Bonneau's team examined 45 sites, collecting over 250 data points about each sites’ privacy policies, privacy controls, data collection practices, and more. The results were fascinating, as presented at the WEIS conference in London. The full paper and complete dataset are available online as well.
For anyone who's ever wondered why the Facebook privacy tools are greyed out on the front page compared to the other menu items, there are revelations:
In other words, as long suspected, privacy is the enemy of the SNS business model and the sites are very well aware of this, despite being having to be seen to pay lip service to increasing numbers of well meaning codes of practice. Indeed the full paper found that SNS which actively marketed themselves as privacy-protective and hence attracted "privacy fundamentalists", tended simply not to do very well (assessed by longevity and growth of audience in the market). What incentive then to make privacy tools easy to see and use for consumers?
This study adds to the weight of evidence that self regulation and consumer education are not ultimately anything like a real solution to the current problems of voluntary and involuntary data disclosure on SNSs. Good to see real empirical evidence like this :)
Also worth noting for security scholars: the papers are in the main now available from Security and Human Behaviour 2009, the "new" conference (following on from the succes of WEIS) on security and how it is affected by psychological and social factors. Hoping to have time to digest these in thenext few weeks, especially as I've been asked to speak myself at the Cyber Conflict Law and Policy Conference at the Cooperative Cyber Defence Centre of Excellence (CCD COE) in Estonia in September. Should be fascinating :-)