Privacy in Social Network Sites

Privacy and Identity-relevant Information in Social Network Sites

Parking and public transportation

leave a comment »

For everyone attending, please find below details on how to get there:

Bus: 21 or 60

  • Bus 21 from Amsterdam Central Station, get off at ‘ Van Hallstraat’ (15-20 minutes) and walk towards the drawbridge that is the entrance to the park
  • Bus 60 from Amsterdam Sloterdijk station, get off at ‘Van Hallstraat’ (10-15 minutes) and walk towards the drawbridge that is the entrance to the park

Tram: 10

  • Tram 10 does not stop at any trainstation, but you can take it and get off at ‘Van Hallstraat’. Again,  walk towards the drawbridge that is the entrance to the park


Parking is always a little more difficult and expensive in Amsterdam. However, best spots to park are:

  • Parking lot of old municipal building at Haarlemmerweg 8a. It is very small though and rates are 3 EUR / hour
  • If there is no space at the parking lot, you can try street parking at the Haarlemmerweg or the levy at the Tasmanstraat, still at 3 EUR / hour
  • Park and Ride from Amsterdam Sloterdijk is a cheaper option at 8 EUR / day
  • And here is a map of all parking rates in Amsterdam, it might even be an option to park in Noord and then take the ferry to our house and walk from there to Westerpark

Written by davidrip

June 2, 2011 at 6:59 pm

Posted in Uncategorized

Privacy Risks for Users of Social Network Sites

leave a comment »

My thesis on ‘Privacy Risks for Users of Social Network Sites’ is almost finished. I am very happy with the research results and the founded insights that Social Network Sites do cause privacy risks for users, but that it is possible to identify these risks and design preventive measures. I did not want to withhold the summary of my thesis to you, so find it below.

Social Network Sites (SNS) are websites that allow users to upload information to a public profile, create a list of online friends, and browse the profiles of other users of the SNS. The websites have membership rules and community standards. Users disclose identity-relevant information via their profile to others. This information is either referential, directly referring to a person, or attributive, describing attributes to the data subject. Although most laws and regulations restrict the access to referential information, attributive information is not protected as such. However, the aggregation of large amounts of attributive information on SNS profiles poses new privacy risks.

Information spreads faster through a Social Network Sites than through a real-life network. Information might be disclosed to a group of people unexpectedly, because the digital information is easy copyable, can be stored indefinitely and is searchable.  It especially  harms users when information travels through different spheres, and ends up with people whom it was not intended for. 

Furthermore, Social Network Sites have financial incentives to generate revenues from the information users upload. The usage of most of these websites is free, and SNS have to make up for the incurred costs by generating revenues from the identity-relevant information of their users. The most common way to achieve this is to create marketing profiles of users and serve them with targeted ads. As SNS and their marketing partners obtain more information about their users, informational inequality arises. Because the SNS have more information about their users and users are not in a position to bargain about the terms at which they disclose their information, an architecture of control surfaces, leaving the users vulnerable to harms.

Indeed, digital files of users are maintained that try to resemble the real person as closely as possible. Other users can contribute to this profile by uploading photos or text about the users, often without the user’s informed consent. This raises serious questions about the user’s control over his own identity-relevant information and his ability to construct his own moral identity within a SNS. Because SNS also collect information from other websites, with or without the user’s consent, the user is restricted in his moral autonomy. 

A fourth reason to restrict access to the information is the prevention of information-based harm. Some activities that harm users need specific information on the data subject before they can be executed, such as a Social Security Number to obtain credit. Indeed, your address and current employer can be used to determine when you are not home and this increases the possibility of criminals breaking into your house.

The activities that harm users are grouped into information collection, information processing and information dissemination. This classification helps in identifying the specific activities that cause harm to users, and design measures to prevent these activities and the damage they cause.

The survey shows that there are three main privacy risks for users of Social Network Sites: Total Information Awareness, dissemination to wrongdoers and no control over your identity-relevant information.

Social Network Sites track the activity of their users on their own websites and those of their marketing partners. They are able to gather unprecedented amounts of secondary personal information on their users, sometimes even without the informed consent of the users. An architecture of vulnerability emerges when the government collects this information and uses it to control its citizens. A Dutch judge found the private profile of a SNS user public, because people can be added to the friends list easily. Studies for the United States government have shown that it is easy to collect data from public Internet sources as SNS and connect them to existing government databases. This could lead to the chilling of free speech with respect to political dissidents.

Because of the great amount of identity-relevant information, which disseminates easily through a Social Network Sites, this could end up easily with wrongdoers. Stalkers, bullies and predators use the attributive information on SNS to identify with their victim and use the referential data to contact them. The profiles of users combined with the ease of contacting a user make SNS a useful platform for wrongdoers. The information on the websites can also easily be used to damage someone’s reputation, and with the large amount of attributive data on SNS, it is not difficult to reverse engineer information needed to steal someone’s identity. Although there is no proof that these things are affecting all users of SNS, experts agree that they affect a significant amount of users and can cause great damage to the users.

Social Network Sites interpret the consent that users give when signing up for their services as a broad informed consent, which can be stretched to secondary usage. In reality, users have minimal information and no control over secondary use of their information, the selling of their information or the disclosure of their information to groups unwanted, by the SNS. Above all, others can post information about the user, which can only be deleted after the fact, if possible at all. Information is posted about non-users, but they can not delete this, unless they become members.

Conventional laws and regulations do not address these issues. Of the American tort laws, only the publication of private facts tort and the appropriation tort seem to address the problems mentioned above. However, it is hard to proof that the facts are private when a user posts them on a SNS profile and the monetary damage is in both cases difficult to measure. Social Network Sites violate many of the Fair Information Practices as set forth by the OECD and recognized by many countries. The usage of the information is not limited to the specified purpose and the processing of the information is  very covert. The privacy watchdogs in various countries do not have the right means to sanction SNS for violating the Fair Information Practices.

A more colloquial approach is needed. Harmful activities should be grouped into information collection, processing and dissemination and harm should  be defined by the four moral reasons to restrict access to identity-relevant information: information-based harm, informational inequality, information injustice and the inability to define one’s own moral identity. The activities that cause specific harms can be identified and constrained. It is recommended to design and start a policy development process in which relevant actors jointly identify preventive measures to minimize privacy risks for users of Social Network Sites.

Written by davidrip

September 25, 2008 at 12:10 pm

Posted in Uncategorized

Conference Privacy in Social Network Sites

leave a comment »

With pride, I am announcing that Delft University of Technology will be hosting the conference on ‘Privacy in Social Network Sites’. This conference, which originated from a brainstorm I had with Jolien Ubacht from the ICT department at the faculty of Technology, Policy and Management at Delft University of Technology, long before I even went to the USA, will bring together scholars activists on Privacy in Social Network Sites. Speakers from the Netherlands, the United States of America and Germany will participate in this two-day event. Keynote speakers are Ronald Leenes, Jeroen van den Hoven and Milton Mueller.

Important Information:

Thursday October 23 and Friday October 24, room Alpha, Faculty of TPM.


Facebook event page:

Register here, it is free:

Privacy in Social Network Sites front



Written by davidrip

September 17, 2008 at 3:57 pm

Posted in Uncategorized

Megan Meier Case: My Analysis

leave a comment »

Many scholars, media and bloggers have written about the case of Megan Meier.

As a preview of my graduate thesis, below you will find the analysis that I provide of the case in my report.

An example that shocked the United States of America and could be having severe implications for privacy in Social Network Sites, is the Megan Meier case. Megan Meier, a 13-year-old girl from St. Louis, Missouri, committed suicide just after a 16-year-old handsome MySpace friend told her “the world is a better place without you in it”. However, the 16-year-old boy was in fact a group of people who lived next door, and had created a fake profile. Lori Drew, the mother of a classmate of Megan, participated in this hoax. She got indicted for a violation of the Computer Fraud and Abuse Act (CFAA) on charge of conspiracy and three counts of computer breach, namely creating fictitious profiles, sending abusive messages and soliciting personal information from minors. Experts on Internet and privacy, that I have surveyed for my graduation thesis, agree that the damage from stalkers / predators and bullies on SNS could be very large for users.
Daniel Solove has a great collection of web logs about this case (2007d, 2007e, 2007f, 2007g, 2008c, 2008d), that specifically question the decision of the prosecutors to charge Lori Drew with computer breach and violating MySpace’s terms of use. If violating terms of use of a Social Network Site is considered a crime, many  people are criminals. Solove agrees with Orin Kerr that the CFAA is stretched too far by applying it to not abiding terms of service’s of a Social Network Site. Specifically, he mentions that Drew’s acts might be immoral, but not illegal.

If I analyze this case with the help of the framework that I have developed in my thesis, the exact cause of the harm and the omissions in the law become much clearer. It must be said that this analysis is not a legal analysis, but uses an ethical framework to identify the specific activities and harms. It is initially a descriptive framework, but it has normative implications when I identify the specific harms. In this case, three specific activities lead to harm, see table 1.

  1. The disclosure of Megan’s profile ID made it possible to contact her. Without this information, it would have been impossible for the group around Lori Drew to contact Megan Meier and harass her. However, the difficulty in describing this as information-based harm, is that although this information was in this case used to harm the girl, it could also have been used in a benign way. Van den Hoven (2007) is quite clear about this: if identity-relevant information is insufficiently protected, it could  harm people. According to him, “[I]n information societies, identity relevant information resembles guns and ammunition.” I argue that because the contact via Megan’s profile took place on a very intimate and emotional level, this contact could have led to severe harms.
  2. The information of Megan’s profile traversed from a youth sphere to an adult sphere, which contained Lori Drew. The involvement of Drew in the harassment is what most people find appalling. Megan’s contact information was now used not by a youngster from her age to contact her for benign purposes. This adult with malign pruposes could, considering her age, have harmed Megan more easily. But Solove asks in one of his posts: would people feel different about posting the personal information about the creators of the profile, if  these were also teenagers? I argue they would, because the transfer of information to the adult sphere and the involvement of a more mature person in harassing, especially appeals to our feelings of morality.
  3. Finally, the woman and girl posted harmful remarks towards Megan on her MySpace profile. The information was uploaded by the group and collected by MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove states that it is hard to proof that these remarks lead directly to the suicide. However, it is very clear that the remarks were made to harm Megan and  therefore subject to information-based harm.

Table describing Megan Meier case

Table 1: Framework applied to Megan Meier case

With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities created by the easy availability of identity-relevant information and by the transgression of this information through different spheres.

In my thesis report, I will analyze 11 of such cases, which correspond with the privacy harms that the experts I have surveyed, identified.


Solove, D.J., 2006. A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3), 477-560.

Van den Hoven, J., 2007. Information Technology, Privacy and The Protection of Personal Data. In J. Van den Hoven, ed. Information Technology, Privacy and The Protection of Personal Data. Cambridge, UK ; New York : Cambridge: University Press, pp. 462-494. Available at:

Written by davidrip

September 3, 2008 at 5:56 am

Posted in Uncategorized

Privacy Enhancing or Privacy Invasive Technologies?

leave a comment »

On the second day of the conference ‘Privacy in Social Network Sites’, there is a round-table discussion with several scholars, privacy activists and people from the industry about Privacy Enhancing Technologies (PETs) in Social Network Sites.Tavani and Moor (2001) call this the ‘management of privacy’, unlike the ‘concept or privacy’ and the ‘justification of privacy’.  In an earlier blog post, I mentioned that the SNS industry seems to be catching up a little more with privacy, most notably in the announcement of SNS Genome to implement different privacy settings for various types of friends. This separation between social spheres could help user to disseminate information about the books they buy to their bookclub only, and not to their fellow employers.

However, there is a long history of Privacy Enhancing Tools that turned out to be Privacy Invading Tools. I argue that the group of Privacy Enhancing Tools is just a convenient name for all kinds of tools or instruments that supposedly give users better control over their privacy. But such a broad and vague definition does not make it easier to distinguish tools that really empower users from tools that are just proxies for data collection. Many privacy controls on Social Network Sites are presented as giving the user more control over their data, as if this is a great service by the SNS and really helps users get more control.  In reality, users gave all their identity-relevant information away to marketers, and are given a few controls to exercise some authority over the information they just gave up. They have given up most control, and in return, get a little bit back.

If we do not define what the activities exactly are that PETs specifically constrain, talking about Privacy Enhancing Tools does not help  us. To define those activities, the information streams in Social Network Sites need to be clear. If I opt-out of Facebook’s Beacon, my friends will not get information about my buying behavior on Facebook websites. But does Facebook still collect this information? Yes, they do, although they mention they discard it.

If information streams in Social Network Sites stay this unclear, the debate about users’ privacy and privacy controls is moot.


Tavani, H.T. & Moor, J.H., 2001. Privacy protection, control of information, and privacy-enhancing technologies. SIGCAS Comput. Soc., 31(1), 6-11.

Written by davidrip

August 19, 2008 at 9:01 pm

Posted in Uncategorized

David Riphagen quoted in Dutch newspaper NRC Handelsblad

leave a comment »

Today, I got quoted in the Dutch National Newspaper NRC Handelsblad. Read the Dutch article as you scroll down this post, but also, let me give you a short English summary:

A Dutch woman is convicted for libel because she called her ex-husband a pedophile on a profile on Dutch SNS Hyves. The profile was, and this makes the case interesting, set to private. The Dutch judge stated that even this private profile, only visible for friends, was public, because anyone who was a friend of the woman could see it. And anyone could become here friend, by adding her to their friends list.

In the article, I mention that in the USA, prosecutors and lawyers already use SNS in court cases. Earlier, I blogged about the case of Joshua Lipton, who was charged with driving under influence, see my earlier post. The journalist, Marie-José Klaver (check her blog in Dutch), also mentions the Electronic Privacy Information Center as my American host for my graduation research.

Then the CEO of Hyves says that the police can not copy information from Hyves, because that is in conflict with his Terms-of-Use. (This is a very awkward statement to make, as if Hyves’ Term-of-Use is not subject to laws that allow criminal investigations). He also mentions the new privacy controls they are publishing next week.

In response, I reply that although I do think that Hyves is working seriously on  these privacy controls, they still (like Facebook) allow third parties to access data of friends without their consent.

The article ends with Remco Pijpers, from the Dutch organization Stichting Kind Online (translated as: child online), saying that we in he Netherlands have smaller SNS such as and, which have 1,4 million members and even more lacking privacy policies.

Please follow the Privacy in Social Network Sites weblog on both the quote of the Hyves CEO that the police can not collect information from his website under the Hyves Terms of Use and a more in-depth analysis of the judgement that a private profile on a SNS is public in terms of libel and slander.


Many thanks to Marie-José Klaver for approving the full post of the article on this weblog.

Written by davidrip

August 7, 2008 at 10:01 am

Posted in Uncategorized

Taking a party pic and putting it online: taxonomy for privacy harms in SNS

leave a comment »

Currently, I am writing my research thesis on Privacy in Social Network Sites (SNS). I propose a framework for structuring the analysis of SNS and especially the privacy harms that could occur through the use of users’ information.

Two of the most influential papers in my respect are Daniel Solove’s ‘A Taxonomy of Privacy’ and Jeroen van den Hoven’s ‘Privacy and the Varieties of Moral Wrong-doing in an Information Age’ (need login).

Solove (2006) gives a good classification of the various activities that could harm the privacy of users in the information age. His classification is broader than the privacy torts identified in American law. He distinguishes between Information Collection, Information Processing, Information Dissemination and Invasions.

Also, read Solove’s new book ‘Understanding Privacy’, for his newer work on privacy.

Van den Hoven examines the concept of privacy from a different perspective. I find his work very fundamental. He deals with the specific reasons why we want to restrain access to the information that we disseminate to others. Van den Hoven identifies four reasons to restrain access to this information: information-based harm, informational inequality, informational injustice and moral autonomy and moral identification.

Please check Van den Hoven’s website for new work of his hand.

In my research paper I use the following example to describe how Solove’s taxonomy and Van den Hoven’s moral reasons combined give a very clear analysis of why people feel there privacy is invaded and exactly how they have been harmed. Following Van den Hoven, I’d rather speak of restricting the access to people’s identity-relevant information, a term coined by Van den Hoven and Manders-Huits, see my earlier post. Read the example, from my research paper, below.

The example of the embarrassing photo taken at the disgraceful party is striking.

First, the photo is taken at the party (Solove’s information collection), and not many people would judge this as immoral.
The picture is posted online (Solove’s information processing), and as long as this would happen on a website that allows restricted access in addition to the subject’s consent, this also is not very objectionable.

The problems start when the photo is disseminated (Solove’s information dissemination) to people without the subject’s consent. The picture might be disclosed to persons belonging to a social sphere within which the subject does not want the photo to be disclosed (Van den Hoven’s informational injustice).

Furthermore, by tagging the photo with the subject’s real name, the photo can become the basis for scrutiny by future employers (Van den Hoven’s information-based harm). Because the users cannot unbundle the services from the SNS, he cannot ex ante prevent the dissemination from happening (Van den Hoven’s informational inequality).

Finally, if the photo is disclosed to people that the subject does not know, he does not have the freedom to present his moral self to the people as he wants, as those people already have an image of him (Van den Hoven’s moral autonomy and moral identification).

This example clearly illustrates which activities (Solove’s taxonomy) are harming the user for which reasons (Van den Hoven’s moral reasons). I had the pleasure to conduct interviews with both gentlemen and this has really helped me in understanding the various harmful activities that are happening on SNS and understanding how we could prevent this from happening.


van den Hoven, M.J., 1997. Privacy and the varieties of moral wrong-doing in an information age. ACM SIGCAS Computers and Society, 27(3), 33-37.

Solove, D.J., 2006. A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3), 477-560.


Note that, although I say that many people would judge taking a picture at a party as immoral, the Fair Information Practices have a principle ‘purpose specification’, that states that the purpose for which the data is collected should be specified not later than at the time of collection. The use of the information should be limited to that purpose. In other words, the photographer should have notified that subject of his intent to place the picture on a SNS and the subject should have consented to that, according to FIP. But is this a real scenario?

Written by davidrip

August 2, 2008 at 3:58 pm

Posted in Uncategorized