Social media has become a popular means of communication thanks to the advancement of computer network and web technology. Social networking service (SNS) provides a virtual platform for users to realize their personal/professional purposes. Users have a great motivation to share their personal updates in social media in order to maintain their contacts. In the meantime, users have a strong need to protect their privacy in order to prevent all kinds of frauds from attackers. In the existing literature, many research efforts address privacy protection issues by employing computer security technology. To our best knowledge, it is the lack of a framework to propose a holistic framework of privacy protection encompassing other factors, such as user's behaviour, SNS provider's security policy, and information management strategy. In this background, this paper aims to derive a reference model for privacy protection in social networking service by using Environment-Based Design (EBD) methodology. A systematic SNS environment analysis is conducted to identify the major challenges and to organize coherent solutions.