New Media Research Workshop: “Toward Usable Access Control for End-users: A Case Study of Facebook Privacy Settings”

With the increasing popularity of social network sites (SNS) users of all levels are sharing an unprecedented amount of personal information on the Internet. Most SNSs give users the ability to specify what they share with whom, but the difficulty of the task raises the question of whether users’ privacy settings match their sharing intentions. Maritza Johnson presents the results of a study that measures sharing intentions to identify potential violations in users’ real Facebook privacy settings. Her results indicate a mismatch between intentions and reality: every one of the 65 participants in our study had at least one confirmed sharing violation. In other words, SNS users’ are unable to correctly manage their privacy settings. Her team also found that a majority of users cannot or will not fix such errors.

In a follow-up study, Johnson measured users’ attitudes toward interpersonal privacy concerns on Facebook and their strategies for reconciling their concerns with their desire to share content online. By asking 260 participants targeted questions about people randomly selected from their Facebook friend network and posts shared on their profiles, she was able to quantify the extent to which users trust their “friends” and the likelihood that their content was being viewed by unintended audiences. Her team found that while strangers are the most concerning audience, almost 95% of the participants had taken steps to mitigate those concerns. They conclude that the current privacy controls allow users to effectively manage the outsider threat, but that they are unsuitable for mitigating concerns over the insider threat—members of the friend network who dynamically become inappropriate audiences based on the context of a post.

Maritza Johnson is a postdoc in the Department of Electrical Engineering and Computer Science at UC Berkeley. She received her Ph.D in Computer Science from Columbia University in 2012, and a B.A. from the University of San Diego in 2005. Her research expertise is in the areas of human factors, and computer security and privacy. Her past research includes investigating usable access control mechanisms with a focus on Facebook privacy settings. In 2011, her paper on evaluating the correctness of users’ privacy settings was selected by the Future of Privacy Forum as a “Privacy Paper for Policy Makers”. In 2006, Maritza was a recipient of the AT&T Labs Fellowship.