Among the existing solutions for protecting privacy on social media, a popular doctrine is privacy self-management, which asks users to directly control the sharing of their personal information through privacy settings. While most existing research focuses on whether a user makes informed and rational decisions on privacy settings, we address a novel yet important question of whether these settings are indeed effective in practice. Specifically, we conduct an observational study on the effect of the most prominent privacy setting on Twitter, the protected mode. Our results show that, even after setting an account to protected, most real-world account owners still have substantial private information continuously disclosed, mostly through tweets posted by the owner’s connections. This finding illustrates a fundamental limit of privacy self-management: its inability to control the co-disclosure of privacy by an individual’s friends.

Interestingly, our results also point to a potential remedy: A comparative study before vs after an account became protected shows a substantial decrease of co-disclosure in posts where the other users proactively mention the protected user, but no significant change when the other users are reacting to the protected user’s posts. In addition, co-disclosure through explicit specification, such as the direct mentioning of a user’s location, decreases sharply, but no significant change occurs for implicit inference, such as the disclosure of gender through a “girls’ night out” message. The design implication here is that online social networks should provide support alerting users of potential co-disclosure through implicit inference, especially when a user is reacting to the activities of a user in the protected mode.

See SSRN for the full paper.

[Updated January 7, 2019] This paper won a best paper nomination at HICSS-52.