Social networking sites have been under attack lately. In February, Facebook made a very controversial change to its privacy policy - this change resulted in a massive backlash. Twitter has been the victim of several high profile attacks. In their 2009 Midyear Security Report, Cisco cited social networking as one of the major vulnerabilities in the first half of 2009. Our blog has covered many stories about how criminals use social networking sites (like Facebook, Twitter, LinkedIn, and others) to spread malicious software and steal identities. However, we have not done an adequate job of talking about privacy (whatever that is) on these popular web services.

The social implications of privacy have been one of my favourite topics for several years. The first time I read George Orwell's beautiful 1984, I was struck by a strange dichotomy that I still have not resolved. True freedom lies in either having complete privacy or a complete lack of privacy (combined with a complete lack of judgement). However, advances in technology make a complete lack of privacy incredibly dangerous - crimes like identity theft, credit card fraud, etc are not so much financial attacks as they are attacks against privacy. And, as crimes like identity theft and credit card fraud become more common, people become more concerned with their privacy.

Consequently, I have decided to start work on something of an academic framework to discuss privacy in social networking. Over the next few days, I will start this discussion by looking at two very good papers written on the subject. First, I will deal with a Cambridge University study on privacy practices across 45 social networking sites. And then, I will look at the Privacy Commissioner of Canada's recent findings on Facebook.

However, before I start analyzing what others have to say about privacy and social networking, I would like to start with a few ground rules/definitions. I think that if you read about social media/social networking on the web, you are left with the impression that social networking/media are new. One person I talked with said that online social networking started with Myspace.

With all due respect, I strongly disagree with this idea.

I believe that the web is intrinsically social. Protocols like TCP/IP and HTTP were designed so that anyone could publish anything and the rest of the network would help pass it along so that everyone else could access it. There is no centralized command structure in the web. Rather, content is fluid - it is ever growing and ever changing.

If you dig deep enough, or if you have been around long enough, you will realize that there is really no difference between Usenet and Digg; or between Twitter and a BBS. Facebook is almost identical to the personal home pages and web rings of days past. The web remains and has always been a great way to meet interesting people who share common interests and who can teach you a wide variety of interesting things.

Even search engines like Google, Bing and Yahoo are heavily weighted towards 'social media'. Want to get a web page in the top ten? Write good content so that other sites will link to it. On the web, a link counts as a vote. If you get lots of votes, search engines will trust you. And if search engines trust you, they will reward you with high rankings.

Privacy has always been a concern on the web. If a search engine can find something, anyone in the world can find it. If you take nothing else away from this article, please remember that anything you put online can be used/misused by anyone with an internet connection.