Q&A: Carnegie Mellon’s Aleecia M. McDonald

Social Media Privacy Is Not an Oxymoron

By Maureen Nkatha

In 2018, Cambridge Analytica exploited the private information of more than 50 million Facebook users to influence the 2016 presidential election.

This data breach and many others have prompted advocacy for tighter regulations.

Aleecia M. McDonald, an assistant professor at Carnegie Mellon University’s Information Networking Institute, says social media companies must protect users by allowing them to download their data, by disclosing what information has been “shared,” by letting them bar third-party access to their data and by providing ways to delete information completely.

Which social media platforms are doing the best job in protecting privacy and giving users control over their data?

Privacy on social media sounds like an oxymoron but is not.

Privacy is about choosing with whom you share what, in which ways, at what times. It is not just about saying “no.”

A social media site that is great on privacy means the owner of the platform does not invade the privacy of the users — and does not allow other third parties to invade the users’ privacy.

Plus, users need to be very clear about what is public to all, or just public to some — or even 100% private.

Cambridge Analytica shows when social media data gets into the wrong hands, the very nature of democracy is at stake.

Why is privacy on social media not an oxymoron?

People use social media to connect and share, sometimes even to build publicity.

We think about social media in that context, so it sounds like how could you have or even want privacy in a public space?

But unlike a billboard, on social media we can be more selective.

Privacy is about being in charge.

Too frequently, we see social media companies decide that they are in charge of our creative work: writing, photos, hopes, dreams and thoughts.

These are bad hosts.

What’s the easiest way to stop social media companies from tracking and profiling users?

Sadly, self-regulatory efforts and collaborative-standards efforts have failed to bring about privacy self-determination.

Certainly, we have seen no evidence of shame or moral compass reflected in some privacy decisions over the years — even from companies that are otherwise leading lights on other human-rights issues.

Companies have demonstrated they will not respond to anything short of legal measures with strong economic penalties — and even then, they fight and flout the laws.


For generations, we have had ad-supported content. It is only during my lifetime that, instead of people watching ads, ads watch people.

Most of the economic value of online ads can be captured from context: If I am reading an article about chocolate, wonderful. Show me an ad for chocolate.

There is no need to show me chocolate ads for months, or record that I am interested in chocolate. Just show the ad when it is relevant.

To do so, you only need to know about the article, not about the reader.

And sometimes, an answer is to simply charge for content directly, instead of pretending something is free while invisibly collecting and trafficking data.

Companies that are not financially dependent on selling user data have an easier time with this transition.

New financial models are not the easiest approach, but they are the cleanest. Once market incentives align with privacy rights, there will be much less work to do on privacy.

Is deleting your social media account enough to protect privacy?

No. Even without an account, social media companies still track you across the Internet.

Plus, this is not just a story about companies.

Other people may put up information about you — and you might never even know.

Can online friends put you at risk?

There are sad tales of people losing their jobs over photos online — and those photos can come from friends.

There are other more subtle risks. Especially for people without long-established credit records, lenders may look at the credit histories of your friends to try to make guesses about you.

Your interest rate may go up, or you may not get the same credit-card offers if a friend has financial trouble.

A joke a friend makes on LinkedIn might get an employer to decide not to interview you.

So, at first, it seems best to be anti-social, but this does not work either.

For instance, not having a GitHub presence is seen as a bad sign for software engineers. If you are not in the right networks, you miss the chance to hear about opportunities — everything from social to work to volunteer options. 

Is anonymizing personal data enough to protect privacy?

Often not. It depends on what you mean by “anonymizing,” and protect in which ways?

For example, I might create a new social media account with a different name. If all I want to do is read other peoples’ accounts from home without my boss knowing my interests, perhaps it is OK that my IP address is logged, the “fingerprint” of my device is logged and can be linked to the rest of my web profiles, and so on.

Yet, I often say photos of grandchildren are the “killer app” for social media.

There is no way to stay anonymous yet connect to your family: They know who you are — and so will anyone else paying attention.

One aspect of computers is that they are always paying attention and never get bored.

Maureen Nkatha is a writer based in Nairobi, Kenya.

Sources (external links):

Filed under: