The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

Peer-produced Privacy Protection A Common-pool Approach

Abstract-Privacy risks have been addressed through technical solutions such as privacy-enhancing technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This implies that self-serving efforts to implement individual privacy preferences lead to socially optimal outcomes with regard to information sharing. Consequently, solutions to specific risks are developed, and even mandated, without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine the limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. In this paper we show how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource and community governance

Peer-produced Privacy Protection A Common-pool Approach

Abstract-Privacy risks have been addressed through technical solutions such as privacy-enhancing technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This implies that self-serving efforts to implement individual privacy preferences lead to socially optimal outcomes with regard to information sharing. Consequently, solutions to specific risks are developed, and even mandated, without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine the limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. In this paper we show how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource and community governance

Profiling user interactions on online social networks.

Over the last couple of years, there has been signi_cant research e_ort in mining user behavior on online social networks for applications ranging from sentiment analysis to marketing. In most of those applications, usually a snapshot of user attributes or user relationships are analyzed to build the data mining models, without considering how user attributes and user relationships can be utilized together. In this thesis, we will describe how user relationships within a social network can be further augmented by information gathered from user generated texts to analyze large scale dynamics of social networks. Speci_cally, we aim at explaining social network interactions by using information gleaned from friendships, pro_les, and status posts of users. Our approach pro_les user interactions in terms of shared similarities among users, and applies the gained knowledge to help users in understanding the inherent reasons, consequences and bene_ts of interacting with other social network users

Supporting lay users in privacy decisions when sharing sensitive data

The first part of the thesis focuses on assisting users in choosing their privacy settings, by using machine learning to derive the optimal set of privacy settings for the user. In contrast to other work, our approach uses context factors as well as individual factors to provide a personalized set of privacy settings. The second part consists of a set of intelligent user interfaces to assist the users throughout the complete privacy journey, from defining friend groups that allow targeted information sharing; through user interfaces for selecting information recipients, to find possible errors or unusual settings, and to refine them; up to mechanisms to gather in-situ feedback on privacy incidents, and investigating how to use these to improve a user’s privacy in the future. Our studies have shown that including tailoring the privacy settings significantly increases the correctness of the predicted privacy settings; whereas the user interfaces have been shown to significantly decrease the amount of unwanted disclosures.Insbesondere nach den jüngsten Datenschutzskandalen in sozialen Netzwerken wird der Datenschutz für Benutzer immer wichtiger. Obwohl die meisten Benutzer behaupten Wert auf Datenschutz zu legen, verhalten sie sich online allerdings völlig anders: Sie lassen die meisten Datenschutzeinstellungen der online genutzten Dienste, wie z. B. von sozialen Netzwerken oder Diensten zur Standortfreigabe, unberührt und passen sie nicht an ihre Datenschutzanforderungen an. In dieser Arbeit werde ich einen Ansatz zur Lösung dieses Problems vorstellen, der auf zwei verschiedenen Säulen basiert. Der erste Teil konzentriert sich darauf, Benutzer bei der Auswahl ihrer Datenschutzeinstellungen zu unterstützen, indem maschinelles Lernen verwendet wird, um die optimalen Datenschutzeinstellungen für den Benutzer abzuleiten. Im Gegensatz zu anderen Arbeiten verwendet unser Ansatz Kontextfaktoren sowie individuelle Faktoren, um personalisierte Datenschutzeinstellungen zu generieren. Der zweite Teil besteht aus einer Reihe intelligenter Benutzeroberflächen, die die Benutzer in verschiedene Datenschutzszenarien unterstützen. Dies beginnt bei einer Oberfläche zur Definition von Freundesgruppen, die im Anschluss genutzt werden können um einen gezielten Informationsaustausch zu ermöglichen, bspw. in sozialen Netzwerken; über Benutzeroberflächen um die Empfänger von privaten Daten auszuwählen oder mögliche Fehler oder ungewöhnliche Datenschutzeinstellungen zu finden und zu verfeinern; bis hin zu Mechanismen, um In-Situ- Feedback zu Datenschutzverletzungen zum Zeitpunkt ihrer Entstehung zu sammeln und zu untersuchen, wie diese verwendet werden können, um die Privatsphäreeinstellungen eines Benutzers anzupassen. Unsere Studien haben gezeigt, dass die Verwendung von individuellen Faktoren die Korrektheit der vorhergesagten Datenschutzeinstellungen erheblich erhöht. Es hat sich gezeigt, dass die Benutzeroberflächen die Anzahl der Fehler, insbesondere versehentliches Teilen von Daten, erheblich verringern

Design and analysis of social network systems (SNS)

In the last few years, online Social Network Systems (SNSs) thrived and changed the overall outlook of the Internet. These systems play an important role in making the Internet social, a hallmark of Web 2.0. Various such systems have been developed to serve a diverse set of needs. SNSs provide not only a space for self-representation, but also mechanisms to build and maintain one’s social network online. A lot of studies have been carried out on such systems to identify how people develop cultures of communication, sharing and participation and also to identify the network structure of such systems. In this thesis, we carry this line of research forward. Our aim is the identification of some key user characteristics and social processes which result in the emergence of a social network. These might help future platform and application developers in creating better, more efficient and more open and user-friendly SNSs. Specifically, we make the following three major contributions: a) One of the distinct features of an SNS is the public listing of friendship links - social network. Most of the personal details such as hometown and workplace information have been hidden from non-friends, but the list of friendships remains open. Being a true representation, people use their real names as their screen names. Such names alone contain detailed cultural information about their ethnicities, religion and even their geographical origins. Our first contribution is that we have made good use of such information by inferring ethnic classification of users of Facebook. We identified how clustered and segregated the overall social network is when users’ inferred ethnicity is taken into account. Different cultures have different behaviours with distinct characteristics. This rich information can be used to develop an understanding and help create diverse applications catering for specific ethnicities and geographical regions; covering both the dominant and non-dominant groups. We have identified ethnicities of a subset of Facebook users with their friends and studied how different ethnicities are connected among and within each other. A large social network dataset of four thousand Manchester Metropolitan University (MMU) students have been selected from Facebook. We have extensively analysed this dataset for its network structure and also its semantic and social structure. Our work suggests our dataset is clustered and segregated on ethnic lines. b) To develop a user liberating SNS where the control and the ownership of rich personal data is in the hands of SNS users, a clear understanding is required of how such systems on an individual and group level are developed and maintained. Never before in Social Sciences was it possible to study society on such a large scale. These systems have facilitated the study of individuals both at a local and global scale. However, at the moment very little knowledge is available to identify how people develop their friendship in reality. So for example, it is not known whether in SNSs people meet others based on their attributes and interests, or if they simply bring online their real lives’ social networks. And more specifically, what processes does one go through to develop her social network. To fill this knowledge gap in this thesis, as our second contribution, we have used a computer simulation technique known as Agent-Based simulation, to develop four simulation models based on both individuals’ affinities and environmental aspects. Specifically, we have developed models of student interaction to develop social networks. Three University’s datasets which include Caltech (Nodes 762, Edges 16651), Princeton (Nodes 6575, Edges 293307) and Georgetown (Nodes 9388, Edges 425619), have been used to check the performance and rigour of the model. Our evidence suggests that ‘friend-of-a-friend’ (FOAF) best represents social interactions in Caltech University. In the case of Princeton and Georgetown, we found a multitude of social and structural processes involved, which are: attribute based (same dormitory, major or high school etc.), social interaction, random meet ups (through parties or other social events) and current friends introducing new friends. c) We observe that in the main, SNSs are centralised, and depend solely on central entities for everything. With huge personal data on such SNSs, advertising and marketing agencies have made very sophisticated systems to gather information about people. It is a goldmine for them for personalised advertisement. Also various governmental agencies have been using SNSs as an excuse to curb potential threats both legally and illegally, to obtain information on numerous users (people). In order to deal with such issues inherent in centralised client-server architecture, as the third contribution of this thesis, we have proposed and implemented a completely decentralised SNS in a peer-to-peer fashion. Our implementation is done in an open source Peer-To-Peer (P2P) client Tribler. To handle the dynamicity of users in a P2P system – their availability, we have developed mechanisms to deal with it. This SNS has been evaluated on a deployed system with real users. This prototype establishes the feasibility of a totally distributed SNS, but its practicality when scaled to a full system would require more work