What Should Be Done to Protect User Privacy?

Social networking sites permeate nearly every aspect of modern life but are failing to protect their users' privacy. This article outlines strategies they can use to improve user privacy protection.

Cartoon about User Privacy: Picture of Egg, caption "This is your privacy". Picture of egg in frying pan, caption "This is your privacy online".
Cartoon credit The Daily Dose

As a social media user, I often hear about various data leaks and privacy breaches and wonder how at risk I am. I wanted to understand what measures can be taken to increase my own data protection and what should be done by social media platforms to protect their users at large.

Surprisingly, I learned that my worries aren’t common among my peers and that many people don’t put thought into platforms’ privacy practices when signing up. This made me realize that the best way to improve user privacy on the internet is for platforms to adopt measures to lead users into being more private with their data. At the minimum, they should do better at informing users about how much data is being collected and how it is used to enable educated choices on using the platform.

Privacy Requirements

I’ve always thought about privacy as an abstract concept, and I struggled to put into words the concrete measures that constitute privacy protection. Luckily, I found research that developed a cohesive list of requirements for privacy from the user’s perspective. The researchers used this list to review Facebook’s tools and found a failure to meet user requirements on multiple fronts. Based on these requirements, I developed a collection of strategies that can be used to improve user privacy on social media

Privacy Policies

About 59% of internet users have never read a privacy policy, likely because of their length and convoluted legal language. This is problematic because informing users is one of the common themes across all the user requirements for privacy. To solve this issue, modular privacy policies should be used to break existing policies into bite-sized portions that users can understand before clicking “agree,” with each policy section summarized in concise bullet points.

To Continue, Please Read the Privacy Policy For This Section
Data Collection
  1. Payment Information (debit or credit card number, other card information)
  2. Other account and authentication information
  3. Billing and shipping details
  4. Contact details
More Information
More specific information in more complicated legal text could be included here if needed, but the general ideas above would summarize it.
Data Shared
  1. 3rd party advertisers are granted access to anonymous usage data
  2. Other users with access can see your profile information
  3. Game developers can see anonymous usage information when you play games
More Information
More specific information in more complicated legal text could be included here if needed, but the general ideas above would summarize it.
Data Ownership
  1. All data entered through the use of this site is our legal property, we retain all copyrights
More Information
More specific information in more complicated legal text could be included here if needed, but the general ideas above would summarize it.
Interactive example of what a modular privacy policy could look like

Additionally, platforms should segment into modules based on the privacy permissions each one needs, so that you can select exactly what you are comfortable agreeing to—similarly to your phone asking permission before giving apps access to sensitive information. For example, you can use the Facebook app without giving it permission to access your phone’s camera or microphone, so what if you could just use Facebook to get access to a specific Group and not let them track your activity across the internet or learn all your social connections?

Social media services are so pervasive, especially among young people, that it’s almost mandatory to use them. For me, I found when I came to college that nearly every student club uses Facebook, so despite deleting my account years ago I needed to rejoin to use Messenger and one or two Groups. Segmenting platforms gives users more flexibility and control over our data, and in my case would allow me to rejoin and only use Groups and Messenger.

Protective Default Settings

As it stands, nearly every site uses the least private settings available by default. Researchers found a significant difference in the settings users chose between groups that were presented default private settings and default sharing settings, illustrating the coercive power of default settings.

Not only that, but many users don’t look at privacy settings, so they are left sharing whatever data the platform chooses for them. To solve this issue, platforms should adopt their most protective options as the default, so that both users who aren’t privacy-conscious enough to change their settings and those who are swayed by default options would be more protected.

Personalized Privacy Nudges

Another practice social media sites should implement is personalized privacy education. Research shows that profiling users by their privacy proficiency and tailoring privacy nudges based on those profiles is the best way to make the suggestions stick.

The researchers also discovered that grouping privacy tools with the functionality they control is important for users to utilize the tools. For example, they found on Facebook that most users who created customized lists of friends to share with never employed these lists when posting, likely because the two functions are separated from each other in the interface. Therefore, profiling users’ privacy proficiency and thoughtfully grouping tools by functionality are important ways to improve current efforts.

Blockchain Settings Audit

One final issue I discovered is that most of the time platforms aren’t legally bound to follow the settings users select, so we are left trusting that they are respecting our choices. To solve this, smart contracts on a blockchain like Ethereum could be used to record the settings that users and platforms change to serve as an audit in the case of disagreement. Using a decentralized blockchain creates transparency for users to know their desired settings are being used and gives them evidence should they choose to sue companies who don’t respect the settings.

To Enable Blockchain Audited Settings, Please Register
Generate an Address
To enable settings audit on the Ethereum blockchain, please click Register below. Doing this will generate a unique address for your settings that can be used to check their history.
Your Address
Registering on Blockchain...
Your Setting History
Your Address
  • Jan. 7, 2022 — Platform changed setting options for profile visibility. "Private" was removed, your profile visibility is now "Friends of Friends".
  • Dec. 19, 2021 — Platform changed wording from "Activity your friends can see" to "Public Activity". Your choices were preserved for this setting.
  • Dec. 12, 2021 — You changed profile visibility from "Public" to "Private".
  • Nov. 27, 2021 — Registered on blockchain for setting history.
Interactive example of what the interface might be to register on the blockchain, and what you would see after registering. Notice especially the entry on Jan. 7 and how this could be useful to know.

What should be done?

Using all or some of these strategies, social media platforms can improve the experience for their users and increase trust in their platforms. User privacy is an issue that is only increasing in importance and new legislation like the European Union's GDPR will hopefully make some of these practices standard. Until then, however, I think we need to hold platforms accountable to act responsibly on behalf of their users. It doesn’t need to be specifically the strategies I outlined, but transparency and education efforts should be implemented so that personal privacy doesn’t become a thing of the past.

To make this happen, we should contact the platforms we use and advocate for these practices, as well as lobby legislators to enact effective online privacy legislation. Alongside that, here are some actions you can take to protect your own privacy.