Companies such as Apple, Google and Facebook have access to vast and rapidly growing amounts of personal data from their users. How this information should be stored and protected is part of the ongoing debate over online privacy. Although social networking sites and smartphone operating systems offer security preference options, it is unclear if merely offering these privacy controls within the application — and requiring users to proactively “opt in” — is sufficient.
Although there was a statistically significant increase in the security chosen by those informed that their “buddies” had high security settings, such recommendations from friends did not prove decisive in decision-making.
The areas that appeared to be areas of low sensitivity included login status and inactive time — large numbers of study participants did not want high security protections on this data.
Areas such as usage statistics and number of conversations constituted data considered to be high sensitivity — study participants wanted to guard that data more carefully.
The primary predictor of one’s privacy setting preferences was the nature of the privacy control in question. Privacy settings that concealed more sensitive information were more likely to be employed than those with lower degrees of sensitivity.
Additionally, users who self-reported a high frequency of social network and instant messaging use were associated with having more relaxed privacy settings.
This study has implications for the design of social networking sites when providing prompts for security settings. For the researchers, this suggests that “defaults for highly privacy-sensitive features may follow an opt-in policy, while an opt-out approach might be preferable for less privacy-sensitive aspects.”