* While selective elements of this FAQ were updated in 2012, the information below is generally current as of June 2008. Specific company practices may have since changed.
"This F.A.Q. was supported by the Social Sciences and Humanities Research Council"
Social networking websites allow individuals to form online social communities. To begin, individuals create profiles that describe themselves. Individuals often include personal information such as their contact information, gender, political and religious beliefs, relationship status, and interests. These profiles can also include pictures, videos, and music. Individuals then describe the connections that they have with other individuals. These connections are typically based on common interests, backgrounds, and hobbies or on other connections. Connected individuals can then communicate by public or private messaging, file-sharing, and discussion boards.
Social networking sites are used by a wide variety of individuals from different age groups and backgrounds. However, different social networking sites tend to attract different kinds of members. For example, Facebook began as a site for university and college students and still primarily attracts this crowd. MySpace attracts a lot of young users and independent musicians. Academics have perceived a class divide between Facebook and Myspace users. Linkedin is geared to professionals. Ning has appealed to a niche user-base that seeks to create its own social networks on an established platform.
Certain social networking websites also tend to become popular in certain regions. For example, Facebook and Myspace are popular in North America, while Bebo and Hi5 are popular in Europe, Orkut and Hi5 in South America, and Friendster in Asia.
Facebook is currently the most popular social networking site in Canada. As of July 2008, it has a rapidly growing Canadian user base of over 13 million. MySpace, in contrast, has four million Canadian users.
Most social networking websites make their money from advertising. The sites offer individuals free membership and are supported by revenue generated from advertising. Advertisers are attracted to the wealth of information that users provide about themselves on social networking sites - including information posted and actions taken by users. Such detailed personal information permits highly targeted advertising: Advertisements are targeted to users on the basis of their demographics, affiliations, and expressed interests.
For example, Facebook allows advertisers to search by criteria related to location, sex, age, education status, workplace, political views, relationship status, and keyword, so as to target ads to Facebook users. Similarly, Linkedin allows advertisers to target ads by industry, seniority, job function, company size, geography, number of connections, and gender. MySpace's "HyperTargeting" service allows advertisers to target ads to users on the basis of approximately 1000 different attributes pulled contextually from user profiles.
Online targeted advertising has been a relatively lucrative business for many social networking sites. Furthermore, the wealth of information stored on social networking sites renders them very valuable. MySpace sold for approximately $27 dollars per user in 2005, Bebo recently sold for approximately $21 dollars per user, and Facebook has been valued at $300 dollars per user. Social networking sites often retain a license to the data that users post on their sites, allowing them to sell this data to third parties, though there is no evidence of them doing so to date.
Most social networking websites further increase their value by allowing third party application developers to host applications on their sites. The addition of third party applications allows social networking sites to offer their users new services and features from outside talent. MySpace and Facebook have their own application platforms. Google's Open Social serves as a platform for Orkut, LinkedIn, Hi5, Plaxo, Ning, and Friendster. Typically, these third party developers are not paid by the social networking sites. Instead, the developers generate revenue by sub-contracting with advertisers. Advertisers target ads to application users on the basis of their demographics, affiliations, expressed interests, etc. (as described above). For example, the advertising network Social Media boasts of its ability to determine which of a user's online friends are more influential and then to insert the names of these influential friends into ads targeted to that user.
Social networking sites offer their users tools to organize their social lives, facilitating relationship-building, identity exploration, creativity and development of the arts, information-sharing, education, and grassroots advocacy.
Communication is made easy on social networking sites. Users can connect with groups of friends, colleagues, and relatives with the click of a button. In particular, social networking sites offer users a centralized way to connect with their contacts overseas. Academics have noted social networking sites' ability to connect people to those in their extended network and to revive "latent ties."
Additionally, social networking sites present opportunities for identity exploration. The construction of a social networking profile is itself an exercise in identity building. Users identify their beliefs, interests, and hobbies on their profiles. Sometimes, users play with different names, ages, and genders on their social networking profiles. Youths in particular have seized the opportunity to engage in identity play away from the watchful eyes of their parents.
Creativity and Development of the Arts
Individuals are expressing and sharing their creativity on social networking sites. They are uploading and discussing their writing, movies, and visual art. Notably, MySpace has helped many independent musicians promote their music. Youth have been especially active in developing their creativity online on social networking sites. The PEW Internet & American Life Project has reported in 2005 that more than half of teens have created content for the internet, including artwork, videos, photos, blogs, webpages, journals, and remixed content.
Social networking users can share information. Social networking sites allow individuals to broadcast news stories, events, and mass messages. This informs individuals about the wider world around them.
Social networking sites are also facilitating education and training. Users are learning from their peers how to create and customize content and how to broadcast it online. Historically disadvantaged groups are also gaining access to this informal training. A group of researchers from the University of Minnesota have argued that these social networking activities are helping "subvert" the "Digital Divide" (the gap between those with access to technology and those without it).
Social networking sites are increasingly being used to organize communities around public interest issues and concerns. For example, in response to the Canadian government's attempts to pass consumer-unfriendly copyright legislation, Professor Michael Geist organized a Facebook group called "Fair Copyright for Canada." This group has over 84,000 members - who can organize events, share news stories, and post messages. This larger group has sub-divided into smaller chapters by region. Each chapter is organizing its own local advocacy initiatives. Also, in response to the latest copyright bill, Bill C-61, over 63,000 Facebook members joined the group "Canadians Against the New Copyright Bill C-61" to protest. These Facebook groups have had success in getting the Canadian government's attention.
The risks associated with social networking sites - theft, fraud, abuse, reputational damage, commercial exploitation - are not new. However, with such extensive amounts of sensitive information available on social networking sites, these risks increase. Individuals may unwittingly share private information with unwanted audiences. Often, users post information on social networking sites without realizing how widely it is shared. For example, a 2006 study demonstrated that almost a quarter of Facebook users surveyed did not appreciate that their profile was publicly searchable.
At one end of the risk spectrum, identity thieves, cyber-stalkers, cyber-bullies are exploiting the information shared online for nefarious purposes. Identity thieves obtain their information from social networking sites in several ways. Most simply, information can be pulled from public or semi-public social networking profiles. Identity thieves can also hack into social networking sites if their infrastructure is insecure. Facebook, MySpace, and Orkut have all reportedly experienced security breaches. Some identity thieves have used phishing ("a method of luring individuals into providing their personal information by masquerading as a trustworthy person or organization, via an apparently official electronic communication such as an email") to obtain access to user social networking accounts. There have been reports of phishing scams on Facebook, MySpace and other sites. Once identity thieves obtain user information they can assume and exploit a user's identity. For example, an American student was charged in 2006 for using information obtained from Facebook to make illegal purchases on his victim's credit card. In 2006, a young girl committed suicide after being harassed and humiliated by an adult woman who pretended to be a young boy on MySpace.
Cyber-stalkers have also located their victims on social networking sites. For example, repeated sex offenders have been reportedly seeking out minors on MySpace. There have also been some reports of rapes, assaults, and murders of victims that perpetrators met on social networking sites. However, researcher danah boyd notes that studies demonstrate that the greatest risk to victims is posed by the people they know - not the strangers that they meet online.
Bullies are turning to social networking sites to cyber-bully their victims - away from the supervision of parents and teachers. Cyber-bulling has been defined as "threats or other offensive behaviour sent online to a victim or sent or posted online about the victim for others to see." It causes extensive emotional or reputational harm and can also lead to violence in the offline world. Social networking sites exacerbate traditional bullying by offering bullies larger audiences, more anonymity, less supervision, and more sophisticated techniques.
The use of social networking sites can also lead to risks with more subtle effects, such as reputational damage. Information posted on social networking sites can be monitored by employers, teachers, friends, and acquaintances. Employers are using social networking sites to learn about their potential and current employees. For example, in 2007, a teacher who was disciplined over a MySpace photo of her wearing a pirate hat and drinking from a cup entitled "Drunken Pirate." Teachers and administrators have also monitored their students on social networking sites. For example, school administrators in America have been alerted of hazing activities by their student athletes through pictured that were posted on social networking sites. Recently in 2008, a Ryerson student was charged for academic dishonesty for organizing a Chemistry study group on Facebook to share tips on a homework assignment.
Lastly, information on social networking sites can also be exploited for commercial gain by third party developers and advertisers. As mentioned above, the social networking business model depends on information-sharing with advertisers and application providers. However, social networking sites have not been entirely transparent about their advertising activities. Often, social networking sites post a notice of advertising or commercial activities imbedded in long privacy policies and terms of service. Users may not realize that the advertisements that they see are targeted to them on the basis of their posted information.. Without this appreciation, users cannot possibly give social networking sites informed permission to use their information for advertising.
Social networking sites' marketing schemes can give users a false sense of security. Facebook describes itself as "a social utility that connects you with the people around you." Similarly, MySpace describes itself as "a place for friends." However, privacy settings are necessarily limited and profile information is often shared with invisible audiences. Some users, however, buy into their social networking site's promises of privacy and security and share excessive amounts of personal information without appreciating the risks involved. Further, research has demonstrated that Facebook users will share more information on Facebook because they trust the site.
The use of pseudonyms on social networking sites is a contentious issue. Pseudonyms can shield a person's identity, helping to protect him or her from the privacy risks described above. Pseudonyms can also allow for identity-play (as described above) - users can try on different identities and explore them. However, pseudonyms also offer anonymity to users who engage in cyberbullying and cyberstalking. Presumably this is why some social networking sites, like Facebook and LinkedIn, do not allow users to use pseudonyms.
Unfortunately, non-users (who do not receive the benefits of social networking sites) may nevertheless be subject to the some of the risks outlined above. For example, users of a social networking site may upload pictures or information about non-users onto the site. Often, non-users will not even be aware of information posted about them. As with users, non-user information is subject to abuse - notably identity theft, cyber-stalking, and reputational harm. For example, in Australia, a court case is being launched concerning the posting of sexually explicit pictures of a minor on MySpace by someone else via a fake account. Non-users can also be subject to marketing schemes that they have not consented to - for example, on Facebook, a user is encouraged upon registration to supply non-users' emails to send them Facebook invites. These emails are stored by Facebook for an undisclosed period of time.
Become familiar with your social networking site:
Locate your privacy settings and adjust them to fit your needs
Be Careful about the Information you post
Respect others: do not post sensitive information about your friends without their permission
Use a different password for your social networking sites than for other sites
Think carefully whether you would want the information you post on social networking sites accessed and used in other contexts (ie. a job interview)
Consider using a pseudonym
Adjust Your Privacy Settings
Most of the social networking websites have privacy settings. In some cases, it is appropriate to leave your information open to the public - for example, if you are promoting your business or art. However, for more personal uses of a social networking site, it is appropriate to limit who has access to your information. Carefully choose privacy settings to limit your exposure accordingly. If you are receiving unsolicited messages, you may block the sender using your privacy settings. It is also a good idea to notify your social networking provider of any threatening or suspicious behaviour that you may encounter. Lastly, if your social networking site profile has been hacked into, change your password or delete the account altogether.
The Personal Information Protection and Electronic Documents Act (PIPEDA) covers the privacy practices of all organizations involved in a commercial activity. A foreign social networking site can be subject to PIPEDA if it has a substantial connection to Canada, i.e. has a Canadian user base. For more information about your protection under Canadian privacy law, please see our FAQ on Privacy.
The International Working Group on Data Protection in Telecommunications has released a number of preliminary recommendations to regulators, providers and users of social networking sites in the "Report and Guidance on Privacy in Social Network Services - Rome Memorandum" (2008). These guidelines include:
Users should be allowed to use pseudonyms
Social networking providers should be open about collection and uses of user information to allow for informed consent
Social networking sites should be obligated to notify users of data breaches
Current regulatory framework regarding controllership of personal data published on social networking sites should be reconsidered, with a viewed to giving more responsibility to social networking providers
Education system should integratetopics on online privacy issues
The European Network and Information Security Agency (ENSIA) has released 19 government policy recommendations in their position paper, "Security Issues and Recommendations for Online Social Networks" (2007). These guidelines set out that the government should:
"Encourage awareness-raising and educational campaigns"
"Review and interpret the regulatory framework"
"Increase transparency of data handling practices"
"Discourage the banning of SNSs in schools"
"Promote stronger authentication and access-control where appropriate"
"Implement countermeasures against corporate espionage"
"Maximize possibilities for abuse reporting and detecting"
"Set appropriate defaults"
"Providers should offer convenient means to delete data completely"
"Encourage the use of reputation techniques"
"Build in automated filters"
"Require consent from data subjects to include profile tags in images"
"Restrict spidering and bulk downloads"
"Pay attention to search results"
"Address SNS spam"
"Address SNS phishing"
"Promote and research image-anonymisation techniques and best practices"
"Promote portable social networks"
"Research into emerging trends in SNS"
The major legal concerns with social networking sites are their alleged failures to:
Be upfront about their uses of users' personal information
Obtain explicit permission from users to share their information with third parties
Limit their collection of users' personal information to what is reasonably necessary for them to operate their services
For these and other reasons, CIPPIC has recently lodged a privacy complaint against Facebook.
CIPPIC lodged a privacy complaint against Facebook, because, after assessing Facebook's policies and practices under PIPEDA, we found several ways in which Facebook appears to be violating Canadian privacy law. We focused on Facebook because it is the most popular social networking site in Canada. Other social networking sites may also violate Canadian privacy laws.
First, try to resolve your concern within the social networking company. These companies should have privacy officers who are trained to respond to your privacy concerns. If the social networking site that you use is active in Canada and you are not satisfied with its response, you can lodge a complaint with the Privacy Commissioner of Canada under PIPEDA, section 11.
Information and Privacy Commissioner of Ontario, "How to Protect Your Privacy on Facebook" (2008)
Privacy Commissioner of Canada, "Privacy and Social Networks" (Video)
Privacy Commissioner of Canada, "Online privacy and identity: A regulatory body's perspective" (Powerpoint, 2008)
United States of America
On Guard Online, Federal Government of the United States of America,
Digizen, "Social Networking Overview" supported by Becta, the UK Government's lead agency for information and communications technology (ICT)
Digizen, "Social Networking Evaluation Chart" (2008)
European Network and Information Security Agency (ENSIA), Position Paper No. 1: "Security Issues and Recommendations for Online Social Networks" (2007), Edited by Giles Hogben.
Office of Communications, U.K., "Social Networking: A quantitative and qualitative research report into attitudes, behaviours and use" (2008)
International Working Group on Data Protection in Telecommunications, "Report and Guidance on Privacy in Social Network Services - Rome Memorandum," (2008)
Organization for Economic Co-operation and Development (OECD) - Canada Forum on the Participative Web: Strategies and Policies for the Future (Home), "Participative Web and User-Created Content: Web 2.0, Wikis and Social Networking"
Information from Profit and Non-Profit Organizations
Adam Thierer, The Progress & Freedom Foundation, "Social Networking and Age Verification: Many Hard Questions; No Easy Solutions" (2007)
Electronic Privacy Information Center (EPIC), "Social Networking Privacy"
Internet Solutions for Kids Inc., "Prevent CyberBullying & Internet Harassment
PEW Internet & American Life Project, "Social Networking Websites and Teens: An Overview"
PEW Internet & American Life Project, "Teens and Social Media: The use of social media gains a greater foothold in teen life as they embrace the conversational nature of interactive online media" (2007)
Special Themed Issue: Social Network Sites, Journal of Computer-Mediated Communicated, Vol 13, Issue 1 (Oct 07)
Ralph Gross & Alessandro Acquisti, "Information Revelation and Privacy in Online Social Networks (The Facebook case)" (2005) ACM Workshop on Privacy in the Electronic Society (WPES).
Shanyang Zhao, Sherri Grasmuck, & Jason Martin, "Identity construction on Facebook:Digital empowerment in anchored relationships" (2008)
Meg Kribble & Debbie Ginsberg, "The Social Networking Titans: Facebook and Myspace" (2008) Law and technology resources for legal professionals, LLRX.COM
danah boyd, "Why Youth (Heart) Social Network Sites: The Role of Networked Publics in Teenage Social Life" (2007)
danah boyd, "Viewing American class divisions through Facebook and MySpace" (2007)
Susan Barnes, "A privacy paradox: Social networking in the United States" (2006)
C. Dwyer, S.R. Hiltz, & K. Passerini, "Trust and privacy concerns with social networking sites: A comparison of Facebook and MySpace," Proceedings of AMCIS 2007 (2007)
For a more extensive bibliography of the academic work in this area, see danah boyd's (2008)"Research on Social Network Sites"
comScore, "Social Networking Goes Global: Major Social Networking Sites Substantially ExpandedTheir Global Visitor Base during Past Year" (2007)
Working to Halt Online Abuse (WHOA), Online Harassment/Cyberstalking Statistics "Comparison Statistics 2000-2007"
This page last updated: July 1st, 2008, with selective updates in January 2012
Lisa Feinberg, CIPPIC Summer 2008 intern
Lisa Feinberg, CIPPIC Summer 2008 intern