Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone Eindhoven University of Technology 10th VLDB Workshop on Secure Data Management COMMIT/ S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 2 Motivations Social Networks Increasingly popular ◮ millions of users across the world Benefits ◮ Finding old friends ◮ Building communities around common interests ◮ Gaming ◮ ... S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 3 Motivations Information Sharing ◮ Posting ◮ Sharing pictures ◮ Profile (partially) publicly available ◮ Third party applications ◮ games, online marketplace ◮ Tagging Huge amount of personal information available on social networks S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 4 Motivations Privacy Issues ◮ Social network privacy practices: related to the collection and processing of personal data by the social network and their disclosure to third parties. ◮ user tracking (e.g., Facebook “Like” button), user profiling for advertisement purposes, secondary usage of data, and storing information after it was deleted by the user. ◮ Information disclosure to contacts: misuse of personal information by other users in the social network. ◮ e.g., cyberstalking, identity theft, discrimination S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 5 Motivations Privacy Paradox “There is only one thing in the world worse than being Facebook stalked, and that is not being Facebook stalked” Atwan and Lushing (2008) S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 6 Motivations Privacy Regulations ◮ Privacy legislation imposes stringent requirements on the collection, processing and disclosure of personal data ◮ Upcoming European regulation on data protection ◮ user empowerment in controlling own data ◮ easier access own data ◮ right to be forgotten ◮ right to data portability S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 7 Motivations Empowering Users ◮ Social networks provide control tools ◮ Privacy setting ◮ Facebook “View As” functionality ◮ Google Dashboard ◮ False confidence of being in control of data S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 7 Motivations Empowering Users ◮ Social networks provide control tools ◮ Privacy setting ◮ Facebook “View As” functionality ◮ Google Dashboard ◮ False confidence of being in control of data Goal ◮ Understand exiting privacy controls for collaborative systems. ◮ Focus on privacy impact of privacy settings and tagging in Facebook. S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 8 Outline Facebook Profile Privacy Issues Proof-of-Concept Conclusions & Future Work S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 9 Facebook Profile Profile Model Profile 1 1 1 Information Profile 1 1 * Album * * Posted_By 1 Post 1 * 1 Image 1 * * * * 1 Tag Comment * Uploaded_By Owns 1 * * Refer_To Issued_By Made_By 1 1 1 1 1 Data Data Host Tag Target Tag Issuer Provider * * Belong_To 1 Group User * 1 Defined_By S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 10 Facebook Profile Privacy Settings ◮ Settings for visibility ◮ Specify who can view an object ◮ Defined in terms of groups (only me, friend, friend of friend, custom groups) ◮ Defined for each object (album, photo, post, etc.) ◮ Settings for posting (define who can post) ◮ Settings for the visibility of new objects ◮ User friendly ◮ By default, more permissive settings S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 11 Facebook Profile Tagging ◮ Tagging allows users to share information faster and easier ◮ A tag is an unambiguous link to another user ◮ Additional “features” ◮ Modify visibility of tagged object ◮ Create a copy of the tagged object in the profile of the tagged user S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 12 Facebook Profile Permissions ◮ Permissions: view, delete, post, comment , tag ◮ Depending on the role ◮ Data host: all permissions ◮ Data provider: delete his post (if still in visibility of the post) ◮ Tag target: delete tag ◮ Depending on privacy setting ◮ users can see a post if they are in the visibility of the post ◮ Privacy settings can only be seen by data host S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 13 Privacy Issues Scenario (1) 1. Alice posts on Bob’s profile Visibility : Bob’s FoF 2. Eve becomes Alice’s friend Eve in the visibility of the post on Bob’s profile ◮ Eve can see contents on Bob’s profile without Bob knowing it ◮ Facebook’s “View As” functionality does not help ◮ Bob can restrict visibility to only me or friend S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 14 Privacy Issues Scenario (2) 1. Alice posts some content on her profile and tags Bob Visibility : Alice’s FoF ∪ Bob’s FoF Visibility (copy) : Bob’s FoF Eve in the visibility of the post 2. Alice changes the visibility to friend Visibility : Alice’s friend ∪ Bob’s friend Visibility (copy) : Bob’s FoF Eve in the visibility of the post 3. Alice changes the visibility to only me Visibility : Alice ∪ Bob Visibility (copy) : Bob’s FoF Eve in the visibility of (the copy of) the post ◮ Alice cannot remove Eve from the visibility of the post without removing the tag ◮ Alice depends on Bob’s settings S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 15 Privacy Issues Scenario (3) 1. Bob uploads a picture of Alice and tags Eve Visibility : Bob’s friends ∪ Eve’s friends Visibility (Eve copy) : Eve’s FoF 2. A tag of Alice is added to the picture Visibility (Eve copy) : Bob’s friends ∪ Eve’s friends ∪ Alice’s friends Visibility (Eve copy) : Eve’s FoF Visibility (Alice copy) : Alice’s FoF ◮ Alice (data subject) cannot influence visibility of the post ◮ Alice can only remove the tag S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 16 Privacy Issues Issues ◮ User(s) in control of information ◮ data host in control ◮ privacy concerns data subject ◮ Object-centric ◮ copies are treated as independent objects ◮ Business-driven ◮ Personal data (and their sharing) are a business asset ◮ By default, more permissive restrictions ◮ Tagging ◮ visibility difficult to control ◮ can be used to identify data subject(s), but not main goal ◮ additional risk of data exposure S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 17 Proof-of-Concept Proof-of-Concept ◮ Implementation of privacy settings in Facebook ◮ Actual view on information (vs. object view) ◮ Limitation ◮ Need access to privacy settings of users ◮ Can only be deployed as a functionality of the social network S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Privacy Implications of Privacy Settings and Tagging in Facebook 18 Conclusions & Future Work Conclusions & Future Work ◮ Privacy issues mainly caused by design decisions ◮ Need for novel access control model for collaborative systems ◮ able to consider role of users wrt data ◮ able to support novel modalities of social communication (e.g., tagging) ◮ Need for user-friendly transparency tools ◮ visualize who can see information ◮ notify when own policy is not enforced S. Damen & N. Zannone Privacy Implications of Privacy Settings and Tagging in Facebook
Recommend
More recommend