Sören Preibusch, another researcher who worked on the project, says that establishing industry standards for privacy settings might help users understand and control what’s happening to their information. Murky policies, confusing settings, and incentives to share all their information tend to distract users from the realities of what will happen to their data, he says. “Even though consumers report they are concerned about privacy, they forget their concerns when offered some rewards,” Preibusch says. “Even small rewards such as chocolate bars or pennies will convince users to reveal personal information.”

Vitaly Shmatikov, a professor of computer science at the University of Texas at Austin, who studies privacy in social networks, says that the implications of the new study will become increasingly important as sites develop better ways to make money from users’ data. “I expect that there will be a significant tension between monetization and privacy,” he says.

Incidents such as Facebook’s Beacon fiasco–the site’s controversial attempt to broadcast a user’s offline shopping activities through Facebook–highlight the potential for conflict, Shmatikov says. However, he thinks that worse will come when social networks begin focusing less on attracting new users and more on making money from the ones they have.

By their very nature, social-networking sites are designed to “promote the open flow of personal information,” says Michael Zimmer, an assistant professor at the School of Information Studies at the University of Wisconsin-Milwaukee. As a result, he says, they’re “reluctant to heavily promote their privacy settings,” adding, “Facebook has some of the most robust privacy settings out there but offers little to no help on how to use them.”

One way to remedy this situation is by finding ways to assist users in navigating privacy settings, Zimmer says. He has, for example, posted a cheat sheet on his site that walks users through the process of configuring the privacy settings on Facebook.

Preibusch says that social-networking sites often leave user profiles almost 100 percent public by default. “Users should be aware that they still have the possibility of taking action by setting their privacy settings inside the network, and not sticking with the permissive defaults,” he says.

“The safe way to use the network is to assume that everything you post will eventually be public,” adds Bonneau.