Skip to main content
Log in

Contextual gaps: privacy issues on Facebook

  • Original Paper
  • Published:
Ethics and Information Technology Aims and scope Submit manuscript

Abstract

Social networking sites like Facebook are rapidly gaining in popularity. At the same time, they seem to present significant privacy issues for their users. We analyze two of Facebooks’s more recent features, Applications and News Feed, from the perspective enabled by Helen Nissenbaum’s treatment of privacy as “contextual integrity.” Offline, privacy is mediated by highly granular social contexts. Online contexts, including social networking sites, lack much of this granularity. These contextual gaps are at the root of many of the sites’ privacy issues. Applications, which nearly invisibly shares not just a users’, but a user’s friends’ information with third parties, clearly violates standard norms of information flow. News Feed is a more complex case, because it involves not just questions of privacy, but also of program interface and of the meaning of “friendship” online. In both cases, many of the privacy issues on Facebook are primarily design issues, which could be ameliorated by an interface that made the flows of information more transparent to users.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. For a discussion of Public Search, Social Ads, and Beacon, with reference to the company’s terms of service, see Hashemi (2009). For an accessible overview of SNS, focusing on Myspace, see boyd (2007).

  2. Nissenbaum says that her paper is not “aiming for a full theory of privacy, but only a theoretical account of a right to privacy as it applies to information about people,” as that information is gathered in public surveillance (2004, 106). Our goal here is similarly narrow, and we remain agnostic about topics like the “essence of privacy.” Solove also cautions against the (perhaps quixiotic) attempt at producing a full theory: “the quest for a traditional definition of privacy has led to a rather fruitless and unresolved debate. In the meantime, there are real problems that must be addressed, but they are either conflated or ignored because they do not fit into various prefabricated conceptions of privacy …. In this way, conceptions of privacy can prevent the examination of problems” (2007b, p. 759). For a survey of definitional attempts, see Nissenbaum (2004, pp. 107–113).

  3. See Joinson (2008), Lampe et al. (2008, 2007, 2006) and Ellison et al. (2007). Not all social networking sites will be the same; researchers at IBM noted that individuals tended to use an intra-corporate site primarily for making new contacts, and not for maintaining old ones (DiMicco et al. 2008).

  4. For a similar discussion of problems of “social convergence” on Facebook, see boyd (2008, 18–19). For the efforts of teenagers to deal with this problem on Myspace (in particular, the porous boundaries between “teen” and “parent” contexts), see boyd (2007). See also Binder et al. (2009) (suggesting that social networking sites tend to flatten out the separateness of offline social spheres, and that “privacy” concerns can best be understood as one part of this problem of tension between poorly demarcated social spheres). The flattening of contexts discussed here does not extend as far as the vertiginous “context collapse” confronting those posting YouTube vlogs, the audience for which is anyone, everyone, and no one all at once (Wesch forthcoming). This is so for two reasons: (a) the problem for vloggers is the inability to imagine a context. Facebook users do imagine a context for their postings, even if they get that wrong. (b) Wesch suggests that YouTube vloggers are not generally supporting offline social networks. As noted above, this is in sharp contrast with the evidence about Facebook.

  5. The exact numbers are difficult to quantify. One earlier study estimated that half of blogs are by children and teenagers (cites in Solove 2007a, 24). Technorati (2008), on the other hand, reports that 75% of bloggers have college degrees, and 42% have been to at least some graduate school.

  6. As Solove puts it, “as people chronicle the minutiae of their daily lives from childhood onward in blog entries, online conversations, photographs, and videos, they are forever altering their futures—and those of their friends, relatives, and others” (2007a, 24).

  7. The details of the story are taken from Solove (2007a), 50-4. As Solove puts it later, “even if information is already circulating orally as gossip among a few people, putting it online should still be understood as a violation of privacy—even if it is read only by people within one’s social circle…. Putting the information online increases dramatically the risk of exposure beyond one’s social circle. Placing information on the Internet is not just an extension of water cooler gossip; it is a profoundly different kind of exposure, one that transforms gossip into a widespread and permanent stain on people’s reputations” (2007a, 181).

  8. For a summary of the debate that registers the substantial difficulties that Jennicam poses from a feminist standpoint, see Bailey (2009). For a celebration, see Jimroglu (1999).

  9. For personhood and identity formation in the context of SNS, see Papacharissi (2009) and Livingstone (2008); more generally, see, for example, Matthews (2008) and the work of Andy Clark, most accessibly in Clark (2003). For an initial attempt at discussing some of the ethical implications of Clark’s analysis, see Hull (2009) (in the case of library filtering programs); for a Kantian application of these issues see Myskja (2008); for a thoughtful application to privacy, see Cocking (2008).

  10. Benkler’s analysis is much more complex than can be detailed here, and adduces relevant empirical support. Two claims that we will not address further are (1) “Facebook friends aren’t real friends.” As we argue below, the norms of online friendship are precisely what is at stake for sites like Facebook. Also, and as Benkler emphasizes, offline friendships are heavily conditioned by being in a highly fragmented, mass-media society. The Internet is not replacing utopia, and should not be compared to utopia in order to be found wanting. (2) “People waste time on Facebook.” This complaint loses some of its force in the face of empirical data that suggests people take their Internet time from TV. Facebook friends may or may not be a person’s “real” friends, but they’re certainly a step closer to users than Ross and Rachel. According to Technorati (2008), the average blogger watches only a third as much TV as the average adult.

  11. For an overview, see Strater and Lipford (2008); for another listing of risks, see Grimmelman (2009), 1164-78. One early study (Jones and Soltren 2005; cited in Solove 2007a, 197) found that the vast majority of Facebook users had not read the company’s privacy policy, and almost two-thirds said they were not very concerned about privacy. Joinson (2008) records the first survey data in which a majority of respondents had modified their privacy settings. Lampe et al. (2008) also found a slim majority of users have changed their privacy settings, but staying with default settings was correlated with a decrease in the size and type of anticipated audience, suggesting that these users were not particularly savvy about privacy in general. Christofides et al. (2009) find evidence that the psychological processes that lead users to display information are different from those that lead them to control information—i.e., that there is no necessary tradeoff between the desire to control and display information. Livingstone (2008) finds that teenagers care deeply about privacy on SNS, but are frustrated in their efforts to manage the software’s privacy controls.

  12. Of course, one can use rules for privacy settings offline, too (“never talk to a stranger”). Offline, however, rules can be more easily given exceptions (“it’s ok to tell a stranger if you’re hurt and need help”), and there are a variety of discrete but difficult-to-code ex ante decision strategies available other than rules. For a taxonomy, see Sunstein and Ullmann-Margalit (1999). As Bruno Latour puts it in a slightly different context, “no human is as relentlessly moral as a machine” (1992, 232).

  13. See Lampe et al. (2007), 168. Lampe et al. (2008) report that, although the number of college student users who thought that future employers might see their Facebook information was increasing, it was still quite low, and a large number of them viewed Facebook as a “student only” space. DiMicco and Millen (2007) found that a large number of (particularly younger) users of a corporate network on Facebook reported being unconcerned about coworkers seeing their profiles, since they viewed Facebook as outside work.

  14. For empirical evidence on these points, see Strater and Lipford (2008). For a similar suggestion about the loss of nuance on social networking sites, see Solove (2007a), 202. The difficulty in finding and effectuating privacy preferences undermines arguments to the effect that users have “chosen” to freely disseminate their information online. Livingstone (2008) reports that teenagers find this binarization on SNS frustrating.

  15. For the point about software and architecture, see Lessig (2006) and MacKenzie (2006).

  16. There is an added sense of futility for the few users who really are aware of the policy that third party application developers get access to a user's friends' information—if my friend has already installed the application, the third party developer already has access to (at least some of) my data, so I have to weigh the benefit of using a service from a developer who already has my data against the privacy concerns of giving away both more of my own data and the data of my friends, whose information might not already be accessible to that developer.

  17. Facebook has recently proposed such a modification, where users will expressly indicate consent for each category of information that a particular application would like to access. This change is in response to an investigation by the Office of the Privacy Commissioner of Canada (2009). While this is a step in the right direction, we suspect that users will still not be fully aware of the implications of consent—namely that information is flowing off of the site to a third party and that friends’ information is also shared.

  18. While there are currently privacy settings to limit the amount of information given to a friend’s applications, with no understanding of their purpose, there is little incentive to use them, see Besmer and Lipford (2010).

  19. For a listing of cognitive mistakes about privacy risk that Facebook’s imitation of offline friendship encourages in its users, see Grimmelman (2009), 1160-64. Although we will not pursue the point here, we think that it would be possible to develop a more thorough normative grounding of the above argument with reference to Kant’s formula for humanity. In Kant’s central example of deceit, the point is that the other person is literally unable to assent to the deceit, because the deceit hides the actual bargain being offered. Similarly,companies that hide the degree to which they share information about uninvolved parties might be vulnerable to the charge that they render “consent” to privacy practices meaningless.

  20. There are limits to the analogy. Facebook is an opt-in system (with an opt-out mechanism) in a way that public records like housing ownership information are not. If I buy a house, that information is automatically public, and there is nothing I can do about it. For somebody to get my Facebook updates, I have to have shown enough interest in them at some point to friend them. Friending might be casual and so reflect only a de minimis level of interest, but it is also clearly not the same thing as automatically public. So too, if I want individuals not to get my Facebook information, I can un-friend them; there is no analogous procedure for legal records.

  21. For compatible analysis, see Solove (2007a), 170 and 198.

  22. For a critical discussion, see boyd (2008); for evidence of acceptance, see Joinson (2008, 1031). One topic which we will not pursue here, but which bears at least a mention, is the extent to which the switch to the News Feed encourages users to spend more time on the site posting updates. Since the value of the site is generated by the amount of time users spend on it, the switch to the News Feed could be read as a (successful) effort to get users to contribute more free labor to Facebook's coffers. This worry is pursued in the case of the Internet more generally in Terranova (2004), 73–97.

  23. For further discussion and data supporting this point, see Strater and Lipford (2008).

  24. For a discussion of some of the complexities involved in online “friendships,” see boyd (2006). Through her discussion of Myspaces’s “Top 8” feature, boyd usefully emphasizes the extent to which the meaning of friendship in SNS is partly a function of the design of the sites; as she puts it, “friending supports pre-existing social norms, yet because the architecture of social network sites is fundamentally different than the architecture of unmediated social spaces, these sites introduce an environment that is quite unlike that with which we are accustomed. Persistence, searchability, replicability, and invisible audiences are all properties that participants must negotiate when on social network sites.” One might object that online and offline interactions are so different that “friendship” cannot apply to both. This seems to us to assume what is to be proven, namely, what “friendship” means. In lieu of a detailed discussion, we will make two brief points: (a) the term is in common use in both contexts; this use needs to be understood before discarding it; and (b) that Facebook is largely used to support and develop offline social networks suggests that insisting on a sharp, conceptual rupture between on and offline relations may only serve to obscure similarities in the name of highlighting differences. In any case, we are less concerned with the terminology than the social relations.

  25. This is not to claim that identity on Facebook is not tethered to offline identity; it clearly is. However, insofar as Facebook supports offline interactions by allowing users to maintain and deepen offline relationships, the site allows users significant latitude in which aspects of their identities they emphasize. This happens both because many of the usual social cues through which we reveal ourselves (even unconsciously) do not port well to an online environment (see Cocking 2008 for related thoughts on privacy in this regard), and because SNS allow the asynchronous presentation of substantial amounts of information that would be unavailable to a casual, offline relationship. Those who interact with SNS users both off and online will then have to translate between how individuals present themselves in different contexts. This process of translation, which of course happens any time that two individuals encounter each other in different social contexts, sets a limit to identity construction online, insofar as it has to be possible to credibly translate between the multiple self presentations. For evidence that Facebook users do manage their identities online, see DiMicco and Millen (2007); for identity construction by teenagers on Myspace, see boyd (2007); for reflection on some of the ethical implications of all this, see Fleckenstein (2008).

  26. For the doors, see the classic discussion in Latour (1992); for intellectual property regimes, see Benkler (2003); for portals, see Introna and Nissenbaum (2000); for the extension to SNS, see Papacharissi (2009).

  27. While we have offered a number of different examples of designs that could increase transparency (and control) of information flows, our goal is not to prevent all information sharing (which would be counter to the whole point of social networking), but rather to promote interface designs which give users the freedom to make informed choices about what they share and with whom. We have further discussed design guidelines and example solutions in Lipford et al. (2009). Dwyer and Hiltz (2008) also discuss the need to improve the design of privacy mechanisms in online communities such as Facebook. Grimmelman (2010) proposes an analogy to product safety law, where vendors are responsible for designing products to promote consumer safety by, for example, preventing dangerous misuse, making consequences of actions predictable, working with and not against consumer expectations, and by making sure that product warnings are of sufficient relevance and quality. He finds Facebook lacking on many of these counts.

References

  • Alexa. (2010). Facebook.com—site info from Alexa. March, at: http://www.alexa.com/siteinfo/facebook.com.

  • Bailey, J. (2009). Life in the fishbowl: Feminist interrogations of webcamming. In Lessons from the identity trail: Anonymity, privacy and identity in a networked society. Oxford: OUP, pp. 283–301.

  • Benkler, Y. (2003). Through the looking glass: Alice and the constitutional foundations of the public domain. Law and Contemporary Problems, 66, 173–224.

    Google Scholar 

  • Benkler, Y. (2006). The wealth of networks: How social production transforms markets and freedom. New Haven: Yale UP.

    Google Scholar 

  • Besmer, A., & Lipford, H. R. (2010). Users’ (Mis)conceptions of social applications. To appear, Proceedings of Graphics Interface.

  • Binder, J., Howes, A., & Sutcliffe, A. (2009). The problem of conflicting social spheres: Effects of network structure on experienced tension in social network sites. Proceedings of CHI 2009, Boston: ACM Press, pp. 965–974.

  • boyd, d. (2006). Friends, Friendsters, and MySpace Top 8: Writing Community Into Being on Social Network Sites. First Monday 11:12, December. http://www.firstmonday.org/issues/issue11_12/boyd/index.html.

  • boyd, d. (2007). Why youth (heart) social network sites: The role of networked publics in teenage social life. In D. Buckingham (Ed.) MacArthur foundation series on digital learningyouth, identity, and digital media volume. Cambridge, MA: MIT Press, pp. 119–142.

  • boyd, d. (2008). Facebook’s privacy trainwreck: Exposure, invasion and social convergence. Convergence, 14(1), 13–20.

    Article  Google Scholar 

  • Brey, P. (2000). Disclosive computer ethics. Computers and Society (Dec.), pp. 10–16.

  • Christofides, E., Muise, A., & Desmarais, S. (2009). Information disclosure and control and facebook: Are they two sides of the same coin or two different processes? Cyberpsychology and Behavior, 12(30), 341–345.

    Article  Google Scholar 

  • Clark, A. (2003). Natural-Born cyborgs: Minds, technologies, and the future of human intelligence. Oxford: OUP.

    Google Scholar 

  • Cocking, D. (2008). Plural selves and relational identity. In J. van den Hoven & J. Weckert (Eds.), Information technology and moral philosophy (pp. 123–141). Cambridge: CUP.

    Google Scholar 

  • Cutler, J. (2004). Senator sacked me over tales of congress, The Guardian (UK), June 2, 2004, at http://www.guardian.co.uk/world/2004/jun/02/usa. Accessed 5/09.

  • DiMicco, J., et al. (2008). Motivations for social networking at work. In Proceedings of CSCW’08. San Diego: ACM Press, pp 711–720.

  • DiMicco, J. M. & Millen, D. R. (2007). Identity management: Multiple presentations of self in facebook identity. In Proceedings of GROUP’07. Florida: ACM Press, pp. 383–386.

  • Dwyer, C., & Hiltz, S. R. (2008). Designing privacy into online communities. In Proceedings of Internet Research 9.0, October 2008.

  • Ellison, N., Steinfeld, C., & Lampe, C. (2007). The benefits of Facebook ‘Friends:’ Social capital and college students’ use of online social network sites. Journal of Computer Mediated Communication, 12(4), article 1, http://jcmc.indiana.edu/vol12/issue4/ellison.html.

  • Felt, A., & Evans, D. (2008). Privacy protection for social networking APIs. In Proceedings of Web 2.0 Security and Privacy 2008.

  • Fleckenstein, K. S. (2008). Cybernetics, ethos, and ethics. In L. Worsham & G. A. Olson (Eds.), Plugged in: Technology, rhetoric and culture in a posthuman age (pp. 3–23). Cresskill, NJ: Hampton Press.

    Google Scholar 

  • Gelman, L. (2009). Privacy, free speech, and ‘blurry-edged’ social networks. Boston College Law Review, 50, 1315–1344.

    Google Scholar 

  • Good, N. S., Grossklags, J., Mulligan, D. K., & Konstan, J. A. (2007). Noticing notice: A large-scale experiment on the timing of software license agreements. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. San Jose: ACM Press, pp. 607–616.

  • Grimmelman, J. (2010). Privacy as Product Safety. Widener Law Journal (forthcoming), available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1560243.

  • Grimmelman, J. (2009). Saving Facebook. Iowa Law Review, 94, 1137–1206.

    Google Scholar 

  • Gross, R., & Acquisiti, A. (2005). Information revelation and privacy in online social networks. In Proceedings of WPES’05. Alexandria, VA: ACM Press, pp. 71–80.

  • Hashemi, Y. (2009) Facebook’s privacy policy and its third-party partnerships: Lucrativity and liability. Boston University Journal of Science and Technology Law, 15, 140–161.

    Google Scholar 

  • Hull, G. (2009). Overblocking autonomy: The case of mandatory library filtering software. Continental Philosophy Review, 42, 81–100.

    Article  Google Scholar 

  • Introna, L. D., & Nissenbaum, H. (2000). Shaping the web: Why the politics of search engines matters. The Information Society, 16(3), 169–185.

    Google Scholar 

  • Jimroglou, K. M. (1999). A camera with a view: JenniCAM, visual representation, and cyborg subjectivity. Information, Communication & Society, 2(4), 439–453.

    Google Scholar 

  • Joinson, A. N. (2008). ‘Looking at,’ ‘Looking up,’ or ‘Keeping up with’ People? Motives and uses of Facebook. In CHI 2008 Proceedings: Online Social Networks. pp. 1027–1036.

  • Jones, H., & Soltren, J. H. (2005). Facebook: Threats to privacy, available at: http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-papers/facebook.pdf. Accessed 5/09.

  • Lampe, C., Ellison, N. B., & Steinfield, C. (2006). A Face(book) in the crowd: Social searching vs. social browsing. Proceedings of CSCW’06. Alberta: ACM Press, pp. 167–170.

  • Lampe, C., Ellison, N. B., & Steinfield, C. (2007). A familiar Face(book): Profile elements as signals in an online social network. In Proceedings of CHI’07. San Jose: ACM Press, pp. 435–444.

  • Lampe, C., Ellison, N. B., & Steinfield, C. (2008). Changes in use and perception of Facebook. In CSCW’08. San Diego: ACM Press, pp. 721–730.

  • Latour, B. (1992). Where are the missing masses? The sociology of a few mundane objects. In W. E. Bijker & J. Law (Eds.), Shaping technology/building society (pp. 225–258). Cambridge, MA: MIT Press.

  • Lessig, L. (2006). Code and other laws of cyberspace, Version 2.0. New York: Basic Books.

    Google Scholar 

  • Lipford, H. R., Hull, G., Latulipe, C., Besmer, A., & Watson, J. (2009). Visual flows: Contextual integrity and the design of privacy mechanisms on social network sites. In Proceedings of the Workshop on Security and Privacy in Online Social Networking, IEEE International Conference on Social Computing (SocialCom), August 2009.

  • Livingstone, S. (2008). Taking risky opportunities in youthful content creation: Teenagers’ use of social networking sites for intimacy, privacy, and self-expression. New Media Society, 10, 393–411.

    Article  Google Scholar 

  • MacKenzie, A. (2006). Cutting code: Software and sociality. New York: Peter Lang.

    Google Scholar 

  • Matthews, S. (2008). Identity and Information Technology. In J. van den Hoven & J. Weckert (Eds.) Information technology and moral philosophy. Cambridge: CUP, pp. 142–160.

  • Myskja, B. K. (2008). The categorical imperative and the ethics of trust. Ethics and Information Technology, 10, 213–220.

    Article  Google Scholar 

  • Nielsen, W. (2009). Time spent on Facebook up 700%, but MySpace Still Tops for Video, at http://blog.nielsen.com/nielsenwire/online_mobile/time-spent-on-facebook-up-700-but-myspace-still-tops-for-video/. Accessed 6/09.

  • Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79, 101–139.

    Google Scholar 

  • Office of the Privacy Commissioner of Canada. (2009). Facebook agrees to address Privacy Commissioner’s concerns, August 27, 2009. at http://www.priv.gc.ca/media/nr-c/2009/nr-c_090827_e.cfm. Accessed 11/09.

  • Papacharissi, Z. (2009). The virtual geographies of social networks: A comparative analysis of Facebook, LinkedIn and ASmallWorld. New Media Society, 11, 199–220.

    Article  Google Scholar 

  • Solove, D. J. (2007a). The future of reputation: Gossip, rumor and privacy on the internet. New Haven, CT: Yale UP.

    Google Scholar 

  • Solove, D. J. (2007b). ‘I’ve Got Nothing to Hide’ and other misunderstandings of privacy. San Diego Law Review, 44, 745–772.

    Google Scholar 

  • Strater, K., & Lipford, H. R. (2008). Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group 2008. Liverpool UK: ACM Press, pp. 111–119.

  • Sunstein, C. R., & Ullmann-Margalit, E. (1999). Second-order decisions. Ethics, 110, 5–31.

    Article  Google Scholar 

  • Technorati. (2008). State of the blogosphere, at http://technorati.com/blogging/state-of-the-blogosphere/. Accessed 5/09.

  • Terranova, T. (2004). Newtork culture: Politics for the information age. London: Pluto Press.

    Google Scholar 

  • Wesch, M. YouTube and you: Experiences of self-awareness in the context collapse of the recording webcam. ms. on file with authors (Forthcoming).

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gordon Hull.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hull, G., Lipford, H.R. & Latulipe, C. Contextual gaps: privacy issues on Facebook. Ethics Inf Technol 13, 289–302 (2011). https://doi.org/10.1007/s10676-010-9224-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10676-010-9224-8

Keywords

Navigation