A Smart Wizard System Suitable for Use With Internet Mobile Devices to Adjust Personal Information Privacy Settings

The privacy of personal information is an important issue affecting the confidence of internet users. The widespread adoption of online social networks and access to these platforms using mobile devices has encouraged developers to make the systems and interfaces acceptable to users who seek privacy. The aim of this study is to test a wizard that allows users to control the sharing of personal information with others. We also assess the concerns of users in terms of such sharing such as whether to hide personal data in current online social network accounts. Survey results showed the wizard worked very well and that females concealed more personal information than did males. In addition, most users who were concerned about misuse of personal information hid those items. The results can be used to upgrade current privacy systems or to design new systems that work on mobile internet devices. The system can also be used to save time when setting personal privacy settings and makes users more aware of items that will be shared with others.Comment: 16 pages, 8 figures, 2 table

Detecting privacy preferences from online social footprints: a literature review

Providing personalized content can be of great value to both users and vendors. However, effective personalization hinges on collecting large amounts of personal data about users. With the exponential growth of activities in social networking websites, they have become a prominent platform to gather and analyze such information. Even though there exist a considerable number of social media users with publicly available data, previous studies have revealed a dichotomy between privacy-related intentions and behaviours. Users often face difficulties specifying privacy policies that are consistent with their actual privacy concerns and attitudes, and simply follow the default permissive privacy setting. Therefore, despite the availability of data, it is imperative to develop and employ algorithms to automatically predict users’ privacy preferences for personalization purposes. In this document, we review prior studies that tackle this challenging task and make use of users’ online social footprints to discover their desired privacy settings

Secure information sharing on Decentralized Social Networks.

Decentralized Social Networks (DSNs) are web-based platforms built on distributed systems (federations) composed of multiple providers (pods) that run the same social networking service. DSNs have been presented as a valid alternative to Online Social Networks (OSNs), replacing the centralized paradigm of OSNs with a decentralized distribution of the features o↵ered by the social networking platform. Similarly to commercial OSNs, DSNs o↵er to their subscribed users a number of distinctive features, such as the possibility to share resources with other subscribed users or the possibility to establish virtual relationships with other DSN users. On the other hand, each DSN user takes part in the service, choosing to store personal data on his/her own trusted provider inside the federation or to deploy his/her own provider on a private machine. This, thus, gives each DSN user direct control of his/hers data and prevents the social network provider from performing data mining analysis over these information. Unfortunately, the deployment of a personal DSN pod is not as simple as it sounds. Indeed, each pod’s owner has to maintain the security, integrity, and reliability of all the data stored in that provider. Furthermore, given the amount of data produced each day in a social network service, it is reasonable to assume that the majority of users cannot a↵ord the upkeep of an hardware capable of handling such amount of information. As a result, it has been shown that most of DSN users prefer to subscribe to an existing provider despite setting up a new one, bringing to an indirect centralization of data that leads DSNs to su↵er of the same issues as centralized social network services. In order to overcome this issue in this thesis we have investigated the possibility for DSN providers to lean on modern cloud-based storage services so as to o↵er a cloudbased information sharing service. This has required to deal with many challenges. As such, we have investigated the definition of cryptographic protocols enabling DSN users to securely store their resources in the public cloud, along with the definition of communication protocols ensuring that decryption keys are distributed only to authorized users, that is users that satisfy at least one of the access control policies specified by data owner according to Relationship-based access control model (RelBAC) [20, 34]. In addition, it has emerged that even DSN users have the same difficulties as OSN users in defining RelBAC rules that properly express their attitude towards their own privacy. Indeed, it is nowadays well accepted that the definition of access control policies is an error-prone task. Then, since misconfigured RelBAC policies may lead to harmful data release and may expose the privacy of others as well, we believe that DSN users should be assisted in the RelBAC policy definition process. At this purpose, we have designed a RelBAC policy recommendation system such that it can learn from DSN users their own attitude towards privacy, and exploits all the learned data to assist DSN users in the definition of RelBAC policies by suggesting customized privacy rules. Nevertheless, despite the presence of the above mentioned policy recommender, it is reasonable to assume that misconfigured RelBAC rules may appear in the system. However, rather than considering all misconfigured policies as leading to potentially harmful situations, we have considered that they might even lead to an exacerbated data restriction that brings to a loss of utility to DSN users. As an example, assuming that a low resolution and an high resolution version of the same picture are uploaded in the network, we believe that the low-res version should be granted to all those users who are granted to access the hi-res version, even though, due to a misconfiurated system, no policy explicitly authorizes them on the low-res picture. As such, we have designed a technique capable of exploiting all the existing data dependencies (i.e., any correlation between data) as a mean for increasing the system utility, that is, the number of queries that can be safely answered. Then, we have defined a query rewriting technique capable of extending defined access control policy authorizations by exploiting data dependencies, in order to authorize unauthorized but inferable data. In this thesis we present a complete description of the above mentioned proposals, along with the experimental results of the tests that have been carried out so as to verify the feasibility of the presented techniques

A Framework to Enhance Privacy-Awareness in Mobile Web Systems

In the last decade, the use of online social network sites has dramatically increased and these sites have succeeded in attracting a large number of users. The social network site has become a daily tool people use to find out about the latest news and to share details of their personal information. Many people use Internet mobile devices to browse these sites. The widespread use of some technologies unnecessarily puts the privacy of users at risk, even when these users remain anonymous. This study examines the risks to privacy surrounding the misuse of users' personal information, such as maintaining trustworthy sites, as well as privacy issues associated with sharing personal information with others. This study also develops a framework to enhance privacy awareness in mobile Web systems. A privacy framework is proposed that incorporates suitability in the design and flexibility in the use to suit different types of Web mobile devices, and provides simple ways of adjusting and creating different privacy policies. This framework allows the user to create different levels of privacy settings and to better manage the exchange of personal information with other sites. The proposed conceptual model for this study is derived from a review of the literature and the current privacy models. It shows how online users are able to create different privacy policies and set different policies to access the data. It also explains how the centrality of personal information details in one server will limit the distribution of personal information over the Internet and will provide users with more authority to control the sharing of their information with other websites. The design of the proposed framework is derived from developing other privacy models and adding new ideas that enhance the security level of protecting the privacy of users' information. The study consists of five main tasks that include two different qualitative methodologies, programming two applications and testing the framework