Social Networking Users Lag In Privacy Awareness: Study
Specifically the Webroot study, which surveyed more than 1,100 members of Facebook, LinkedIn, MySpace and Twitter, showed an increasing awareness among social networking users for the necessity of keeping information private, representing a 37 percent increase from last year.
Despite that awareness, however, users continually fail to properly apply privacy settings or restrict access.
Security experts say the reasons for this dichotomy are multifaceted.
"It's dualistic. It's a lack of information or knowledge for certain sites. When people go to these Web sites, they assume they're going to be protected or they're just not aware of the implications of posting things," said Jeff Horn, director of threat research for Webroot. "The uninformed user believes that they're going to be protected by a large site."
The study also indicated a rise in spam, increasing 23 percent on social networking sites since last year -- much of which contains links that lead to malicious sites. Horn said that cybercriminals use social networking sites in the same way regular users distribute spam and malware through contacts.
"They back on the latest news of the day. It links to a drive-by download site. It's a way to drive traffic toward malicious sites," Horn said. "These malware writers are utilizing the social networking sites in exactly the same way as everyone else is using social networking."
Horn said many social networking users willingly exposed personal information online and had no intention of doing otherwise.
"There are certain things that people are willing to share, and right now, [what information is appropriate] is really not communicated well," Horn said.
Altogether, 61 percent of users include their birthdays, 52 percent included their hometown, and 17 percent included their cell phone numbers somewhere on their social network profiles.
In addition, more than 77 percent of users don't restrict access to their photo albums, and 81 percent don't place any restrictions on who can and can't see their recent activity, including updates generated by geolocation-based tools that report the user's physical location.
Horn said that the proliferation of geo-tagging -- tagging photos by geography -- could also enable cybercriminals to identify the location of their victims.
"As tagging becomes more popular, cybercriminals can track you all day through GPS data. It starts becoming easy for bad things to happen," Horn said. "A lot of people aren't really aware of this."
The study also found that younger users were more likely to take concerted steps to protect their online information. A total of 43 percent of users aged 18 to 29 said that they use the same password across multiple sites compared to 32 percent of all users who do the same. Another 40 percent of younger users say they accept friend requests from total strangers and 77 percent of young users say they have clicked on a link sent from or posted by a friend.
In addition, awareness is lacking when it comes to users' privacy settings, the study indicated. While 73 percent of users said they were aware of Facebook's December 2009 privacy setting changes, which automatically exposed their full profiles by default, 42 percent said they haven't made changes to their settings since the switch.
However, the study also indicated that privacy awareness is slowly becoming more an inherent part of users' social networking experience. Now, 27 percent of users restrict who can find their profile through a public search engine up from last year's 20 percent, and 67 percent now use different passwords for each of their social networks, compared to 64 percent from last year.