How Much Is Too Much? Privacy Issues on Twitter

Social media provide many opportunities to connect people; however, the kinds of personally identifiable information that people share through social media is understudied. Such public discussions of personal information warrant a closer privacy discussion. This paper presents findings from a content analysis of Twitter in which the amount and kinds of personally identifiable information in Twitter messages were coded. Findings suggest that the majority of time Twitterers do write about themselves. Overwhelmingly, Twitterers do not include identifiable information such as phone numbers, email and home addresses. However, about a quarter of tweets do include information regarding when people are engaging in activities and where they are. This kind of information may have privacy implications when found in the same tweet or if coupled with other kinds of publicly available information. PRIVACY ON TWITTER 3 How much is too much? Privacy issues on Twitter Social media provide many people a new way to connect with friends, family and colleagues. In particular, social network sites are frequently used to communicate with people known to one another through offline connections (Ellison, Steinfield, & Lampe, 2007). For example, as of August 2009, Facebook was the fifth most frequented website in the US (ComScore, 2009). These services can help to reinforce social bonds and manage social identities (d. m. boyd, 2004; Lange, 2007; Liu, 2007). Research has shown that there can be benefits that come from sharing personal information in social and public ways (e.g. boyd, 2004; Ellison et al., 2007; Hampton & Wellman, 1999). In addition to the benefits of using social network sites, there may be risks associated with using such services. For example, research has begun exploring what kinds of personally identifiable information (e.g. phone numbers, email address, postal address, social security numbers, etc.) people share through services such as Facebook and MySpace (Kolek & Saunders, 2008; Lenhart & Madden, 2007). The misuse of personally identifiable information obtained online can raise many privacy concerns such as identity theft or even discrimination (Lyon, 2001). Therefore this study seeks to explore the kinds of personally identifiable information that people publically share by analyzing the content of a representative sample of public Twitter messages. Twitter is a popular micro-blogging and social network service that allows people to share messages of 140 characters in length. As of September 2009, Twitter had over 50 million unique users (Moore, 2009). While Twitter allows people to share information among friends or “followers”, the default privacy setting on Twitter is that all messages are public, that is, anyone who signs up for Twitter may see them. In addition, all public tweets may be posted to a public timeline website which showcases the twenty most recent tweets. Profiles PRIVACY ON TWITTER 4 on Twitter are relatively short compared to Facebook, therefore the bulk of the information about a person is communicated through their Twitter messages or tweets. This study explores the kinds of personally identifiable information that public tweets disclose. Beyond personally identifiable information, sharing other kinds of personal information on Twitter may put people at risk to be taken advantage of. For example, in June 2009 Israel Hyman, an Arizona-based video podcaster, tweeted that he was looking forward to his family vacation to Saint Louis where they would be visiting family friends for the week. He tweeted again when they had successfully arrived in Missouri. While they were away, their house was broken into and several thousand dollars of computer and video equipment were stolen (Van Grove, 2009). According to one news report, Hyman said, "We don't know for sure if that's what caused the break it in, but it sure gives you pause to think about what you're publicly going to broadcast on the internet," ("Man Robbed After Posting His Vacation On Twitter", 2009). While this may have been an isolated event, it does raise questions about who has access to personal information and how that might put people at risk (Mills, 2009). Concerns about sharing information regarding where people are and when are not necessarily a new phenomenon. People have often tried to keep the fact that they are on vacation discreet from potential vandals or thieves, whether it be through cancelling their mail or newspaper service or even getting a house sitter. Social media, however, allow people to share their locations with thousands of people with the click of a button. Such broadcastability may have important safety implications. There are offline examples of broadcasting personal time and location information and the risks associated with it. For example, funeral notices in newspapers can broadcast where and when family members will be and there have been examples of people’s homes being broken into while they are at funeral services (Wolfe, 1992). Most funeral PRIVACY ON TWITTER 5 announcements request that flowers and cards be sent to the funeral home rather than the home of the family to avoid broadcasting the family’s home address. These examples suggest that personally identifiable information is not the only kind of personal information shared that can have privacy implications. Incidental information such as when and where people may be can also have privacy implications. Time and location may constitute a second tier of personally identifiable information, which while seemingly mundane and minor can raise potential safety concerns when publically broadcasted and shared. Prominence of Twitter Twitter is one of the fastest growing social network sites on the web today, with 8 million users joining monthly (Moore, 2009). Twitter is most frequently used by young adults. Twentyfive to 34 year olds make up the largest percentage of Twitter users (Lenhart & Fox, 2009). This differs somewhat from other social networking services. For example, Pew reported that median age of Twitterers is several years older than the median age of MySpace or Facebook users but younger than LinkedIn users (Lenhart & Fox, 2009). From its inception, Twitter was crossplatform, meaning that users could submit their messages via the web, instant messenger or SMS (“short messaging service” or text message). This may have contributed to the fact that Twitter users tend to be “more mobile in their communication and consumption of information” than the average internet user,” (Lenhart & Fox, 2009, p. 3). Previous studies of Twitter have explored the kinds of messages people post (Mischaud, 2007; Naaman, Boase, & Lai, 2010), the degree of interactivity within messages (d. boyd, Golder, & Lotan, 2010; Honeycutt & Herring, 2009), the network size of Twitterers and the frequency of tweets (Krishnamurthy, Gill, & Arlitt, 2008; Moore, 2009). Twitter ostensibly asks users, “What are you doing?”, but research suggests that users do not always tweet about what PRIVACY ON TWITTER 6 they are doing (Mischaud, 2007; Naaman et al., 2010). People use Twitter to share information about themselves as well as to share information publicly available elsewhere on the web, such as breaking news or interesting media such music, videos, blogs, etc. Honeycutt and Herring (2008) found that 41% Tweets in their sample were shared information about the author him or herself. Similarly Naaman, Boase, & Lai (2010) found that about half of Twitter messages were about the author him or herself while the rest were about other people or things. These studies suggest that Twitter users are not only talking about themselves directly; but even if just half of the messages are about themselves that still means that Twitter users are sharing 12 million tweets per day about themselves (Liew, 2009). Sometimes of course messages that do not directly reference the user can still share information about the user’s tastes, interests, and preferences (Liu, 2007). Given the rise of GPS and mobile technologies which may encourage sharing of location information (Humphreys, 2007), it is important to take a step back and examine personally identifiable information as well as a second tier of identifiable information including when and where people are. This is the first study to the best of our knowledge that explores the kinds of personally identifiable information that people post on Twitter. Social Media & Sharing Much research has explored the ways people share information about themselves online and the privacy implications (see Joinson & Paine, 2007 for an overview). Time and again, research has shown that people will disclose more personal information online than they will face-to-face (Joinson & Paine, 2007). Not only do people readily self-disclose in online experimental settings, (e.g. (Tidwell & Walther, 2002), but they often also disclose personal identifiable information when this is requested by a website (Metzger, 2004). The personal PRIVACY ON TWITTER 7 information revealed in Twitter messages, however, are at the complete discretion of users, so long as they conform to the 140-character limit. While Twitter differs from social network sites like Facebook and MySpace in its format, it can be helpful to look privacy attitudes and behaviors on these sites in order to better situate this study. A study of the attitudes towards privacy and Facebook use by Acquisti & Gross (2006) found while privacy concerns predicted Facebook use for older people, it did not predict use for students, suggesting that even when young adults were concerned about privacy issues they were still likely to be active and contributing members of Facebook. Lennart and Madden (2007) found that as many as two-thirds of teens on social network sites report to have changed their profile settings so that they are not visible to the entire public. In addition, younger teens and females were likely to engage in privacy