April 06, 2009, 10:00 AM — As social networks like Facebook and LinkedIn strive to formulate sustainable business models built upon advertising or the selling of premium services, the biggest hurdle they face might rest within their users' increased awareness of online privacy.
The common assumption that social networking users don't care about privacy is misguided. The majority of people who use social networks (nearly 60 percent or more) have already modified their privacy settings, according to two separate research studies from the Pew Internet & American Life Project and School of Information and Library Science. Furthermore, privacy experts warn that an unfortunate (but perhaps inevitable) security breach that exposes user data over social networks in the coming years could cause a privacy tipping point in which users push back in a more substantive and widespread way.
"Privacy will become more important when the information is used for more nefarious reasons, like for stealing your identity," says Larry Ponemon, president of the Ponemon Institute, a privacy research firm.
For their part, executives at major social networking sites and their advertisers argue that a culture of greater openness on the Web will prevail. They also say increased user attention to privacy could actually be advantageous to their business: If people feel comfortable with who can see their Facebook profile, for instance, they are more likely to be honest with the information they contribute to the network, which helps in serving up relevant ads that people might click on.
"As people incorporate more openness into their lives, over time we can allow for that evolution with them," says Chris Kelly, Facebook's chief privacy officer. "There's a greater authenticity to their interactions online if they know who they are signaling their interests and activities to."
Why Privacy Is Gaining Traction With Normal Users (Hint: It's Not Beacon)
Social networking and online advertising experts like to analyze the fallout of the Beacon Advertising incident back in November 2007. This was the main idea behind Beacon: If a Facebook user bought an item from a third-party website participating in the Beacon ad program, that transaction would be published to their friends' Facebook newsfeeds, the main content stream that runs down the center of their home pages. (For example, "Your friend John Smith just bought two tickets to the new Batman move from Fandango.com.")
Despite the fact that major news outlets published stories about privacy concerns and activist organizations like Moveon.org took Facebook public relations for a ride, the incident only garnered the attention of a loud and influential minority - and little more. After Beacon, Facebook did right by its users and rolled out the most comprehensive privacy settings in the industry, but the general consensus was that people wouldn't use them.
"I don't think [privacy] has been a widespread concern for advertisers," says Hussein Fazal, CEO of Adparlor.com, which helps companies serve up on ads on top of social networks. "For now, there's only a small percentage of people who really care about that stuff."
But it turns out some users have fiddled with those privacy settings, after all. In research conducted by the UNC School of Information and Library Science this past fall, more than 70 percent of 495 college students surveyed claimed to have altered their Facebook privacy settings in some way. Around half of the students also said they limited access to their profile to "friends only."
The research also indicates that their attention to privacy controls increases with their time on the service. During their first six months on Facebook, only 40 percent of students said they modified their privacy settings. After one year, that number jumped to nearly 80 percent.
As the social networking population ages, the attention to privacy holds steady. According to research by the Pew Internet & American Life Project, around 60 percent of adult users aged 25-34 have restricted access to their social networking profiles to "just friends." A little less (58 percent) restrict access to specific content contained within their profiles.
Although Joe Social Networker might not pay close attention to "inside baseball" incidents like Beacon, they do notice general trends in the media, says Fred Stutzman, a social networking researcher at UNC. "Each individual incident is too abstract for most users, but they do sense an accumulation of all these things," he says.
Balancing Privacy with Revenue Potential
The issue of privacy will become murkier as social networks encounter greater pressure from investors to pursue new revenue opportunities - even if they infringe upon their users' privacy. LinkedIn, the social network for professionals, took a funding round in October that included cash from SAP Ventures. The move caused industry followers to wonder if SAP, which makes business software for sales people to track and manage customers, could someday tie their applications into LinkedIn's database. Such a decision, they say, could result in a Beacon-like backlash.
"If they could expose that data and provide context for sales people, that would be huge," Jonathan Yarmis, an industry analyst, told CIO in October. "But there is a risk that users say this is not what I signed up for.'"
LinkedIn, which did not return several requests for comment for this article, hasn't enacted such a strategy to date, but it does sell premium subscriptions to recruiters, giving them far-reaching access to the LinkedIn database of 36 million people that most users of the free service don't enjoy.
For Facebook, the fact that users might set their privacy settings to a high level doesn't have an immediate effect on the advertising its sells on its own site. Whether someone shares his status messages with 20 people or 200, Facebook can still see all that information either way to generate ads. Facebook can monetize the user by culling non-personally identifiable information.
"What we do is abstract profile information, and the information flows of the site, into keywords that advertisers can target their advertising against," Kelly says. "But the advertisers don't get a list of who matches those keywords, so it doesn't really impinge upon the users' privacy interests."
But experts say it's undeniable that closed-off users would be bad for Facebook's business because such users hinder network growth, which to date remains staggering for Facebook. "They align the service around openness and that overall network effect," Stutzman says. "Openness drives traffic, and traffic brings attention to the ads, which is the lifeblood of the service financially."
For Facebook, the issue of privacy during the next few years extends beyond the boundaries of its own site. Facebook Connect represents the company's next major technological iteration. Principally, Connect allows third-party websites to insert a digital badge on their sign-up pages using their Facebook name and password. As people take their Facebook identity with them around the Web, Kelly and his group will have to ensure that their privacy settings are maintained.
He says Connect achieves that task.
"It's one of the key features of Connect and how Connect differs from most approaches of how to do single sign-on," Kelly says. "That connection back to your Facebook privacy settings and the ultimate respect of those through that process on thousands of websites is an incredibly powerful advantage."
It's also a powerful responsibility.