Misalignments and Demographic Differences in Expected and Actual Privacy Settings on Facebook

Byron Lowens; Sean Scarnecchia; Jane Im; Tanisha Afnan; Annie Chen; Yixin Zou; Florian Schaub

Misalignments and Demographic Differences in Expected and Actual Privacy Settings on Facebook

Authors: Byron Lowens (University of Michigan), Sean Scarnecchia (University of Michigan), Jane Im (University of Michigan), Tanisha Afnan (University of Michigan), Annie Chen (University of Michigan), Yixin Zou (Max Planck Institute for Security and Privacy), Florian Schaub (University of Michigan)

Volume: 2025
Issue: 1
Pages: 456–471
DOI: https://doi.org/10.56553/popets-2025-0025

Download PDF

Abstract: Social media platforms pose privacy risks when data is used in unexpected ways (e.g., for advertising or data sharing with partners). Using a custom browser extension and an online survey with 195 Facebook users, we investigated (1) whether participants’ expected values of their Facebook privacy settings were (mis)aligned with their actual settings; (2) demographic differences in privacy expectation-setting mismatches; and (3) participants' privacy concerns and trust towards Facebook.Our study presents a current and comprehensive analysis of Facebook users' privacy settings. We find that expectation-setting mismatches are prevalent: all participants had at least one mismatch; many had multiple, often expecting their settings to be more restrictive than they were. We also found that Facebook's default values are not aligned with people's expectations and/or actual settings, which suggests that those defaults are ineffective. Furthermore, mismatches differed along certain demographic variables.Participants' trust in Facebook decreased after they became aware of mismatches and their actual settings. Our empirical findings indicate that, despite increased public awareness, media scrutiny, and regulatory attention regarding privacy issues, there is still a substantial and concerning disconnect between how private people perceive their social media data to be and how exposed their data actually is, opening them up to both interpersonal and institutional privacy risks. We discuss design and public policy implications of our findings.

Keywords: Privacy, Social Media, Privacy Expectations

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.