Enhancing Privacy Management on Social Network Services

Tesis por compendioIn the recent years, social network services, such as Facebook or LinkedIn, have experienced an exponential growth. People enjoy their functionalities, such as sharing photos, finding friends, looking for jobs, and in general, they appreciate the social benefits that social networks provide. However, as using social network has become routine for many people, privacy breaches that may occur in social network services have increased users' concerns. For example, it is easy to find news about people being fired because of something they shared on a social network. To enable people define their privacy settings, service providers employ simple access controls which usually rely exclusively on lists or circles of friends. Although these access controls are easy to configure by average users, research literature points out that they are lacking elements, such as tie strength, that play a key role when users decide what to share and with whom. Additionally, despite the simplicity of current access controls, research on privacy on social media reports that people still struggle to effectively control how their information flows on these services. To provide users with a more robust privacy framework, related literature proposes a new paradigm for access controls based on relationships. In contrast to traditional access controls where permissions are granted based on users and their roles, this paradigm employs social elements such as the relationship between the information owner and potential viewers (e.g., only my siblings can see this photo). Access controls that follow this paradigm provide users with mechanisms for disclosure control that represent more naturally how humans reason about privacy. Furthermore, these access controls can deal with specific issues that social network services present. Specifically, users often share information that concerns many people, especially other members of the social network. In such situations, two or more people can have conflicting privacy preferences; thus, an appropriate sharing policy may not be apparent. These situations are usually identified as multiuser privacy scenarios. Since relationship based access controls are complex for the average social network user, service providers have not adopted them. Therefore, to enable the implementation of such access controls in current social networks, tools and mechanisms that facilitate their use must be provided. To that aim, this thesis makes five contributions: (1) a review of related research on privacy management on social networks that identifies pressing challenges in the field, (2) BFF, a tool for eliciting automatically tie strength and user communities, (3) a new access control that employs communities, individual identifiers, tie strength, and content tags, (4) a novel model for representing and reasoning about multiuser privacy scenarios, employing three types of features: contextual factors, user preferences, and user arguments; and, (5) Muppet, a tool that recommends sharing policies in multiuser privacy scenarios.En los últimos años, los servicios de redes sociales, como Facebook o LinkedIn, han experimentado un crecimiento exponencial. Los usuarios valoran positivamente sus muchas funcionalidades tales como compartir fotos, o búsqueda de amigos y trabajo. En general, los usuarios aprecian los beneficios que las redes sociales les aportan. Sin embargo, mientras el uso de redes sociales se ha convertido en rutina para mucha gente, brechas de privacidad que pueden ocurrir en redes sociales han aumentado los recelos de los usuarios. Por ejemplo, es sencillo encontrar en las noticias casos sobre personas que han perdido su empleo debido a algo que compartieron en una red social. Para facilitar la definición de los ajustes de privacidad, los proveedores de servicios emplean controles de acceso sencillos que normalmente se basan, de forma exclusiva, en listas o círculos de amigos. Aunque estos controles de acceso son fáciles de configurar por un usuario medio, investigaciones recientes indican que éstos carecen de elementos tales como la intensidad de los vínculos personales, que juegan un papel clave en cómo los usuarios deciden qué compartir y con quién. Además, a pesar de la simplicidad de los controles de acceso, investigaciones sobre privacidad en redes sociales señalan que los usuarios han de esforzarse para controlar de forma efectiva como su información fluye en estos servicios. Para ofrecer a los usuarios un marco de privacidad más robusto, trabajos recientes proponen un nuevo paradigma para controles de acceso basado en relaciones. A diferencia de los controles de acceso tradicionales donde los permisos se otorgan en base a usuarios y sus roles, este paradigma emplea elementos sociales como la relación entre el propietario de la información y su audiencia potencial (por ejemplo, sólo mis hermanos pueden ver la foto). Los controles de acceso que siguen este paradigma ofrecen a los usuarios mecanismos para el control de la privacidad que representan de una forma más natural como los humanos razonan sobre cuestiones de privacidad. Además, estos controles de acceso pueden lidiar con problemáticas específicas que presentan las redes sociales. Específicamente, los usuarios comparten de forma habitual información que atañe a muchas personas, especialmente a otros miembros de la red social. En tales situaciones, dos o más personas pueden tener preferencias de privacidad que entran en conflicto. Cuando esto ocurre, no hay una configuración correcta de privacidad que sea evidente. Estas situaciones son normalmente identificadas como escenarios de privacidad multiusuario. Dado que los controles de acceso basados en relaciones son complejos para el usuario promedio de redes sociales, los proveedores de servicios no los han adoptado. Por lo tanto, para permitir la implementación de tales controles de acceso en redes sociales actuales, es necesario que se ofrezcan herramientas y mecanismos que faciliten su uso. En este sentido, esta tesis presenta cinco contribuciones: (1) una revisión del estado del arte en manejo de privacidad en redes sociales que permite identificar los retos más importantes en el campo, (2) BFF, una herramienta para obtener automáticamente la intensidad de los vínculos personales y las comunidades de usuarios, (3) un nuevo control de acceso que emplea comunidades, identificadores individuales, la intensidad de los vínculos personales, y etiquetas de contenido, (4) un modelo novedoso para representar y razonar sobre escenarios de privacidad multiusario que emplea tres tipos de características: factores contextuales, preferencias de usuario, y argumentos de usuario; y, (5) Muppet, una herramienta que recomienda configuraciones de privacidad en escenarios de privacidad multiusuario.En els darrers anys, els servicis de xarxes socials, com Facebook o LinkedIn, han experimentat un creixement exponencial. Els usuaris valoren positivament les seues variades funcionalitats com la compartició de fotos o la cerca d'amics i treball. En general, els usuaris aprecien els beneficis que les xarxes socials els aporten. No obstant això, mentre l'ús de les xarxes socials s'ha convertit en rutina per a molta gent, bretxes de privacitat que poden ocórrer en xarxes socials han augmentat els recels dels usuaris. Per exemple, és senzill trobar notícies sobre persones que han perdut el seu treball per alguna cosa que compartiren a una xarxa social. Per facilitar la definició dels ajustos de privacitat, els proveïdors de servicis empren controls d'accés senzills que normalment es basen, de forma exclusiva, en llistes o cercles d'amics. Encara que aquests controls d'accés són fàcils d'emprar per a un usuari mitjà, investigacions recents indiquen que aquests manquen elements com la força dels vincles personals, que juguen un paper clau en com els usuaris decideixen què compartir i amb qui. A més a més, malgrat la simplicitat dels controls d'accés, investigacions sobre privacitat en xarxes socials revelen que els usuaris han d'esforçar-se per a controlar de forma efectiva com fluix la seua informació en aquests servicis. Per a oferir als usuaris un marc de privacitat més robust, treballs recents proposen un nou paradigma per a controls d'accés basat en relacions. A diferència dels controls d'accés tradicionals on els permisos s'atorguen segons usuaris i els seus rols, aquest paradigma empra elements socials com la relació entre el propietari de la informació i la seua audiència potencial (per exemple, sols els meus germans poden veure aquesta foto). Els controls d'accés que segueixen aquest paradigma ofereixen als usuaris mecanismes per al control de la privacitat que representen d'una forma més natural com els humans raonen sobre la privacitat. A més a més, aquests controls d'accés poden resoldre problemàtiques específiques que presenten les xarxes socials. Específicament, els usuaris comparteixen de forma habitual informació que concerneix moltes persones, especialment a altres membres de la xarxa social. En aquestes situacions, dues o més persones poden tindre preferències de privacitat que entren en conflicte. Quan açò ocorre, no hi ha una configuració de privacitat correcta que siga evident. Aquestes situacions són normalment identificades com escenaris de privacitat multiusari. Donat que els controls d'accés basats en relacions són complexos per a l'usuari mitjà de xarxes socials, els proveïdors de servicis no els han adoptat. Per tant, per a permetre la implementació d'aquests controls d'accés en xarxes socials actuals, és necessari oferir ferramentes i mecanismes que faciliten el seu ús. En aquest sentit, aquesta tesi presenta cinc contribucions: (1) una revisió de l'estat de l'art en maneig de privacitat en xarxes socials que permet identificar els reptes més importants en el camp, (2) BFF, una ferramenta per a obtenir automàticament la força dels vincles personals i les comunitats d'usuaris, (3) un nou control d'accés que empra comunitats, identificadors individuals, força dels vincles personals, i etiquetes de contingut, (4) un model nou per a representar i raonar sobre escenaris de privacitat multiusari que empra tres tipus de característiques: factors contextuals, preferències d'usuari, i arguments d'usuaris; i, (5) Muppet, una ferramenta que recomana configuracions de privacitat en escenaris de privacitat multiusuari.López Fogués, R. (2017). Enhancing Privacy Management on Social Network Services [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/85978TESISCompendi

Magentix2: Una nueva plataforma para sistemas multiagente abiertos

En este trabajo, se presenta la plataforma Magentix2. Esta plataforma pretende brindar soporte al desarrollo de SMA abiertos en cada uno de sus niveles: agente, interacción y organizacional. Los desarrolladores de SMA pueden modelar interacciones entre los agentes, organizar los agentes en diferentes modelos y programar agentes autónomos.López Fogués, R. (2010). Magentix2: Una nueva plataforma para sistemas multiagente abiertos. http://hdl.handle.net/10251/13964Archivo delegad

Open challenges in relationship-based privacy mechanisms for social network services

[EN] Social networking services (SNSs) such as Facebook or Twitter have experienced an explosive growth during the few past years. Millions of users have created their profiles on these services because they experience great benefits in terms of friendship. SNSs can help people to maintain their friendships, organize their social lives, start new friendships, or meet others that share their hobbies and interests. However, all these benefits can be eclipsed by the privacy hazards that affect people in SNSs. People expose intimate information of their lives on SNSs, and this information affects the way others think about them. It is crucial that users be able to control how their information is distributed through the SNSs and decide who can access it. This paper presents a list of privacy threats that can affect SNS users, and what requirements privacy mechanisms should fulfill to prevent this threats. Then, we review current approaches and analyze to what extent they cover the requirementsThis article has been developed as a result of a mobility stay funded by the Erasmus Mundus Programme of the European Comission under the Transatlantic Partnership for Excellence in Engineering-TEE Project.López Fogués, R.; Such Aparicio, JM.; Espinosa Minguet, AR.; García-Fornes, A. (2015). Open challenges in relationship-based privacy mechanisms for social network services. International Journal of Human-Computer Interaction. 31(5):350-370. doi:10.1080/10447318.2014.1001300S35037031

Tie and tag: A study of tie strength and tags for photo sharing

[EN] Tie strength and tags have been separately suggested as possible attributes for photo access controls in Social Network Services. However, an evaluation is missing about the benefits/drawbacks of adding one or both of these attributes to the ones already used in access controls for Social Network Services (groups and individuals). In this paper, we describe an experiment with 48 participants using access controls that include tie strength and tags (separately and simultaneously) together with attributes for groups and individuals. We analyze the results using several quantitative and qualitative metrics. We find that users consider these two new attributes useful in defining their sharing policies, and they prefer to employ access controls that consider tags and tie strength jointly. Specifically, users believe that tie strength improves policy understandability and that tags help them define sharing policies faster. However, we also observe that when users employ these two attributes they tend to make more mistakes in terms of the resulting sharing policy. We hypothesize that this could be caused by the lack of experience using tie strength and tags in access controls.This research was supported by the Ministerio de Economia y Competitividad (http://www.mineco.gob.es/), grant number: TIN2014-55206-R and TIN2017-89156-R to A.G.F. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.López Fogués, R.; Such Aparicio, JM.; Espinosa Minguet, AR.; García-Fornes, A. (2018). Tie and tag: A study of tie strength and tags for photo sharing. PLoS ONE. 13(8). https://doi.org/10.1371/journal.pone.0202540S13

Supporting Dynamicity in Emergency Response Applications

[EN] Multiagent Systems are a promising paradigm for software development. It is feasible to model such systems with many components where each one can solve a specific problem. This division of responsibilities allows multiagent systems to work in dynamically changing environments. An example of an environment that is very changeable is related with emergencies management. Emergency management systems depend on the cooperation of all their components due to their specialization. In order to obtain this cooperation, the components need to interact with each other and adapt their interactions depending on their purpose and the system components they are interacting with. Also, new components may arrive on the scene, which must be informed about the interaction policies that original components are using. Although Multiagent Systems are suited to managing scenarios of this kind, their effectiveness depends on their capacity to dynamically modify and adapt the protocols that control the interactions among agents in the system. In this paper, an infrastructure to support dynamically changing interaction protocols is presented.This work has been partially supported by CONSOLIDER-INGENIO 2010 under grant CSD2007-00022, and project TIN2008-04446.López Fogués, R.; Such Aparicio, JM.; Alberola Oltra, JM.; Espinosa Minguet, AR.; García Fornes, AM. (2014). Supporting Dynamicity in Emergency Response Applications. Computing and Informatics. 33(6):1288-1311. http://hdl.handle.net/10251/50972S1288131133

Dataset of Tie and Tag: A Study of Tie Strength and Tags for Photo Sharing

Dataset of Tie and Tag: A Study of Tie Strength and Tags for Photo SharingLópez Fogués, R. (2017). Dataset of Tie and Tag: A Study of Tie Strength and Tags for Photo Sharing. https://doi.org/10.4995/Dataset/10251/7857

Magentix 2 User's Manual

USER’S MANUAL. Version 2.1.0. January 2015Magentix2 is an agent platform for open Multiagent Systems. Its main objective is to bring agent technology to real domains: business, industry, logistics, e-commerce, health-care, etc. Magentix2 platform is proposed as a continuation of the first Magentix platform. The final goal is to extend the functionalities of Magentix, providing new services and tools to allow the secure and optimized management of open Multiagent Systems. Nowadays, Magentix2 provides support at three levels: - Organization level, technologies and techniques related to agent societies. - Interaction level, technologies and techniques related to communications between agents. - Agent level, technologies and techniques related to individual agents (such as reasoningand learning). Thus, Magentix2 platform uses technologies with the necessary capacity to cope with the dynamism of the system topology and with flexible interactions, which are both natural consequences of the distributed and autonomous nature of its components. In this sense, the platform has been extended in order to support flexible interaction protocols and conversations, indirect communication and interactions among agent organizations. Moreover, other important aspects cover by the Magentix2 project are the security issues.Botti Navarro, VJ.; Argente Villaplana, E.; Alemany Bordera, J.; Bellver Faus, J.; Búrdalo Rapa, LA.; Carrascosa Casamayor, C.; Criado Pacheco, N.... (2015). Magentix 2 User's Manual. http://hdl.handle.net/10251/4845