Michelle Madejskiy. Maritza Johnson, Steven M. Bellovin
Increasingly, people are sharing sensitive personal information via online social networks (OSN). While such networks do permit users to control what they share with whom, access control policies are notoriouslydifficult to con gure correctly; this raises the question of whether OSN users' privacy settings match theirsharing intentions.
We present the results of an empirical evaluation that measures privacy attitudes andintentions and compares these against the privacy settings on Facebook. Our results indicate a seriousmismatch: every one of the 65 participants in our study con rmed that at least one of the identi ed violationswas in fact a sharing violation. In other words, OSN users' privacy settings are incorrect.
Furthermore, a majority of users cannot or will not fix such errors. We conclude that the current approach to privacy settingsis fundamentally awed and cannot be fixed; a fundamentally different approach is needed. We presentrecommendations to ameliorate the current problems, as well as provide suggestions for future research.
Available at https://mice.cs.columbia.edu/getTechreport.php?techreportID=1459&format=pdf&