Online Privacy as a Collective Phenomenon

The problem of online privacy is often reduced to individual decisions to hide or reveal personal information in online social networks (OSNs). However, with the increasing use of OSNs, it becomes more important to understand the role of the social network in disclosing personal information that a user has not revealed voluntarily: How much of our private information do our friends disclose about us, and how much of our privacy is lost simply because of online social interaction? Without strong technical effort, an OSN may be able to exploit the assortativity of human private features, this way constructing shadow profiles with information that users chose not to share. Furthermore, because many users share their phone and email contact lists, this allows an OSN to create full shadow profiles for people who do not even have an account for this OSN. We empirically test the feasibility of constructing shadow profiles of sexual orientation for users and non-users, using data from more than 3 Million accounts of a single OSN. We quantify a lower bound for the predictive power derived from the social network of a user, to demonstrate how the predictability of sexual orientation increases with the size of this network and the tendency to share personal information. This allows us to define a privacy leak factor that links individual privacy loss with the decision of other individuals to disclose information. Our statistical analysis reveals that some individuals are at a higher risk of privacy loss, as prediction accuracy increases for users with a larger and more homogeneous first- and second-order neighborhood of their social network. While we do not provide evidence that shadow profiles exist at all, our results show that disclosing of private information is not restricted to an individual choice, but becomes a collective decision that has implications for policy and privacy regulation

How Far Removed Are You? Scalable Privacy-Preserving Estimation of Social Path Length with Social PaL

Social relationships are a natural basis on which humans make trust decisions. Online Social Networks (OSNs) are increasingly often used to let users base trust decisions on the existence and the strength of social relationships. While most OSNs allow users to discover the length of the social path to other users, they do so in a centralized way, thus requiring them to rely on the service provider and reveal their interest in each other. This paper presents Social PaL, a system supporting the privacy-preserving discovery of arbitrary-length social paths between any two social network users. We overcome the bootstrapping problem encountered in all related prior work, demonstrating that Social PaL allows its users to find all paths of length two and to discover a significant fraction of longer paths, even when only a small fraction of OSN users is in the Social PaL system - e.g., discovering 70% of all paths with only 40% of the users. We implement Social PaL using a scalable server-side architecture and a modular Android client library, allowing developers to seamlessly integrate it into their apps.Comment: A preliminary version of this paper appears in ACM WiSec 2015. This is the full versio

A Privacy-Preserving Social P2P Infrastructure for People-Centric Sensing

The rapid miniaturization and integration of sensor technologies into mobile Internet devices combined with Online Social Networks allows for enhanced sensor information querying, subscription, and task placement within People-Centric Sensing networks. However, PCS systems which exploit knowledge about OSN user profiles and context information for enhanced service provision might cause an unsolicited application and dissemination of highly personal and sensitive data. In this paper, we propose a protocol extension to our OSN design Vegas which enables secure, privacy-preserving, and trustful P2P communication between PCS participants. By securing knowledge about social links with standard public key cryptography, we achieve a degree of anonymity at a trust level which is almost good as that provided by a centralized trusted third party

A Survey of Social Network Forensics

Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent any criminal activities in different forms. It will also help researchers to develop new models / techniques in the future. This paper provides literature review of the social network forensics methods, models, and techniques in order to provide an overview to the researchers for their future works as well as the law enforcement investigators for their investigations when crimes are committed in the cyber space. It also provides awareness and defense methods for OSN users in order to protect them against to social attacks

Two Notions of Privacy Online

Users of social networking websites tend to disclose much personal information online yet seem to retain some form of an expectation of privacy. Is this expectation of privacy always unreasonable? How do users of online social networks define their expectations of privacy online? These questions were the impetus behind an empirical study, the findings of which are presented in this Article. The project, simultaneously conducted in Canada, at Ryerson University, and in the United States, at the University of Miami, consisted of a survey regarding personal information protection and expectations of privacy on online social networks (OSNs). Approximately 2,500 young adults between the ages of 18 and 24 were surveyed about the personal information they post online, the measures they take to protect such information, and their concerns, if any, regarding their personal information. Respondents also reacted to several hypothetical scenarios in which their privacy was breached on an OSN by measures both within and beyond their control. The theoretical assumption underlying this research project is that two prevalent and competing notions of privacy online exist: one rooted in control and the other in dignity. Of the two, the idea of privacy as control over one\u27s personal information has, to date, been predominant. Legislation, regulation, corporate policy, and technology are often analyzed and evaluated in terms of the measure of control offered to individuals over their personal information. Leading OSNs, such as Facebook and MySpace, propagate a notion of privacy as user control. However, online social networking poses a fundamental challenge to the theory of privacy as control. A high degree of control cannot preclude the possibility that online socializers would post unflattering, defamatory, or personal information about each other, and that this information would in turn be available to a large, if not unrestricted, online audience. Many online socializers post personal information seemingly without much concern over the loss of control, yet it seems that online socializers react with indignation when their personal information is accessed, used, or disclosed by individuals perceived to be outside their social network. The findings presented here indicate indeed that online socializers have developed a new and arguably legitimate notion of privacy online, that if accepted by OSNs, will offer online socializers both control and protection of their dignity and reputation. We call this notion network privacy. According to network privacy, information is considered by online socializers to be private as long as it is not disclosed outside of the network to which they initially disclosed it, if it originates with them, or as long as it does not affect their established online personae, if it originates with others. OSNs, as businesses profiting from socializing online, are best positioned to offer online socializers, often the young and vulnerable, effective protection in accordance with their notion of network privacy above and beyond regular measures of personal information control, and they should be required to do so

PRIVACY ISSUES IN ONLINE SOCIAL NETWORKS: USER BEHAVIORS AND THIRD-PARTY APPLICATIONS

In contemporary society, social networking websites has developed dramatically and became an indispensable component in our daily life. Since it can help create a more feature-rich online social community, third-party service has been widely adopted in online social networks (OSNs). Integrating these third-party sites and applications has not only extended business of both social network server and third party and but also promises to break down the garden walls of social-networking sites. While at the same time it dramatically raises concerns on privacy leakage. This article mainly focuses on the privacy disclosure issues caused by user’s behavior and third-party applications and websites. On the one hand, because of the diversity of usage behaviors, the revelation of personal information varies significantly. A survey is conducted to present empirical and quantitative result. On the other hand, the access mechanism between OSN and third party is not perfect enough. Besides, it could be a potential source of privacy leak that third-party services sometimes act as advertisers and information aggregators of a user\u27s traversals. The relevant reasons and internal and external threats are presented. Finally, possible solutions to reduce the increasing information disclosure are provided. Actions should be taken along three fronts: the government, the users themselves as well as the third parties