• No results found

FINDING PRIVACY CONFLICTS IN ONLINE SOCIAL NETWORK SERVICES

N/A
N/A
Protected

Academic year: 2020

Share "FINDING PRIVACY CONFLICTS IN ONLINE SOCIAL NETWORK SERVICES"

Copied!
6
0
0

Loading.... (view fulltext now)

Full text

(1)

1

FINDING PRIVACY CONFLICTS IN ONLINE SOCIAL

NETWORK SERVICES

1LATHA. S, 2 GAYATHRI. C 1,2Assistant Professor/CSE

Mahendra Institute of Technology,Mallasamudram 1[email protected],2 [email protected]

ABSTRACT

Online Social networking services (OSNSs) such as Face book or Twitter have experienced an explosive growth

during the recent years. Millions of users have created their accounts on these services because they experience great

benefits in terms of friendship. These OSNs not only offer attractive means for virtual social interactions and

information sharing, but also raises privacy issues and security. Although OSNs allow a single user to govern access to

her/his data, they currently do not provide any method to enforce privacy concerns over data associated with multiple

users, remaining privacy conflicts largely unresolved and leading to the potential disclosure of information that at least

one user intended to keep private. In this work, we propose an approach to enable collaborative privacy management of

shared data in OSNs. Specifically we provide a systematic method to find and overcome privacy conflicts for

collaborative data sharing. Our conflict resolution reveals a tradeoff between privacy protection and data sharing by

quantifying privacy risk and sharing loss. We examine how the lack of joint privacy controls over content can

inadvertently reveal secret information about a user including preferences, relationships, text messages, and photos. We

analyze social networks to find scenarios where conflicting privacy settings between friends will reveal information that

at least one user intended remain private. By aggregating the information exposed in this manner, we showed how a

user's sensitive information’s can be inferred from simply being listed as a friend or mentioned in a story.

Keywords

Cloud Computing, Data sharing, CP-ABE Attribute, Encryption.

1. INTRODUCTION

Privacy problems associated with digital

communication and network technologies have been a

major concern among Internet users over the past

decade. The emergence of social networks has even

increased these concerns. People register to these

OSNSs and share images, videos, and thoughts because

they perceive a great payoff in terms of friendship, jobs,

and other opportunities. The popularity of OSNSs

attracts not only faithful users but third parties with

adverse interest. If we consider the huge amount of

private information uploaded to those OSNSs and the

persistence of it in the social networks, the privacy of

OSNS users can be threatened. Recent cases show that

on-line thieves, stalkers, and bullies take advantage of

the information available on SNSs and use it for

purposes that were not the initially intended ones.

There are several definitions of privacy in the

related literature. In the context of this survey, we use

the definition of Alan Westin, who defined privacy as

‖the claim of individuals, groups, or institutions to

determine for themselves when, how, and to what

extent information about them is communicated―. This

definition implies that OSNSs have to offer their users

mechanisms that allow them to decide how their

information is disclosed. Current OSNSs have taken

steps towards this objective, but there still exist several

(2)

15

their information and how it is shared among the OSNS.

Users demand better privacy mechanisms, with richer

and finer-grained privacy policies that take into account

the way OSNS users share information and interact with

others. Moreover, privacy controls for these new access

controls have to be easy to use, offering automatic

suggestions and learning from the behavior of the users.

This article reviews studies that enhance

privacy in social networks, as well as studies that

explore human relationships over social networks and

their behavior. Understanding how humans share and

manage their friendships on OSNSs is crucial so that

researchers can adapt their models and methods to cope

with the users’ needs and expectations. Studies are

classified according to the type of privacy risk they

address.

1.1 Privacy and Social Networks

As pointed out more than a century ago by

Warren and Brandeis [68], disclosure of private

information and the misuse of it can damage people’s

feelings and cause considerable damage in people’s

lives. In OSNS where intimate information of the users

is managed, privacy is of paramount importance. A

research of Gross and Acquisti in the early days of

Facebook showed that the majority of users were

unconcerned about privacy risks. They tended to use

default privacy configurations and personal data were

generously provided. More recent studies, like the one

from Boyd and Hargittai , show that the privacy

awareness of OSNS users has increased lately. The

widespread media attention on OSNS and on situations

where the leakage of personal information of OSNS

users affected their lives has positively influenced the

way OSNS users manage their privacy. Nevertheless,

the high number of privacy risks that affect OSNS

user’s leaves room for improvement in this field of

study.

The most important OSNS users’ privacy

concerns are: identity theft, unauthorized access, misuse

of personal information and stalking, and profiling. This

threat refers to the possibility of a malicious

dissemination of previously collected information. For

instance, users may face blackmailing situations when

embarrassing data is collected from a OSNS by a third

party. In the context of SNSs, misuse of personal

information usually occurs when users disclose

inappropriate information due to negligence during the

configuration of their privacy settings or ignorance

about how privacy is managed on the OSNS.

The rest of privacy threats affect different

levels of privacy on OSNSs and fall out of the scope of

this study. Identity theft and unauthorized access are

related to access control enforcement. For example,

unauthorized access can occur if the authentication

mechanisms of the OSNS are not good enough or if the

communication between the user and the OSNS is not

properly encrypted. Profiling is a threat when the party

which owns the information on the OSNS is not

trustworthy. A typical case of profiling occurs when the

party that manages the OSNS sells the information

available on the OSNS to third parties that use it for

marketing purposes.

2 RELATED WORKS

There is an extensive body of research on

protecting and examining privacy in social networks.

The most related of these works to our research are

attempt to demonstrate in the current privacy controls of

social networks. Zheleva et al. Examine the risks of

revealing group membership and friendships, while He

et al. model correlated features between friends as a

Bayesian network.

Adapting previous approaches to attribute

inference, Mislove et al. looked at community

structures among friends, finding that tight-knit

(3)

16

Our work can be seen as a refinement of their

techniques, presenting new ways to identify meaningful

friends and filter relationships that are likely to impede

inference. We also examine previously unexplored

avenues such as wall posts for inference, pointing out

that any relationship or tag between two users can

potentially violate privacy.

While we limit our discussion to preventing

crawling and mining by third parties, other researchers

have looked at how to protect information from social

network providers and server break-ins. yByNight,

NOYB, and FaceCloak all use encryption or

steganography to protect a user's personal information

to prevent a social network operator such as Facebook

from reading or mining personal data. Keys are then

distributed to trusted friends out of band from the social

network operator, allowing friends to decrypt profile

information.

Despite the potential added privacy from

encryption, each of these protection mechanisms rely on

the social network to keep track of friends and do not

extend to content posted by friends, leaving users

exposed to the inference techniques we describe.

Other research in extending social network

privacy includes protecting users from third party

applications. Social networks such as MySpace and

Facebook allow users to install applications such as

games or media plug-ins, in turn granting the

application access to all of their personal data.

Applications currently lack access control restrictions,

allowing programs to of load all of a user's data in

addition to that of a user's friends. Felt et al. and Singh

et al. both propose new application architectures to

restrict personal data available to applications. Because

applications are granted access to both the installer's

data and the installer's friend's data, application security

must address the requirements of multi-party privacy to

guarantee users are not put at risk by their friends.

In addition to privacy protections within social

networks, data released by network operators to the

public also poses a significant challenge to user privacy.

De-anonymization efforts have shown that publishing

anonymized or restricted social graph information is

riddled with complications. These same techniques for

de anonymization can also be used for inferring

properties about data leaked by users within social

networks, highlighting the need for better privacy

controls that suit the range of each user’s privacy

expectations.

3 CHALLENGES AND CONTRIBUTIONS

To understand the risks posed by the lack of

joint privacy controls in social networks, we construct a

formalism for privacy conflicts that defines the

situations where a user's privacy can be violated and the

extent of information leaked. To develop this

formalism, we begin by analyzing scenarios in

Facebook where users can unintentionally violate one

another's privacy. We then deconstruct these examples

into a formalism that captures all potential privacy

conflicts. Exploring Privacy Conflicts Social networks

are inherently designed for users to share content and

make connections. When two users disagree on whom

content should be exposed to, we say a privacy conflict

occurs. Multiple privacy conflicts can occur between a

user and his friends, each revealing a potentially unique

sensitive detail. We specifically analyze two scenarios

in Facebook friendship and wall posts to understand the

types of information exposed by conflicts.

Friendship: A central feature of social networks is the

ability of users to disclose relationships with other

members. Each relationship carries potentially sensitive

information that either user may not wish revealed.

While Facebook provides a mechanism to conceal a

user's list of friends, the user can only control one

(4)

17

Consider a scenario where a user Alice adopts

a policy that conceals all her friends from the public.

On the other hand, Bob, one of Alice's friends, adopts a

weaker policy that allows any user to view his friends.

In this case, Alice's relationship with Bob can still be

learned through Bob. We say that a privacy conflict

occurs as Alice's privacy is violated by Bob's weaker

privacy requirements.

Wall Posts and Tagging: Wall posts and status updates

provide users with a built-in mechanism to

communicate and share comments with other users.

Each post consists of a sender, receiver, and the content

to be displayed. Facebook currently allows only the

receiver to specify a privacy policy. When Alice leaves

a message on Bob's wall, she relinquishes all privacy

control over her comments. Similarly, if Alice posts to

her own wall, she has sole control over who can view

the message, even if she references other users who

wish to remain anonymous.

By ignoring the privacy concerns of all but one

user, information can be exposed that puts other friends

at risk. Consider an example where Alice makes a

public comment on her own profile stating \Skipping

work with @Bob and hitting the bars at 9am". Bob is

unambiguously identified by the message, but cannot

specify that the message should not be broadcast to the

public per his privacy policy. Alternatively, if Alice

posts on Bob's profile about current relationship trouble,

she cannot specify that the message should only be

visible by her friends, not all of Facebook.

Additional Conflicts: Friendship and wall posts

represent only two of numerous situations where

Facebook and other social networks lack multi-party

privacy. Group membership, fan pages, event

attendance, photo tagging, and video tagging are

additional situations where multiple parties can be

referenced by data, but cannot control its exposure.

Each exposure leaks sensitive information about a user

even if the strictest privacy controls available are

adopted.

4. METHODOLOGY OVERVIEW

We evaluate our approach for privacy conflict

resolution by comparing our solution with the naive

solution and the privacy control solution used by

existing OSNs, such as Facebook with respect to two

metrics, privacy risk and sharing loss. Consider the

example demonstrated in Figure 1, where three

controllers desire to regulate access of a shared data

item.

Figure 1: Example of Privacy Conflict Identification

Based on Accessor Space Segmentation.

The naive solution is that only the accessors in

the non-conflicting segment are allowed to access the

data item as shown in Figure 2(a). Thus, the privacy

risk is always equal to 0 for this solution. However, the

sharing loss is the absolute maximum, as all conflicting

segments, which may be allowed by at least one

controller, are always denied. The Facebook solution is

that the owner’s decision has the highest priority. All

accessors within the segments covered by the owner’s

space are allowed to access the data item, but all other

accessors are denied as illustrated in Figure 2(b). This

is, obviously, ideal for the owner, since her/his privacy

risk and sharing loss are both equal to 0. However, the

privacy risk and the sharing loss are large for every

(5)

18

Figure 2 Example of Resolving Privacy Conflicts.

CONCLUSION AND FEATURE WORKS

In this paper, we have reviewed approaches

that offer partial solutions to the most critical problems

of privacy management on OSNSs. However, current

OSNSs have not adopted them and still lack the suitable

privacy management tools. Approaches like Google+,

where the control of information dissemination has

been given great visibility, are first steps towards

OSNSs that are more respectful of privacy. In the

not-so-distant future we envision an OSNS that offers a

privacy mechanism that satisfies every requisite

mentioned in this paper and provides the features that

users demand. In order to develop this ideal OSNS,

developers and researchers will have to deal with

several challenges. Our conflict resolution mechanism

considers privacy-sharing tradeoff by quantifying

privacy risk and sharing loss. Also, we have described a

proof-of-concept implementation of our solution called

Retinue, along with the extensive evaluation of our

approach. As part of future work, we will formulate a

comprehensive access control model to capture the

essence of collaborative authorization requirements for

data sharing in OSNs.

REFERENCES

[1] Internet.org. (2014). A focus on efficiency

[Online]. Available:

http://internet.org/efficiencypaper

[2] K. Thomas, C. Grier, and D. M. Nicol,

―Unfriendly: Multi-party privacy risks in social networks,‖ in Proc. 10th Int. Symp.

Privacy Enhancing Technol., 2010, pp. 236–

252.

[3] A. Lampinen, V. Lehtinen, A. Lehmuskallio,

and S. Tamminen, ―We’re in it together:

Interpersonal management of disclosure in

social network services,‖ in Proc. SIGCHI

Conf. Human Factors Comput. Syst., 2011, pp.

3217–3226.

[4] P. Wisniewski, H. Lipford, and D. Wilson,

―Fighting for my space: Coping mechanisms for SNS boundary regulation,‖ in Proc.

SIGCHI Conf. Human Factors Comput. Syst.,

2012, pp. 609–618.

[5] A. Besmer and H. Richter Lipford, ―Moving

beyond untagging: Photo privacy in a tagged

world,‖ in Proc. SIGCHI Conf. Human Factors

Comput. Syst., 2010, pp. 1563–1572.

[6] Facebook NewsRoom. (2013). One billion—

key metrics [Online]. Available:

http://newsroom.fb.com/download-media/4227

[7] J. M. Such, A. Espinosa, and A.

Garc_ıa-Fornes, ―A survey of privacy in multi-agent systems,‖ Knowl. Eng. Rev., vol. 29, no. 03,

pp. 314–344, 2014.

[8] R. L. Fogues, J. M. Such, A. Espinosa, and A.

Garcia-Fornes, ―Open challenges in

relationship-based privacy mechanisms for

social network services,‖ Int. J.

Human-Comput. Interaction, vol. 31, no. 5, pp. 350–

370, 2015.

[9] R. Wishart, D. Corapi, S. Marinovic, and M.

Sloman, ―Collaborative privacy policy

authoring in a social networking context,‖ in

Proc.IEEE Int. Symp. Policies Distrib. Syst.

(6)

19

[10] A. Squicciarini, M. Shehab, and F. Paci,

―Collective privacy management in social networks,‖ in Proc. 18th Int. Conf. World

Wide Web, 2009, pp. 521–530.

[11] B. Carminati and E. Ferrari, ―Collaborative

access control in online social networks,‖ in

Proc. 7th Int. Conf. Collaborative Comput.:

Netw. Appl. Worksharing, 2011, pp. 231–240.

[12] H. Hu, G.-J. Ahn, and J. Jorgensen, ―Detecting

and resolving privacy conflicts for

collaborative data sharing in online social

networks,‖ in Proc. 27th Annu. Comput.

Security Appl. Conf., 2011,pp. 103–112.

[Online]. Available:

http://doi.acm.org/10.1145/2076732.2076747

[13] H. Hu, G. Ahn, and J. Jorgensen, ―Multiparty

access control for online social networks:

Model and mechanisms,‖ IEEE Trans. Knowl.

Data Eng., vol. 25, no. 7, pp. 1614–1627, Jul.

Figure

Figure 1: Example of Privacy Conflict Identification  Based on Accessor Space Segmentation

References

Related documents

In experiment 2, the concentrations of Cd in both shoots and roots were decreased significantly ( P < 0.01) by increasing Zn in the solution (Fig. 3a), with the effect

List of The COVID- 19 Mental Health Policy Research Unit Group members: Andy Bell (Centre for Mental Health, London, UK), Francesca Bentivegna (NIHR Mental Health Policy

A hyperspectral imager coupled with partial least squares regression was successfully applied in the detection of fusarium head blight and yellow rust infection in winter wheat

The effect of planting with water on early height growth in Zululand North, effect of planting season in both regions and the effect of blanking on final tonnes in Zululand South

The achievement of exclusive breast- feeding coverage targets and the still high incidence of tonsillitis the reasons of the researchers to conduct a study to

Iako je 47% bolesnika s CIS-om imalo patološki odgovor na PP-HUT-u rezultati ovog istraživanja pokazaju da učestalost patološkog odgovora na ortostatsku provokaciju kod bolesnika

Zeng F, Shabala L, Zhou M, Zhang G, Shabala S, (2013) Barley responses to combined waterlogging and salinity stress: separating effects of oxygen deprivation

On the question of relief, the question is not whether material gathered by illegal means is “admissible”, as the Respondent suggests in paragraphs 2-6 of the