The Inadequacy of Privacy Controls on Social Networking Sites Contribute to Identity Theft

The Inadequacy of Privacy Controls on Social Networking Sites Contribute to Identity Theft

            The Internet, primarily social networking sites, represents one of the most efficient and effective modes of communicating and disseminating information. Chewae et al. (2015) observe that the popularity of social network platforms and the ballooning number of users have focused attention on privacy as an important issue online. The internet space is open for individuals and businesses, but malicious entities also have taken advantage of the digital setting to perpetrate crimes like identity theft. Barth and De Jong (2017) emphasize that the emergence of the Semantic Web presents numerous opportunities related to the unlimited access to information, with the largescale aggregation of data and round-the-clock social networking connectivity. However, observers consider the inadequacy of the privacy and security controls by social media sites a significant contributor to the exposure of individuals to identity theft. The users are also to blame because they fail to take measures to safeguard their data to prevent intrusion on their information.

The requirement by social networking sites for the individuals to supply their privacy information to complete an online profile is one shortcoming in the privacy control policies of the providers. According to Chewae et al. (2015), the creation of an account on the online platforms includes details like the individual’s name, address, email, age, and phone number. Therefore, the presence of personally identifiable information on the Internet endangers the social networking site user because unexpected intruders can access the data. Mostly, the providers require the subscribers to input their real identity and private information, without regard to the accompanying privacy concerns (Chewae et al., 2015). Jacobson, Gruzd, and Hernandez-Garcia (2019) acknowledge the risk facing even people without a social media account.

Specifically, social networking sites often generate shadow profiles of individuals who are not using their platforms, mostly using personal data they obtain from the person’s social contacts. Therefore, they end up being innocent targets of identity thieves, despite their efforts to keep their personal identifiable details from the Internet space. The default privacy controls that social media platforms provide cannot secure the users and even non-users due to the exposure of too much real information to unauthorized parties.

Additionally, social media platforms are ready to access and available and open up a wealth of information third parties can leverage. For example, Jacobson et al. (2019) argue that marketers are leveraging the easily accessible information on the online space for their strategic and digital marketing objectives. On the one hand, individual users utilize social media to create content and share experiences with the broader online communities and specific friends, family, and companies. Contrariwise, businesses are capitalizing and adopting tools and schemes to engage in social media listening (Jacobson et al., 2019). For example, retailers gather sentiments on potential new products by combining social media and predictive analytics (Jacobson et al., 2019). Chewae et al. (2015) stress that social networking sites also engage in the intentional use of private information for marketing purposes, without the consent of the users. There is an invisible part of the online interaction platforms where entities mine the network of personal information for advertising and targeted marketing. Some social media companies even directly sell the users’ data to third parties wishing to use it for their own interests. Hence, the absence of adequate privacy controls could lead to the leakage of personal information that criminals can utilize for identity theft crimes.

Similarly, some entities target the publicly available information individuals share online for mining and extracting for misuse. Ali et al. (2018) echo the sentiments of Jacobson et al. (2019) and Chewae et al. (2015) that when social media users publish their personal data, they disclose details about themselves. Some unauthorized parties can trace the information and connect the activities with the available data for mining and extracting sensitive material. Additionally, Ali et al. (2018) claim that user-generated content online contains the individuals’ experiences, knowledge, opinions, and private data like name, photos, and location. Information shared on the Internet is permanent, replicable, and re-shareable because it is electronically stored. Social networking site users often struggle to manage their social identities while safeguarding their privacy. Ali et al. (2018) also highlight the classic threats facing individuals on the Internet. They entail phishing, malware, spam, or cross-site scripting attacks that spread in new and quicker ways than before. Ali et al. (2018) consider malware attacks on social networks easier because of the user interactions and the structure of the platform. Attackers may access the credentials of one person and impersonate him or her to communicate with their peers. The criminals use the details of users to commit identity theft and other fraud.

Furthermore, the access control systems social media sites proved are ineffective in protecting privacy since information on the World Wide Web is easy to copy and aggregate. According to Kagal and Abelson (2010), while users on online networking platforms can succeed in blocking unwanted viewers, the Internet is a highly decentralized system where attackers can easily reproduce and combine data. Particularly, it is possible for third parties to infer sensitive information based on the publicly available details, even after the individual successfully uses the access control systems (Kagal & Abelson, 2010). For example, the risk of identity theft is common with every use of Social Security Numbers (SSN). Unfortunately, public sources like social media profiles make it possible for the reconstructions of SSN numbers with a high degree of accuracy (Kagal & Abelson, 2010). The danger lies with friends or groups on social media that may inadvertently reveal an individual’s details beyond those permitted by the personal privacy settings. Kagal and Abelson (2010) also assert that experiments have confirmed the possibility of predicting someone’s political affiliations or sexual orientation by a simple look at his or her social networks. The fact that the users bear the responsibility of defining their privacy policies calls into question the social media companies’ commitment to the security protection of personal online data.

However, the users of social media are equally to blame for the failures in the online company’s privacy controls. Barth and De Jong (2017) front the privacy paradox to explain the discrepancies between and attitudes and actual behaviors of users online. For example, individuals claim to be concerned about their privacy on social media, although they do not act to protect their personal information. Barth and De Jong (2017) particularly point to the consumers’ reliance on the usability, popularity, and price of mobile applications in their decision to use mobile technologies. Therefore, they do not consider the likely risk of information misuse, despite their expression of concern about privacy issues related to third party data distribution. Suh and Hargittai (2015) explain the paradox by stating that the users base their decisions on the privacy calculus that compares the risks and benefits of disseminating information online. The individuals using social networking sites neglect thinking about access and use of their data by other parties. Therefore, their ability to share information is more salient than the capacity for others to see the details (Suh & Hargittai, 2015). The social media users perceive value in being active and sharing than protecting their data, thereby exposing themselves to identity theft.

Hence, the recommendation is for companies to notify consumers about any intention to collect and use their data. According to Kagal and Abelson (2010), the notice will give the users the chance to respond appropriately, whether by voluntary sharing the information, or taking steps to protect their privacy.  For example, Google AdSense offers a due notice by a hyperlink on its advertisements (Kagal & Abelson, 2010).  When the users click on the links, they learn the reason for the display of the promotions and can modify the performance of further targeting. Kagal and Abelson emphasize the need to improve the approach by informing the users about the type of information collected and used to target with the ad. Comparatively, Ali et al. (2018) suggest that for the negligence of individuals on online platforms, individuals should use the custom access controls instead of leaving their privacy settings on default mode. Hence, they should take advantage of the privacy-protection approaches the social networking sites provide. Besides, since most companies change their policies after every application update, the users should also frequently review their privacy settings (Ali et al., 2018). Social media users should also limit sharing their sensitive details on the Internet to avoid criminal abuse of their data.

Thus, social networking sites have attracted billions of users because of its efficiency and effectiveness in communication and information dissemination. However, online platforms face privacy issues because identity theft criminals target them to obtain personal information from subscribers. The access controls social media companies provide are inadequate in safeguarding the data of users. For example, the platforms require individuals to supply their real information to complete their online profiles, thereby exposing them to intruders. Social media platforms are also readily accessible and available with a wealth of information for third parties. Third parties also target the personal data people share on the social networking sites for mining and extraction of the sensitive material. The information on the web is easy to copy and aggregate due to the decentralized system that promotes the inference of data. Besides, the users are responsible for access control failures because they ignore privacy risks and prioritize information sharing. Therefore, the recommendations to address the limitations of the controls include a due notice from the social networking site providers to alert the users about the intention to collect and use their information. Individuals should also take personal steps to limit posting sensitive data and regularly reviewing the security and privacy settings to minimize identity theft risks.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Ali, S., Islam, N., Rauf, A., Din, I. U., Guizani, M., & Rodrigues, J. J. (2018). Privacy and security issues in online social networks. Future Internet, 10(12), 114.

Barth, S., & De Jong, M. D. (2017). The privacy paradox–Investigating discrepancies between expressed privacy concerns and actual online behavior–A systematic literature review. Telematics and Informatics, 34(7), 1038-1058.

Chewae, M., Hayikader, S., Hasan, M. H., & Ibrahim, J. (2015). How much privacy we still have on social network? International Journal of Scientific and Research Publications, 5(1), 2250-315.

Jacobson, J., Gruzd, A., & Hernández-García, Á. (2020). Social media marketing: Who is watching the watchers? Journal of Retailing and Consumer Services, 53.

Kagal, L., & Abelson, H. (2010, July). Access control is an inadequate framework for privacy protection. In W3C Privacy Workshop (pp. 1-6).

Suh, J. J., & Hargittai, E. (2015). Privacy management on Facebook: do device type and location of posting matter? Social Media+ Society, 1(2), 2056305115612783.