A Semi-Statistical Look at Facebook
In preparation for this blog post, I ran a quick study of Facebook profiles. I looked at my own account, along with the accounts of ten friends. The collection of peers I chose to study consisted entirely of juniors at Penn State, but I believe the group is comprised of a fairly diverse set of individuals as far as social networking goes. When looking over accounts/profiles, I primarily analyzed the availability, detail and accuracy of a variety of fields (address, phone number, screen name, specific activities), the nature of photos (profile and otherwise), connections with other friends (inside and outside of the individual’s networks), and the privacy restrictions for non-friends. My findings were interesting, but mostly confirmed beliefs I had already held about how my peers approached information security in the social networking world.
A graphical depiction of the field results is shown below. Most of the labels should be self-explanatory, but I'll clarify the last three to make sure we're on the same page. By "Specific Address", I mean that the individual gave his/her exact place of residence - 747 East Beaver Ave., Apartment 301, State College, PA. "General Address" refers to the inclusion of the individual's city or even building, but not the precise mailing address - Happy Valley, Schultz Hall. "Specific Activities" are clubs, groups or organization that the individual belongs to that would probably enable viewers to find him/her at a particular meeting or event - SOMA, Gamma Tau Phi. It is also notable that all the information provided in the analyzed profiles appears to be completely accurate.
Now that we're all cleared up, here's the graph!
Quite obviously, nobody seems to feel threatened by the idea of friends (or non-friends) knowing his/her screen name. This makes complete sense to me. Facebook is far more revealing than most instant messaging systems, so if the viewer can already see that highly informative profile and send messages through Facebook, what's the big deal if they can communicate via AIM, too? If somebody starts spamming or harassing an individual with instant messages, all the victim needs to do is block the unwanted "buddy", and the problem is solved (unless, of course, they continue to make dozens of new names). As you might expect, I, too, have included my screen name on my Facebook profile.
When it comes to phone numbers, not many people were willing to publish their information online. I think these results can be attributed to the fact that it's not so easy to stop someone from harassing others on the phone. If the harasser wanted to call twenty times a day, it's not as easy an issue to deal with as IM attacks. On the other hand, having your phone number publicly available can be a huge convenience. I (and presumably four others from the ten surveyed) find cell phones to be one of the most efficient means of communication, and if there's an emergency or group project (which is always the case with IST) that requires immediate attention, making my phone number available on Facebook allows people to get in touch quickly. If I ever had to deal with constant unwanted phone calls and needed to change my number, I would probably keep it off Facebook. Until then, I'm not too concerned.
Specific addresses were the least available of all the fields, while general addresses were one of the most popular. I think most people feel safe saying, "I live in this area". They probably get a sense of security from knowing that any potential predators won't know exactly where to look, so there's a feeling of anonymity. Displaying a mailing address, on the other hand, is often perceived as a big Internet no-no. What these people are probably overlooking is the fact that potential predators don't need Facebook to find out where users live. Between people-finding websites, phone books, and our very own Penn State student/faculty directory, it's absurdly easy to find anyone's address. If people were aware of how simple the process was, they probably wouldn't care so much about including their addresses on Facebook.
Last, we have specific activities. Sixty percent of the surveyed individuals included information about clubs or groups they're involved with. They probably think that this is completely harmless. However, on the off-chance that some online predator couldn't find an individual's address using one of the other numerous methods, this might do the trick. Armed with a photo of the individual (we'll touch on this more in a bit) and the time and place of a meeting that he/she will likely attend, it wouldn't be particularly hard to follow that person back to his/her place of residence. But most people probably haven't given this much consideration (or don't find it likely enough to care about), so few take any measure to hide this kind of information. As with everything else mentioned so far, I don't personally have a problem posting this information online.
Moving on to photos. I found that for profile pictures, 20% of the individuals surveyed used a graphic or image that was not at all representative of their physical selves (one example is visible below, it's actually part of Kent Rogowski's inside-out teddy bear project - not really relevant to this post, but it's very cool). The other 80% used leisurely photographs that weren't really offensive or exceptional in any way.
Non-profile pictures were a slightly different story. People's albums were composed primarily of leisurely photographs of themselves and friends (conveniently linking to their profiles and thus to more pictures), and 60% of albums contained at least one (but usually more) "questionable" picture involving alcohol and/or scenarios that, for a variety of reasons, the individuals probably wouldn't want to share with parents or potential employers. So, most people are posting images that they definitely wouldn't want to share with everybody, but they don't seem to be overly concerned (otherwise, the photos would have been removed or untagged).
To verify the assumption that immediately came to mind, I created a new Facebook account, added it to both the Penn State and State College networks, and then tried to view the profiles of the ten individuals I was studying. As I had expected, nine of the ten individuals (like myself) had their profiles set to be hidden from any non-friends, regardless of network. This allows them to filter which people can even peak at the information and photographs posted online. If someone's good enough to be a Facebook friend, they can most likely see everything, but this checkpoint lets users ensure that nobody will be seeing the "private stuff" without permission (well, actually, there is an exception, but just hold that thought for a moment).
Overall, I think this is a very effective security system. It guarantees that uninvited viewers won't be able to check into any of the information or pictures posted by the individual, and it protects the individual from being checked into by "authorities". The only slight downfall (which was a alluded to in the last paragraph) to be concerned with is that a viewer could still see pictures of a non-friend if the non-friend is in an album of one of the viewer's friends. The best you can do is untag yourselves from the pictures, which will at least prevent your name from being displayed as a link to your profile. But, if the picture is up on someone else's account, then there's not much else you can do. This is the biggest security problem I see with Facebook. I think a reasonable solution would be to provide a convenient button that requests that the user who posted the picture remove it from his/her album. Of course, this wouldn't guarantee that he/she would actually remove the photo, but it might diminish the problem significantly.
Finally, the friend count. I found the average number of Penn State friends to be 261 and the average number of total friends to be 386. The minimum number of total friends any of the individuals had was 117, while the maximum was 1320. The median number of total friends was 311.
I didn't make any mind-blowing revelations involving the number of friends various individuals had, but I did find that those with a very high number of total friends tended to have less personal information available and more privacy precautions. Those with a small number of friends tended to be more open with their information. I believe the reason for this is that users with a large number of friends (1320 in one case) don't know the people they're connected to all that well, so they aren't as trusting. Individuals with fewer friends probably know most of their friends fairly well and feel comfortable sharing information with them.
A graphical depiction of the field results is shown below. Most of the labels should be self-explanatory, but I'll clarify the last three to make sure we're on the same page. By "Specific Address", I mean that the individual gave his/her exact place of residence - 747 East Beaver Ave., Apartment 301, State College, PA. "General Address" refers to the inclusion of the individual's city or even building, but not the precise mailing address - Happy Valley, Schultz Hall. "Specific Activities" are clubs, groups or organization that the individual belongs to that would probably enable viewers to find him/her at a particular meeting or event - SOMA, Gamma Tau Phi. It is also notable that all the information provided in the analyzed profiles appears to be completely accurate.
Now that we're all cleared up, here's the graph!
Quite obviously, nobody seems to feel threatened by the idea of friends (or non-friends) knowing his/her screen name. This makes complete sense to me. Facebook is far more revealing than most instant messaging systems, so if the viewer can already see that highly informative profile and send messages through Facebook, what's the big deal if they can communicate via AIM, too? If somebody starts spamming or harassing an individual with instant messages, all the victim needs to do is block the unwanted "buddy", and the problem is solved (unless, of course, they continue to make dozens of new names). As you might expect, I, too, have included my screen name on my Facebook profile.When it comes to phone numbers, not many people were willing to publish their information online. I think these results can be attributed to the fact that it's not so easy to stop someone from harassing others on the phone. If the harasser wanted to call twenty times a day, it's not as easy an issue to deal with as IM attacks. On the other hand, having your phone number publicly available can be a huge convenience. I (and presumably four others from the ten surveyed) find cell phones to be one of the most efficient means of communication, and if there's an emergency or group project (which is always the case with IST) that requires immediate attention, making my phone number available on Facebook allows people to get in touch quickly. If I ever had to deal with constant unwanted phone calls and needed to change my number, I would probably keep it off Facebook. Until then, I'm not too concerned.
Specific addresses were the least available of all the fields, while general addresses were one of the most popular. I think most people feel safe saying, "I live in this area". They probably get a sense of security from knowing that any potential predators won't know exactly where to look, so there's a feeling of anonymity. Displaying a mailing address, on the other hand, is often perceived as a big Internet no-no. What these people are probably overlooking is the fact that potential predators don't need Facebook to find out where users live. Between people-finding websites, phone books, and our very own Penn State student/faculty directory, it's absurdly easy to find anyone's address. If people were aware of how simple the process was, they probably wouldn't care so much about including their addresses on Facebook.
Last, we have specific activities. Sixty percent of the surveyed individuals included information about clubs or groups they're involved with. They probably think that this is completely harmless. However, on the off-chance that some online predator couldn't find an individual's address using one of the other numerous methods, this might do the trick. Armed with a photo of the individual (we'll touch on this more in a bit) and the time and place of a meeting that he/she will likely attend, it wouldn't be particularly hard to follow that person back to his/her place of residence. But most people probably haven't given this much consideration (or don't find it likely enough to care about), so few take any measure to hide this kind of information. As with everything else mentioned so far, I don't personally have a problem posting this information online.
Moving on to photos. I found that for profile pictures, 20% of the individuals surveyed used a graphic or image that was not at all representative of their physical selves (one example is visible below, it's actually part of Kent Rogowski's inside-out teddy bear project - not really relevant to this post, but it's very cool). The other 80% used leisurely photographs that weren't really offensive or exceptional in any way.
Non-profile pictures were a slightly different story. People's albums were composed primarily of leisurely photographs of themselves and friends (conveniently linking to their profiles and thus to more pictures), and 60% of albums contained at least one (but usually more) "questionable" picture involving alcohol and/or scenarios that, for a variety of reasons, the individuals probably wouldn't want to share with parents or potential employers. So, most people are posting images that they definitely wouldn't want to share with everybody, but they don't seem to be overly concerned (otherwise, the photos would have been removed or untagged).To verify the assumption that immediately came to mind, I created a new Facebook account, added it to both the Penn State and State College networks, and then tried to view the profiles of the ten individuals I was studying. As I had expected, nine of the ten individuals (like myself) had their profiles set to be hidden from any non-friends, regardless of network. This allows them to filter which people can even peak at the information and photographs posted online. If someone's good enough to be a Facebook friend, they can most likely see everything, but this checkpoint lets users ensure that nobody will be seeing the "private stuff" without permission (well, actually, there is an exception, but just hold that thought for a moment).
Overall, I think this is a very effective security system. It guarantees that uninvited viewers won't be able to check into any of the information or pictures posted by the individual, and it protects the individual from being checked into by "authorities". The only slight downfall (which was a alluded to in the last paragraph) to be concerned with is that a viewer could still see pictures of a non-friend if the non-friend is in an album of one of the viewer's friends. The best you can do is untag yourselves from the pictures, which will at least prevent your name from being displayed as a link to your profile. But, if the picture is up on someone else's account, then there's not much else you can do. This is the biggest security problem I see with Facebook. I think a reasonable solution would be to provide a convenient button that requests that the user who posted the picture remove it from his/her album. Of course, this wouldn't guarantee that he/she would actually remove the photo, but it might diminish the problem significantly.
Finally, the friend count. I found the average number of Penn State friends to be 261 and the average number of total friends to be 386. The minimum number of total friends any of the individuals had was 117, while the maximum was 1320. The median number of total friends was 311.
I didn't make any mind-blowing revelations involving the number of friends various individuals had, but I did find that those with a very high number of total friends tended to have less personal information available and more privacy precautions. Those with a small number of friends tended to be more open with their information. I believe the reason for this is that users with a large number of friends (1320 in one case) don't know the people they're connected to all that well, so they aren't as trusting. Individuals with fewer friends probably know most of their friends fairly well and feel comfortable sharing information with them.
0 TrackBacks
Listed below are links to blogs that reference this entry: A Semi-Statistical Look at Facebook.
TrackBack URL for this entry: https://blogs.psu.edu/mt4/mt-tb.cgi/4006
Leave a comment