Transcript Current Social Networks

Privacy in Social Networks
CSCE 201
Reading


Dwyer, Hiltz, Passerini, Trust and privacy concern
within social networking sites: A comparison of
Facebook and MySpace,
http://csis.pace.edu/~dwyer/research/DwyerAMCI
S2007.pdf
Leaving 'Friendprints': How Online Social
Networks Are Redefining Privacy and Personal
Security,
http://knowledge.wharton.upenn.edu/printer_frien
dly.cfm?articleid=2262
Social Relationships



Communication context changes social
relationships
Social relationships maintained through
different media grow at different rates and to
different depths
No clear consensus which media is the best
Internet and Social Relationships
Internet
 Bridges distance at a low cost
 New participants tend to “like” each other
more
 Less stressful than face-to-face meeting
 People focus on communicating their
“selves” (except a few malicious users)
Social Networks





Description of the social structure between actors
Connections: various levels of social familiarities,
e.g., from casual acquaintance to close familiar
bonds
Support online interaction and content sharing
Current support for security is limited
Users often do not use existing security features
Current Social Networks

Access to personal data:

Hard-coded into the system

Owners have system dependent access categories

Common Access Categories

Public

Group Membership

“Friend”

No support for differentiating relationship “closeness”

“Friend” connections must be symmetric, unlike reality
Social network analysis


The mapping and measuring of relationships and
flows between people, groups, organizations,
computers or other information/knowledge
processing entities
The nodes in the network are the people and
groups while the links show relationships or flows
between the nodes
Security & Privacy Issues



Malware exploiting social networks
 Malicious banner ads
 Adware
 Phishing attacks’
 Customizable scripts
Facebook’s attempt: make visible relationship
actions to entire social group
Everyone reading everyone’s shared information
Behavioral Profiling



SN users: post personal information for friends,
family, and … the World
Data Mining applications  pattern of behavior
Misuse of information:

Identity thefts

Scam

Phishing

Etc.
Privacy?

SN and privacy issues in early research stage
Users tend to give out too much information
Privacy thresholds vary by individuals

What are the long term effects?


Users


April, 2009: 139.8 million visitors (12% increase
from March)

MySpace: 71 million visitors

Facebook: 67.5 million visitors

Twitter: 17 million visitors
Risk of third party applications!




Facial recognition of friends of friends
Relationships
Targeted advertisement
Marketing tools
Privacy Policies




Difficult to understand
No one reads privacy policies
Voluntary release of personal data
Social Network Signatures

User names may change, family and friends are more
difficult to change
Facebook or MySpace?




Online survey to evaluate privacy concerns and
trust influence
Users are both site had similar privacy concerns
Facebook users had more trust in Facebook and
were willing to share identifying information with
the site than MySpace users
MySpace users had more experience to establish a
new relationship via MySpace than Facebook
users
What SN Users Can Do?
Current Data Protection Methods
 Some systems support custom user groups


Special additional permissions or restrictions may be
applied
Information visibility control is limited by the
system.
Related Work
Access Control Models for Social Networks


Specify access rules based upon relationship type,
relationship depth, and trust level (Carminati B.,
Ferrari E., and Perego A. Rule-Based Access Control
for Social Networks. Proceedings: OTM workshops,
2006)
Generate access control rules from plain English rules
the user specifies and the content itself (Hart M.,
Johnson R., and Stent A. More Content – Less Control:
Access Control in the Web 2.0. Web 2.0 Security &
Privacy, 2007)
Related Work
Access Control Models for Social Networks

Relationship-based access control that uses the
relationship between an accessing user and an owner to
create access control rules (Gates C. (2007). Access
control requirements for web 2.0 security and privacy.
Web 2.0 security & privacy, 2007)
Limitations of Current Access Control
Support

Current Social Network Access Limitations


Access control flexibility limited to predefined groups
that contain explicit lists of users.
Current Academic Limitations

Require too much work on behalf of the end-user

Give insufficient details with regards to practicality