I will share three basic risks to privacy on social networks. If you have any other suggestions, please let me know.
Although much of the earlier work (e.g., access control models) for data privacy on social networks have been adapted from security research in operating and database management systems, their application without a central authority to set global privacy settings has led to both positive and negative user experiences in terms of privacy. By choosing their own settings, social network users have enriched their social experience but also became susceptible to unintended information disclosure to a public that can reach up to millions of social network users. Mainly, three problems have arisen in data privacy on social networks.
First, the use of real names during registering to a social network has allowed third parties to track users across different social network platforms. By default, many social networks allow search engines to index profile pages of social network users, and bits of personal information on different web services can be combined by third parties for background checks on users. To prevent this data prying, users need to be more aware of what they share on social networks. See this for an introduction to what such a super social network can look like.
The second problem in data privacy is related to the nature of social network companies. Social network users do not pay a price to use social network products, “because they are the product that is being sold” (User comment from Metafilter.com). Social network companies benefit from more open privacy settings because increased interactions among users also increase user visits and user retention rates on their social network services. Despite government regulations and law suits from ordinary users, social network companies choose more open default privacy settings for newly subscribed users, and even reset the privacy settings of social network users regularly.
The third problem is related to understanding what type of data is generated for the consumption of which users on social networks, and when carefully addressed, a solution to this problem can help with the first two problems that were mentioned earlier. Starting with photos and status posts, social networks have introduced new types of user generated data such as photo tags and location information. The richness of personal data on social networks has prevented users from getting a good idea of who can see which data on their profiles. With each new data type, a new set of privacy questions are posed to users to decide on data visibility to other social network users. Although data types (e.g., photos and photo tags) may be related, users have to choose a setting for each one of them separately. In popular networks, such as Facebook.com, users have to answer almost a hundred such questions, and remember the privacy settings they chose when uploading new data. In this way, too many options in privacy settings lead to poorer decisions in privacy protection. Additionally, early survey work had shown that only a small percentage of users changed their default privacy settings. This user reluctance to manage their privacy settings carefully have long been acknowledged, but more recent works show that 17% and 57.5% of users now choose their own settings (see this for an in-depth analysis of this trend). A factor in this change of user attitude to privacy has been the media coverage of negative consequences in privacy related issues. For example, Madejski found that 2/3 of surveyed users double checked privacy settings, and most also stated that they would become more selective regarding future information shared on Facebook.com after media coverage. In a similar work, Tufekci found that users adjust profile visibility and use nicknames but not restrict the information within the profile. More than these basic precautions, Lampinen shows that “users choose a variety of strategies, such as self-censorship and withdrawal of data, choosing different groups to show data, and sharing different types of data in different contexts”.