The Facebook privacy paradox
Can the everyday Facebook enthusiast be expected to protect privacy on an inherently social site?
By Ben Rothke, CISSP, CISM
June 14, 2010 — CSO —
The birthday paradox, a classic illustration used in probability theory, states the probability that in a set of randomly chosen people, a pair will have the same birthday. The magic number is 23, which means that with 23 people, there is more than 50 percent probability that some pair of them will have the same birthday. As Wikipedia notes, such a result is counterintuitive to most people. Want to get to a 99 percent probability a pair will share a birthday? All you need is 57 people.
There is a similar paradox when it comes to Facebook. The paradox is why people openly share such private information as their date of birth (amongst myriad other personal details) in their Facebook profile. Over the past few months, I have made it a habit of reaching out to people and wishing them a happy birthday, courtesy of the friendly reminders I get from Facebook, like the following:
Invariably, the response will be "oh my gosh, thank you, but how did you know?" For those who don't accept my answer of having a photographic memory, I inform them that I got their birthday from their Facebook profile. To which their answer is almost always, "Wow, I didn't realize it was in there."
Also see 10 reasons to quit facebook (and one reason to stay on) on CSOonline.com
Many people enter their birthday on the Facebook signup page (which is a required field at signup), but neglect to change their settings in the Facebook. Even though the page clearly states, "Visit your privacy settings to control who can see the information on your profile," the reality seems to be that most people simply bypass this in the rush to start posting on their wall.
The current Facebook default privacy setting is to allow friends to see your birthday.
Facebook has become the whipping boy of privacy. With articles such as Danah Boyd's Facebook's Privacy Trainwreck: Exposure, Invasion, and Social Convergence [pdf link] and presentations like Gross and Acquisti's Privacy Disaster Waiting To Happen? - The Facebook and Privacy on Social Networking Sites [pdf link], it seems to many as if Facebook does the same level of data extraction that the Constitution prohibits the NSA from performing.
I think the issue is not so much Facebook privacy, but rather that the vast majority of Facebook users simply don't get privacy. Even with Facebook's new and improved privacy features, how many of the over 400 million Facebook users really and truly care about privacy? How many have taken the time to understand the nuances of what it means? Of what they need to do?