Although most Facebook users claim to be very uncomfortable with how third-party apps use their personal information, their actual behavior doesn鈥檛 reflect this concern, a new study by School of Information researchers has discovered.

As Facebook and other social networking websites grow in popularity and become an archive of personal information, they are ripe targets for marketers or hackers. Managing privacy online is increasingly important 鈥� and increasingly complicated.

Facebook presents a particular challenge, since many of its apps are provided by outside developers, including games like Mafia Wars and FarmVille. Users install 20 million Facebook apps every day, making their privacy vulnerable not just to Facebook鈥檚 privacy practices, but also to the privacy practices of numerous additional companies. In 2010, revealed that several of the most popular apps had shared users鈥� personal information with advertisers, in violation of Facebook鈥檚 privacy policies.

More than ninety percent of the study鈥檚 respondents said they were uncomfortable with how Facebook apps access and use their personal information, once researchers explained it to them. Users鈥� actual behavior didn鈥檛 reflect their privacy concerns, though 鈥� perhaps because the way third-party apps interact with Facebook and what information the apps have access to can be complicated or confusing.

The study was conducted by I School doctoral student Jen King, visiting researcher Airi Lampinen, and 2011 MIMS graduate Alex Smolen. King will be presenting the research findings at next week鈥檚 Symposium On Usable Privacy and Security in Pittsburgh, Pennsylvania.

Researchers initially suspected that 鈥渆xpert users鈥� 鈥� the minority who actually understood Facebook鈥檚 data-sharing practices 鈥� would be better at  managing the online privacy of third-party apps. But the researchers were surprised to find that this wasn鈥檛 true; the more knowledgeable users made the same mistakes as everyone else.

Although Facebook offers a complicated grid of privacy settings for its own data use, there are no similar controls for third-party apps; users鈥� only option is not to use the app. 鈥淚n our study, nobody appeared to have a consistent strategy for managing application privacy 鈥� not even the most knowledgeable users,鈥� said study author Jen King.

One group stood out as both more knowledgeable and more concerned about online privacy: people who had been personally hurt. This group included people whose information had been inadvertently disclosed to someone they didn鈥檛 want to see it 鈥� like a boss or a parent 鈥� or those who had had private or embarrassing information or photos posted online and wanted remove them.

The findings have important implications for privacy policymakers and designers. 鈥淚t鈥檚 tempting to think that if we just make more of an effort to explain how data-sharing works and what the risks are, that people will make smarter decisions,鈥� said King. 鈥淭his data suggests that education may not be enough. We may need to incorporate the lessons people learn when they鈥檝e been burned.鈥�

On-screen warning messages or privacy policies don鈥檛 seem to make a difference, either, since users who had read them 鈥渘either knew more, acted differently, nor felt more concerned about apps than users who had not reported reading these statements,鈥� according to the study.