Protecting Public OSN Posts from Unintended Access

The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or previously have not been accepted as contacts in any case is only possible via public posts, which can easily be abused by automatic harvesting for user profiling, targeted spearphishing, or spamming. Moreover, users are restricted to the access rules defined by the provider, which may be overly restrictive, cumbersome to define, or insufficiently fine-grained. We suggest a complementary approach that can be easily deployed in addition to existing access control schemes, does not require any interaction, and includes even public, unsubscribed users. It exploits the fact that different social circles of a user share different experiences and hence encrypts arbitrary posts. Hence arbitrary posts are encrypted, such that only users with sufficient knowledge about the owner can decrypt. Assembling only well-established cryptographic primitives, we prove that the security of our scheme is determined by the entropy of the required knowledge. We consequently analyze the efficiency of an informed dictionary attack and assess the entropy to be on par with common passwords. A fully functional implementation is used for performance evaluations, and available for download on the Web

Two Notions of Privacy Online

Users of social networking websites tend to disclose much personal information online yet seem to retain some form of an expectation of privacy. Is this expectation of privacy always unreasonable? How do users of online social networks define their expectations of privacy online? These questions were the impetus behind an empirical study, the findings of which are presented in this Article. The project, simultaneously conducted in Canada, at Ryerson University, and in the United States, at the University of Miami, consisted of a survey regarding personal information protection and expectations of privacy on online social networks (OSNs). Approximately 2,500 young adults between the ages of 18 and 24 were surveyed about the personal information they post online, the measures they take to protect such information, and their concerns, if any, regarding their personal information. Respondents also reacted to several hypothetical scenarios in which their privacy was breached on an OSN by measures both within and beyond their control. The theoretical assumption underlying this research project is that two prevalent and competing notions of privacy online exist: one rooted in control and the other in dignity. Of the two, the idea of privacy as control over one\u27s personal information has, to date, been predominant. Legislation, regulation, corporate policy, and technology are often analyzed and evaluated in terms of the measure of control offered to individuals over their personal information. Leading OSNs, such as Facebook and MySpace, propagate a notion of privacy as user control. However, online social networking poses a fundamental challenge to the theory of privacy as control. A high degree of control cannot preclude the possibility that online socializers would post unflattering, defamatory, or personal information about each other, and that this information would in turn be available to a large, if not unrestricted, online audience. Many online socializers post personal information seemingly without much concern over the loss of control, yet it seems that online socializers react with indignation when their personal information is accessed, used, or disclosed by individuals perceived to be outside their social network. The findings presented here indicate indeed that online socializers have developed a new and arguably legitimate notion of privacy online, that if accepted by OSNs, will offer online socializers both control and protection of their dignity and reputation. We call this notion network privacy. According to network privacy, information is considered by online socializers to be private as long as it is not disclosed outside of the network to which they initially disclosed it, if it originates with them, or as long as it does not affect their established online personae, if it originates with others. OSNs, as businesses profiting from socializing online, are best positioned to offer online socializers, often the young and vulnerable, effective protection in accordance with their notion of network privacy above and beyond regular measures of personal information control, and they should be required to do so

Social media and its effect on privacy

While research has been conducted on social media, few comparisons have been made in regards to the privacy issues that exist within the most common social media networks, such as Facebook, Google Plus, and Twitter. Most research has concentrated on technical issues with the networks and on the effects of social media in fields such as medicine, law, and science. Although the effects on these fields are beneficial to the people related to them, few studies have shown how everyday users are affected by the use of social media. Social media networks affect the privacy of users because the networks control what happens to user contact information, posts, and other delicate disclosures that users make on those networks. Social media networks also have the ability to sync with phone and tablet applications. Because the use of these applications requires additional contact information from users, social media networks are entrusted with keeping user information secure. This paper analyzes newspaper articles, magazine articles, and research papers pertaining to social media to determine what effects social media has on the user\u27s privacy and how much trust should be placed in social media networks such as Facebook. It provides a comprehensive view of the most used social media networks in 2012 and offers methods and suggestions for users to help protect themselves against privacy invasion

Facebook Users Attitudes towards Secondary Use of Personal Information

This paper reports on a study of how user attitudes to institutional privacy change after exposing users to potential inferences that can be made from information disclosed on Facebook. Two sets of focus group sessions with Facebook users were conducted. Three sessions were conducted by demonstrating to the users, on a general level, what can be inferred from posts using prototypical software called DataBait. Another set of three sessions let the users experience the potential inferences from their own actual Facebook profiles by using the DataBait tool. Findings suggest that the participants’ attitudes to secondary use of information changed from affective to cognitive when they were exposed to potential third-party inferences using their own actual personal information. This observation calls for more research into online tools that allow users to manage and educate themselves dynamically about their own disclosure practices

Privacy Intelligence: A Survey on Image Sharing on Online Social Networks

Image sharing on online social networks (OSNs) has become an indispensable part of daily social activities, but it has also led to an increased risk of privacy invasion. The recent image leaks from popular OSN services and the abuse of personal photos using advanced algorithms (e.g. DeepFake) have prompted the public to rethink individual privacy needs when sharing images on OSNs. However, OSN image sharing itself is relatively complicated, and systems currently in place to manage privacy in practice are labor-intensive yet fail to provide personalized, accurate and flexible privacy protection. As a result, an more intelligent environment for privacy-friendly OSN image sharing is in demand. To fill the gap, we contribute a systematic survey of 'privacy intelligence' solutions that target modern privacy issues related to OSN image sharing. Specifically, we present a high-level analysis framework based on the entire lifecycle of OSN image sharing to address the various privacy issues and solutions facing this interdisciplinary field. The framework is divided into three main stages: local management, online management and social experience. At each stage, we identify typical sharing-related user behaviors, the privacy issues generated by those behaviors, and review representative intelligent solutions. The resulting analysis describes an intelligent privacy-enhancing chain for closed-loop privacy management. We also discuss the challenges and future directions existing at each stage, as well as in publicly available datasets.Comment: 32 pages, 9 figures. Under revie