

The FTC
In 2014, allegations were made against Snapchat by the Federal Trade Commission "FTC" for deceiving users on its privacy and security measures. Snapchat's main appeal is its marketed ability to have users' photos disappear completely after the one to ten second time frame—selected by the sender to the recipient—is up. However, the FTC made a case claiming this was false, making Snapchat in violation of regulations implemented to prevent deceptive consumer information. One focus of the case was that the reality of a "snap" lifespan is longer than most users perceive; the app's privacy policy stated that Snapchat itself temporarily stored all snaps sent, but neglected to offer users a time period during which snaps had yet to be permanently deleted and could still be retrieved. As a result, many third-party applications were easily created for consumers that hold the ability to save "snaps" sent by users and screenshot "snaps" without notifying the sender. The FTC also claimed that Snapchat took information from its users such as location and contact information without their consent. Despite not being written in their privacy policy, Snapchat transmitted location information from mobile devices to its analytics tracking service provider. Although "Snapchat's privacy policy claimed that the app collected only your email, phone number, and Facebook ID to find friends for you to connect with, if you're an IOS user and entered your phone number to find friends, Snapchat collected the names and phone numbers of all the contacts in your mobile device address books without your notice or consent." It was disclosed that the Gibsonsec security group warned Snapchat of potential issues with their security, however no actions were taken to reinforce the system. In early 2014, 4.6 million matched usernames and phone numbers of users were publicly leaked, adding to the existing privacy controversy of the application. Finally, the FTC claimed that Snapchat failed to secure its "find friends" feature by not requiring phone number verification in the registration process. Users could register accounts from numbers other than their own, giving users the ability to impersonate anyone they chose. Snapchat had to release a public statement of apology to alert users of the misconducts and change their purpose to be a "fast and fun way to communicate with photos".

WhatsApp
WhatsApp, created in 2009, is a platform that allows users to communicate via text and voice message, video chatting, and document sharing for free. WhatsApp was acquired by Facebook in 2014, but the brand continues to be promote as a secure and reliable form of communication. The app can be downloaded and used on Android, iPhone, Mac or Windows PC, and Windows Phone devices without SMS fees or charges from a carrier. While asterisks across the WhatsApp website denote some hazards of fees and additional charges, this has become a popular application for consumers that communication with people overseas.

Privacy and security with WhatsApp
In 2019, WhatsApp incorporated new privacy and security measures for their users including- Hide Muted Status and Frequently Forwarded. The hide muted status feature allows users to hide specific updates or interactions with specific users; however, if the user would decide to "unhide" their status or updates from certain users, a list of all updates will be shown to the previously blocked user (including the previously hidden status/updates). Similar to apps such as Snapchat and Instagram, users are notified when a story is forwarded, viewed, screenshotted, or shared. WhatsApp developers have added the Frequently Forwarded feature that notifies users if a message, status, or update has been forwarded 4 or more times.

Response to criticism
Many social networking organizations have responded to the criticism and concerns over privacy brought up over time. It is claimed that changes to default settings, the storage of data and sharing with third parties have all been updated and corrected in the light of criticism, and/or legal challenges. However, many critics remain unsatisfied, noting that fundamental changes to privacy settings in many social networking sites remain minor and at times, inaccessible, and argue that social networking companies prefer to criticize users rather than adapt their policies.

There are suggestions for individuals to obtain privacy by reducing or ending their own use of social media. This method does not succeed, since their information is still revealed by posts from their friends.

There is ambiguity about how private IP addresses are. The Court of Justice of the European Union has ruled they need to be treated as personally identifiable information if the business receiving them, or a third party like a service provider, knows the name or street address of the IP address holder, which would be true for static IP addresses, not for dynamic addresses. California regulations say IP addresses need to be treated as personal information if the business itself, not a third party, can link them to name and street address. In 2020, An Alberta court ruled that police can obtain the IP addresses and the names and addresses associated with them, without a search warrant. An investigation found the IP addresses which initiated online crimes, and the service provider gave police the names and addresses associated with those IP addresses.