Here is my First Law of Social Networking: social networking sites are incentivized to promote the open and unfettered flow of mountains of personal information.
Social networks’ ability to make money through contextual and/or behavioral-targeted advertising is dependent on users sharing information about themselves, their lives, and their interests. Facebook’s Mark Zuckerberg confirms this point when he notes that “as long as the stream of information is constantly increasing, and as long as we’re doing our job… of pushing that forward, I think that’s….the best strategy for [Facebook]”. In short, the best strategy for social networks is to increase personal information flows online, or, again in Zuckerberg’s words, to get “people through this really big hurdle of getting people to want to put up their full name, a real picture, mobile phone number…and connections to real people” online.
Consequently, creating and promoting robust, easy-to-use privacy settings to allow users to control and possibly restrict the information they share would generally be counter to a social networking service’s strategic interest. This is my Second Law of Social Networking. Again, consider Zuckerberg’s response to an interviewer’s suggestion that Facebook’s privacy controls are unknown or mis-used by uses: Zuckerberg seemingly laughs it off by simply replying “well, the privacy controls are there.” As if just having them there is good enough….
Still, we are seeing increased pressure for social networks to improve their privacy practices, as well as the flexibility they provide users to control the flow of their personal information. While their inability to design for privacy from the start remains problematic, and the complex privacy settings often need supplemental materials to help make them useful for users, Facebook does have some of the most robust privacy filters out there (at least in terms of users ability to control what other users see).
This apparent contradiction is studied in an important new paper titled “The Privacy Jungle: On the Market for Data Protection in Social Networks” by Joseph Bonneau and Sören Preibusch.The University of Cambridge researchers conducted a thorough analysis of the privacy practices and policies in online social networks, revealing some interesting results regarding how social networking sites differentiate (or not) themselves in the “privacy marketplace.” (Technology Review has a good summary of the research, and some of its implications, including quotes from myself).
They summarize their results as follows (emphasis added):
Our contribution is threefold. First, we report the results of a thorough analysis of the privacy supply in the social networking market (Section 4). Our data supports some common assumptions, such as a generally low quality of privacy policies, usability problems, and poor security practices. It also provides some surprises such as promotion of photo-sharing being far more common than game-playing, and a huge diversity of privacy controls available in different networks which is not effectively conveyed to users.
Second, we aggregate our data into overall privacy and functionality scores for each site, and use these to find which general factors may influence a site’s privacy practices (Section 5). Again, we find interesting results, such as niche sites offering significantly less sophisticated privacy controls than general-purpose sites, positive correlations between privacy and the age, size, and popularity of a site. Privacy and functionality aren’t strong correlated, but sites that promote on privacy are often found having less favourable privacy practices. We also find evidence that sites with better privacy are growing ahead of the market, while those that mention their privacy are falling behind.
Finally, we propose a novel economic model to explain the observed under-supply and under-promotion of privacy as a rational choice by the competing social networking providers. Our model assumes the existence of consumers with varying degrees of privacy concern. We conjecture that websites seek to maximise their desirability to both populations by not raising privacy concerns for the majority of users, while minimising criticism from the privacy-sensitive.
Their final point is worth special consideration: According to the authors, social networking sites might build robust privacy settings to appease privacy advocates, but they don’t promote them and/or make them difficult to use so the majority of users don’t bother to change their default settings, thereby keeping the open flows of personal information undisturbed.
This is my Third Law of Social Networking: Provide privacy, but make it hard. Social networking providers will never admit to this, but the evidence is there: default settings are generally set to share all of your information with all of your friends; there are few (if any) help pages to assist users in managing their privacy (compare to what Google has been doing to try to educate users); maintain the philosophy that, no matter what, information wants to be shared among everyone; and build systems that share everything, and only make privacy changes when the pressure mounts (i.e., News Feed, Beacon, etc).
Thus, we have identified three Laws of Social Networking:
- Promoting the open flow of personal information allows maximum profitability
- Allowing user control over their information flows is counter to profit maximization
- Provide some privacy controls, but make it hard
I’ll need to think more about this, but welcome any feedback.
MichaelZimmer.org 
I think that this is a nice way of framing several converging trends! Do you think, though, that these “laws” are true of social network sites generally, or of for-profit ones only, or …?
@philosoraptor: Those are key questions that i/we need to work through. This was just my “top-of-mind” musings, and it will take much more intellectual muscle to get them worked into a more useful/universal set of laws. Much work ahead!
Great blog posting! I think you summed up our research nicely. The quote from Zuckerberg is great-could have put it in the paper if I knew it was out there.
Get in touch whenever you like if you want to bat around research ideas, I’ve always enjoyed reading your blog.
Nice work Michael. Remembering back to Beacon (is that still around), it struck me that the goal there was to break down boundaries between information. That is, the creation of a halo effect that incentivizes greater sharing (and more between-sharing) inside and outside of the social network site. MZ can’t win if we just share more in FB, we actually have to share more everywhere. Still working through the theorization, but it is fodder for a few blog posts.
I’ve spent a great deal of time with that aftermath of what places like facebook can do to relationships. Their business model goes beyond the open flow of information with such tools that prompt and in a sense promote infidelity. That is what keeps people coming back for more as they get sucked into this trap.