Photo credit: Thai Liang Lim/iStock
How hard is it to find a privacy setting on social media? For participants in a new study from USC Viterbi’s Information Sciences Institute (ISI), the answer was often: too hard. Researchers measured how difficult it was for people to locate specific privacy controls, settings that determine who sees their friend list or activity, and paired that data with two other key metrics: what level of privacy users actually wanted, and whether they knew these options existed in the first place. “It is not just about whether the settings exist, it is about how easily and clearly users can get to them,” said lead author and ISI research assistant Pithayuth (Will) Charnsethikul.
The findings painted a troubling picture. Across Facebook, Instagram, X, LinkedIn, TikTok, and Snapchat, people wanted more privacy than platforms provided by default, many had never seen the available options, and even when they had, they struggled to use them.
“We found an industry-wide misalignment between default privacy settings and user preferences,” said Charnsethikul, a fifth-year Ph.D. candidate in the Thomas Lord Department of Computer Science at the USC Viterbi School of Engineering. “Many users are unfamiliar with common privacy settings and many, especially older users, struggle to locate them.”
Despite broad shortcomings, the study revealed some platform-specific bright spots. On LinkedIn, for example, participants were often comfortable with visibility settings such as allowing profiles or connections to be seen by others. Although the defaults were just as exposed as on other platforms, users were less likely to object given the site’s professional focus. And TikTok stood out for its usability; participants found its menus and navigation made privacy controls easy to locate.
The paper, Navigating Social Media Privacy: Awareness, Preferences, and Discoverability, was presented at the 2025 Privacy Enhancing Technologies Symposium (PETS), where it was selected as a runner-up for the PETS2025 Artifact Award.
For ISI principal scientist, co-author, and advisor to Charnsethikul Jelena Mirkovic, the findings point to a systemic challenge that goes far beyond individual platforms. “The issue around social media defaults being set too permissively is not new and our study reiterates that it still hasn’t been resolved,” she said. “Much worse, it is prevalent across the whole social media industry, which benefits when users share more on their platforms. That’s why we believe policy and regulation need to step in to protect user interests.”
Building on Venmo
This work builds on earlier research that Charnsethikul and Mirkovic conducted together on Venmo, the popular social payments app. That study, I Know What You Did on Venmo: Discovering Privacy Leaks In Mobile Social Payments, analyzed 389 million transactions over eight years and found that more than 40 million contained sensitive information, affecting nearly 8.5 million users.
The Venmo project revealed how public-by-default settings exposed deeply personal details, from health conditions and political views to passwords and phone numbers. It showed how friend lists could unmask private affiliations, such as membership in Alcoholics Anonymous, and even exposed high-profile figures, including President Joe Biden, whose account and social network were uncovered because his contacts were public.
While the Venmo research demonstrated how one app’s design could put millions at risk, this new study shows the problem extends across the social media landscape.
What’s Next
The team hopes their findings will encourage platforms to redesign privacy tools and prompt policymakers to set stronger protections. “Our finding highlights the tussle between what platforms want (i.e., more exposure) and what users want (i.e., more privacy),” said Charnsethikul.
Looking ahead, the researchers are broadening their scope once again. Their next project will investigate how privacy and usability challenges appear in large language models (LLMs), which are increasingly integrated into everyday applications. By identifying issues early, they aim to guide both design and policy so that privacy protections keep pace with emerging technologies.
Published on October 14th, 2025
Last updated on October 14th, 2025
