Current Social Networks
Download
Report
Transcript Current Social Networks
Privacy in Social Networks
CSCE 201
Reading
Dwyer, Hiltz, Passerini, Trust and privacy concern
within social networking sites: A comparison of
Facebook and MySpace,
http://csis.pace.edu/~dwyer/research/DwyerAMCI
S2007.pdf
Leaving 'Friendprints': How Online Social
Networks Are Redefining Privacy and Personal
Security,
http://knowledge.wharton.upenn.edu/printer_frien
dly.cfm?articleid=2262
Social Relationships
Communication context changes social
relationships
Social relationships maintained through
different media grow at different rates and to
different depths
No clear consensus which media is the best
Internet and Social Relationships
Internet
Bridges distance at a low cost
New participants tend to “like” each other
more
Less stressful than face-to-face meeting
People focus on communicating their
“selves” (except a few malicious users)
Social Networks
Description of the social structure between actors
Connections: various levels of social familiarities,
e.g., from casual acquaintance to close familiar
bonds
Support online interaction and content sharing
Current support for security is limited
Users often do not use existing security features
Current Social Networks
Access to personal data:
Hard-coded into the system
Owners have system dependent access categories
Common Access Categories
Public
Group Membership
“Friend”
No support for differentiating relationship “closeness”
“Friend” connections must be symmetric, unlike reality
Social network analysis
The mapping and measuring of relationships and
flows between people, groups, organizations,
computers or other information/knowledge
processing entities
The nodes in the network are the people and
groups while the links show relationships or flows
between the nodes
Security & Privacy Issues
Malware exploiting social networks
Malicious banner ads
Adware
Phishing attacks’
Customizable scripts
Facebook’s attempt: make visible relationship
actions to entire social group
Everyone reading everyone’s shared information
Behavioral Profiling
SN users: post personal information for friends,
family, and … the World
Data Mining applications pattern of behavior
Misuse of information:
Identity thefts
Scam
Phishing
Etc.
Privacy?
SN and privacy issues in early research stage
Users tend to give out too much information
Privacy thresholds vary by individuals
What are the long term effects?
Users
April, 2009: 139.8 million visitors (12% increase
from March)
MySpace: 71 million visitors
Facebook: 67.5 million visitors
Twitter: 17 million visitors
Risk of third party applications!
Facial recognition of friends of friends
Relationships
Targeted advertisement
Marketing tools
Privacy Policies
Difficult to understand
No one reads privacy policies
Voluntary release of personal data
Social Network Signatures
User names may change, family and friends are more
difficult to change
Facebook or MySpace?
Online survey to evaluate privacy concerns and
trust influence
Users are both site had similar privacy concerns
Facebook users had more trust in Facebook and
were willing to share identifying information with
the site than MySpace users
MySpace users had more experience to establish a
new relationship via MySpace than Facebook
users
What SN Users Can Do?
Current Data Protection Methods
Some systems support custom user groups
Special additional permissions or restrictions may be
applied
Information visibility control is limited by the
system.
Related Work
Access Control Models for Social Networks
Specify access rules based upon relationship type,
relationship depth, and trust level (Carminati B.,
Ferrari E., and Perego A. Rule-Based Access Control
for Social Networks. Proceedings: OTM workshops,
2006)
Generate access control rules from plain English rules
the user specifies and the content itself (Hart M.,
Johnson R., and Stent A. More Content – Less Control:
Access Control in the Web 2.0. Web 2.0 Security &
Privacy, 2007)
Related Work
Access Control Models for Social Networks
Relationship-based access control that uses the
relationship between an accessing user and an owner to
create access control rules (Gates C. (2007). Access
control requirements for web 2.0 security and privacy.
Web 2.0 security & privacy, 2007)
Limitations of Current Access Control
Support
Current Social Network Access Limitations
Access control flexibility limited to predefined groups
that contain explicit lists of users.
Current Academic Limitations
Require too much work on behalf of the end-user
Give insufficient details with regards to practicality