Madejski Michelle author Columbia University. Computer Science Johnson Maritza Lupe author Columbia University. Computer Science Bellovin Steven Michael author Columbia University. Computer Science Columbia University. Computer Science originator contributor text Technical reports New York Department of Computer Science, Columbia University 2011 Increasingly, people are sharing sensitive personal information via online social networks (OSN). While such networks do permit users to control what they share with whom, access control policies are notoriously difficult to configure correctly; this raises the question of whether OSN users' privacy settings match their sharing intentions. We present the results of an empirical evaluation that measures privacy attitudes and intentions and compares these against the privacy settings on Facebook. Our results indicate a serious mismatch: every one of the 65 participants in our study confirmed that at least one of the identified violations was in fact a sharing violation. In other words, OSN users' privacy settings are incorrect. Furthermore, a majority of users cannot or will not fix such errors. We conclude that the current approach to privacy settings is fundamentally flawed and cannot be fixed; a fundamentally different approach is needed. We present recommendations to ameliorate the current problems, as well as provide suggestions for future research. Computer science CUCS-010-11 http://hdl.handle.net/10022/AC:P:10666 English NNC NNC 2011-07-08 11:30:11 -0400 2011-07-08 11:36:34 -0400 4617 eng