Skip to Main Content
Online social networks (OSNs) have become extremely popular in recent years. Users actively interact in these networks and share large amounts of personal information. This has led to emergence of a treasure trove of data for many entities, from marketers and spammers to employers and intelligence agencies, which has become a serious privacy concern. Previous works have addressed many aspects about privacy in OSNs such as characterizing potential privacy leakage , possible ways for inferring sensitive private information , , and appropriateness of default privacy settings . In contrast, we focus on the entity who plays the main role in guarding privacy: the user. By sending out friend requests to unknown users in one of the largest OSNs, we provide evidence that a considerable portion of OSN users are willing to let a stranger, possibly an adversary, into their social network, thus granting her access to the users' personal information and to some extent to those of their friends. We study several factors that might foster such behavior, and measure the amount of information that will consequently become accessible. We find that for more than 95% of the users who accept our friend requests, we gained access to personal information that would not otherwise be accessible. We also show that the majority of the users who accept the requests have indeed changed their default privacy settings to restrict access to some parts of their personal information to their friends while making them publicly inaccessible.