HOW SOCIAL ARE SOCIAL MEDIA PRIVACY CONTROLS?



Similar documents
Proceedings of the Third International Workshop on Formal Methods for Interactive Systems (FMIS 2009)

Social Media Branding in the Age of Obama Assembling the Social Media Puzzle

MALLET-Privacy Preserving Influencer Mining in Social Media Networks via Hypergraph

Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services

Accesibility of Social Networking Services. Observatory on ICT Accessibility discapnet

Social Media Policy For Staff

Information Management Advice 57 Sample Social Media Acceptable Use Policy

[Example] Social Media Acceptable Use Policy

1 The total values reported in the tables and

Taxonomy for Privacy Policies of Social Networks Sites

Security tips for the use of social media websites

Reconciling Privacy with Social Media

SOCIAL NETWORKING POLICY

IMPACT OF TRUST, PRIVACY AND SECURITY IN FACEBOOK INFORMATION SHARING

ASTH416 Develop practices which promote choice, well-being and protection of all individuals

Keywords: Online Social Network, Privacy Policy, Filter Unwanted Messages, Image and Commend

BCS, The Chartered Institute for IT Consultation Response to:

Jobsket ATS. Empowering your recruitment process

Async: Secure File Synchronization

Top 4 Ways Social Media is Helping to Reshape Marketing

experts in your field Get the profile: Managing your online reputation A Progressive Recruitment career guide Managing your online reputation

The Use of Social Media by Electronics Design Engineers

Disclosure Statement: I have no industry relationships to disclose.

Using Feedback Tags and Sentiment Analysis to Generate Sharable Learning Resources

THE CULTURE OF INNOVATION AND THE BUILDING OF KNOWLEDGE SOCIETIES. - Issue Paper -

The Social Media Best Practice Guide

Web 2.0 in the Workplace Today

COPPA. How COPPA & Parental Intelligence Systems Help Parents Protect Their Kids Online. The Children s Online Privacy Protection Act

Social Networking Policy

1 Which of the following questions can be answered using the goal flow report?

Intelligent Security Design, Development and Acquisition

Staff Use of Social Media Policy

DIGITS CENTER FOR DIGITAL INNOVATION, TECHNOLOGY, AND STRATEGY THOUGHT LEADERSHIP FOR THE DIGITAL AGE

Master Data Services Environment

MULTI-DOMAIN CLOUD SOCIAL NETWORK SERVICE PLATFORM SUPPORTING ONLINE COLLABORATIONS ON CAMPUS

Social Network Analysis of a Participatory Designed Online Foreign Language Course

A How-to Guide to Social Media Marketing

ACS Code of Professional Conduct Professional Standards Board Australian Computer Society April 2014

SOCIAL MEDIA POLICY AND GUIDANCE Issue 1. 9 November 2010

PRIVACY POLICY. I. Introduction. II. Information We Collect

Mobile Privacy Principles

Supporting choice and control

Trust areas: a security paradigm for the Future Internet

Factors that Influence the Occupational Health and Safety Curricula. Jeffery Spickett. Division of Health Sciences Curtin University Australia

Accessing Private Network via Firewall Based On Preset Threshold Value

State Records Guideline No 18. Managing Social Media Records

BRING YOUR OWN DEVICE

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data

The policy also aims to make clear the actions required when faced with evidence of work related stress.

Archival of Digital Assets.

Resource document for school governors and schools. Summary of Special Educational Needs (SEN) Code of Practice for Wales

Facebook and Privacy: It s Complicated

Referral fees, referral arrangements and fee sharing

INTRUSION PREVENTION AND EXPERT SYSTEMS

Network Security. Instructor: Adam Hahn

Social Networking Issues in the Workplace

EQF CODE EQF. European Competence Profiles in e-content Professions.

2016 OCR AUDIT E-BOOK

**NEW CLIENTS MAY NEED AN INITIAL SET- UP and ANALYSIS

Reducing Cyber Risk in Your Organization

Privacy Protection in Social Networking Services

Social Media Policy. Policies and Procedures. Social Media Policy

International Journal of Advancements in Research & Technology, Volume 3, Issue 4, April ISSN

Social Media and Job Searching

Social media strategy

Overview TECHIS Carry out security testing activities

SOCIAL MEDIA POLICY INSPIRED LEARNING MULTI ACADEMY TRUST SOCIAL MEDIA POLICY. Introduction

in Switzerland. 1 The total values reported in the tables and

Testimony of Edward W. Felten Professor of Computer Science and Public Affairs, Princeton University

Know how to publish, integrate and share using social media

A STUDY ON PRIVACY CONCERNS IN SOCIAL NETWORKING SITES (SNS) AMONG MALAYSIAN STUDENTS

white paper Big Data for Small Business Why small to medium enterprises need to know about Big Data and how to manage it Sponsored by:

Abstract. Introduction

Exploring People in Social Networking Sites: A Comprehensive Analysis of Social Networking Sites

ICAICT704A Direct ICT in a supply chain

Ongoing N/A TBC. Baseline

DIFFICULTIES AND SOME PROBLEMS IN TRANSLATING LEGAL DOCUMENTS

LOCAL SEO WHITE PAPER. Making Your Brand Famous in Your Location

Teradata and Protegrity High-Value Protection for High-Value Data

11 emerging. trends for DIGITAL MARKETING FINANCIAL SERVICES. By Clifford Blodgett. Demand Generation and Digital Marketing Manager

Non-Malicious Security Violations

Think B4 U Click : an Educational Online Safety Resource for the Irish CSPE Curriculum

Job Profile. Postholder will be required to determine liability and quantum on claims made against the Authority.

RECOMMENDATIONS HOW TO ATTRACT CLIENTS TO ROBOFOREX

LOCAL SEO WHITE PAPER

The Social Media Guide For Small Businesses

Informing Design of Next Generation Social Media to Support Crisis-Related Grassroots Heritage

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

Web project proposal. European e-skills Association

LOCAL INTERNET MARKETING FOR YOUR SMALL BUSINESS

LOCAL SEO WHITE PAPER

An Investigation into privacy and Security in Online Social Networking Sites among IIUM Students

POSEIDON social network for carers

Marketing and Promoting Your Cooperative Through Social Media. How social media can be a success for your housing cooperative

1. Understanding Big Data

MOST FRAUD CASES INVOLVE SENIOR MANAGEMENT. HOW TO PREVENT THEM FROM MISUSING THEIR POWER?

Purpose. Introduction to the Guidelines. Social Media Definition.

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016

Office of the Chief Information Officer

Firewall Policy Anomalies- Detection and Resolution

Transcription:

HOW SOCIAL ARE SOCIAL MEDIA PRIVACY CONTROLS? Gaurav Misra, Jose M. Such School of Computing and Communications Lancaster University, UK g.misra@lancaster.ac.uk, j.such@lancaster.ac.uk Abstract: Social Media are key mediators of social interactions in the cyber world. Yet, the privacy controls of mainstream social media are far from facilitating social interactions, even when privacy management is known to be an interpersonal boundary regulation process fundamental to the appropriate functioning and development of social relationships. 1. Introduction Social Media sites are an example of modern socio-technical systems that allow computer-mediated interactions among users, in which they are able to share content that is usually generated by them (posts, photos, etc.). The use of Social Media such as Facebook, Twitter, Google+, Myspace, LinkedIn, Pinterest, Xing, LastFm, Flickr, and many others have massively grown over the last decade. This huge growth of Social Media use is in part due to the many benefits that users experience when using Social Media. Moreover, Social Media is increasingly playing a central role in users social relationships. In particular, Social Media allows users to establish, develop, and maintain social relationships by means of sharing personal information, which indeed plays a crucial role to manage what is known as social capital. It also enables users to participate in and build communities and networks of people who share similar interests to them. Even governments and politicians around the world are using Social Media to engage with citizens, e.g., UK Government ICT Strategy promotes and provides guidance for civil servants to use Social Media, and Social Media arguably played an important role in the re-election of President Barack Obama in the US. Despite the unquestionable success of Social Media, privacy remains one of the major concerns with regards to these technologies. These privacy concerns have been increasing over the last few years because users are more aware of the privacy threats that Social Media entail. Sharing personal information with an unintended audience is of particular concern, which is commonly referred to as the insider threat. This problem is particularly critical in those Social Media sites that treat all of the users friends in the same manner, that is, without any distinction between friends with different types and strengths of social relationships, usually belonging in different life spheres or contexts. The social context of a particular disclosure forms a significant part (together with other variables like location, etc.) of the overall context of that disclosure. This helps in determining the appropriate audience for that disclosure, ensuring contextual integrity maintenance [1] and enabling dynamic social boundary regulation [2]. Acknowledgement and accommodation of such social contexts is, therefore, imperative in order to safeguard the privacy of social media users, but how socially aware are current mainstream social media privacy controls? 1

2. Classification of mainstream Social Media Privacy Controls We classified the top-30 Social Media sites according to the Alexa traffic rank (http://www.alexa.com/topsites/category/computers/internet/on_the_web/online_communities/soc ial_networking, accessed in January, 2015) according to their social awareness with respect to the contact grouping and relationship management mechanisms they afford to users. We ignored and excluded dating sites, online shopping sites and sites that were too specific to particular populations (e.g.,: Classmates for only US graduates, Naijapals for only Nigerians). The first 30 general-purpose online social networks we found on the Alexa ranking are classified in Figure 1. The individual Social Media infrastructures were evaluated by looking at their privacy policies and settings. In most cases, user accounts were created in order to examine the actual options available for the users of the individual infrastructures, as this was not directly evident from their privacy policies. We created sample user accounts using different email addresses and experimented with the different access control mechanisms afforded by each infrastructure. Binary Classification: Nearly half the sites (14) we evaluated were found to have only a binary distinction between a user s friends and the rest of the network. The only relationship type supported is a blanket term friends and no further granularity is afforded. In such a scenario, a user is unable to distinguish between two friends and hence is unable to fully express real-life relationships on the online medium. Figure 1. Top OSNs classified according to the social aspect of their privacy controls and ordered alphabetically for each level as of January 2015. Predefined Groups: Some OSNs, such as LinkedIn, do provide predefined groups, which help the users to better organize their contacts. Users can populate groups which are created for them (some popular ones can be colleagues or family ) and can then treat these groups differently. However, there is no provision to include individuals separately and the whole group is required to be allowed or denied access to content while making disclosure decisions. We found 4 OSNs which had this type of privacy mechanism. Predefined Groups + Individuals: An improvement is found in sites such as Tagged and Hi5 which provide the option of treating individuals separately from the predefined groups. This helps the user to direct their content in a way that is closer to the social experience in real life. For example, a user may have a group for colleagues but he may not wish to treat all of them equally all the time when making access control 2

decisions. This kind of mechanism provides them with a larger amount of granularity and control over their content. User Defined Groups + Individuals: An enhancement on predefined grouping is to afford the users the ability to create their own groups. In this scenario, the user can create groups according to their own preferences (which may or may not include the default ones provided). The popular social networks such as Google+ and Facebook offer the user to manage circles and lists respectively. They provide some default groups which the user can populate but they can also choose to create their own groups according to their preferences to reflect their real-world relationships. Computer Supported Grouping: We enlist Facebook separately as its privacy controls provide an enhanced grouping mechanism as compared to other OSNs. The smart lists feature on Facebook automatically creates friend based on features like location, workplace, etc. This aids users to classify their friends into groups. Also, the introduction of close friends and acquaintances lists by Facebook does indicate an acceptance of the important role of relationship strength. Users can use these lists to decide access control policies. 3. Towards more social Privacy Controls According to the classification we showed above, mainstream social media seem to be moving towards more socially aware privacy controls. This is an important move as it actually recognises the importance of social relationships and the interplay between social relationships and privacy. However, there is still much room for improving privacy controls in order to make them support the social nature of privacy, so that privacy controls would be more aware of social contexts. Traditional access control approaches such as role-based access controls (RBAC) or indeed the group-based approaches used by social media as described before cannot capture the social relationships among the users. Therefore, the need for Relationship-based Access Controls (ReBAC) arises [3]. A ReBAC model considers a different set of properties to define relationships (e.g., different relationship types, closeness, or social distance) and hence results in a more natural information disclosure which is closer to real world communication. For instance, employing ReBAC, a user can decide that only her friends and close friends of her can access a photo. One of the main stumbling blocks for ReBAC is usability. These models consider a large number of social features, which can very much help users to better identify the social context in which disclosure are to happen. However, users ought to be assisted in the process of defining their relationships and selecting audiences as we stated above. This entails improving visualization of audiences as well as information already shared and with whom (and possible inferences from that), suggesting privacy configurations based on relationships, and inferring the relationship features needed. Moreover, relationship-based privacy controls also need to be computationally lightweight and seamlessly integrate with the social media interface in order to preserve the dynamism of users experience on social networks. A recent effort to implement a ReBAC mechanism uses attribute-based encryption to enable the users to control access to their photos on an ios platform [4]. Another shortcoming noticed in our analysis of privacy controls is the glaring absence of mechanisms supporting Collective Decision Making by multiple users for shared content [5]. Social Media sites need to consider mechanisms for multiple users to negotiate access control decisions for items that involve them, such as pictures and posts, before these items get actually posted in Social Media. Most privacy controls solve such situations by only applying the privacy preferences of the party that uploads the item and users are forced to negotiate manually using other means such as e-mail, 3

SMSs, phone calls, etc. Even then, negotiations may happen after the item has been already uploaded and a privacy violation has occurred. Computational mechanisms that can automate the negotiation process have been identified as a possible mitigation. Note that this does not mean that users would lose control in any way. Instead, these mechanisms would suggest a possible solution to the conflicts that users will need to accept to be finally applied if users do not accept the suggestion they will need to enter into a manual negotiation by other means. Therefore, the main challenge is to propose solutions that can be accepted most of the time by all the users involved, so that users are forced to negotiate manually as little as possible, thus minimising the burden on the user to resolve such conflicts. There have been some mechanisms proposed in this very young discipline, but a more fundamental study is required in order to understand: (i) under which conditions users will make concessions; and (ii) what are the variables that make users take stronger or more lenient positions during these negotiations. This can then become the basis upon which novel mechanisms should be designed, so that they are able to suggest acceptable solutions for all users involved most of the time. Another open challenge is the ability of privacy controls to adequately support the users in disclosure decisions which would be favourable for them in self-presentation or in managing relationship dynamics. Users maintain different relationships with varying objectives (personal attachment, professional networking, etc.) and the manner and content of their communication varies accordingly. Such nuances have to be adequately accommodated and supported to provide the users with assistance in Relationship Management online. This poses many socio-technical challenges for future research in the topic. One particular challenge is the development of tools that are aware of relationship status, including information disclosures made by the user as well as the reciprocations provided by other members of the network [6]. This information would then provide the intelligence for a decision support system which would help users understand their relationships and fine tune the information disclosures based on this understanding and self-presentation needs. Such systems would be required to include a learning mechanism within them in order to understand the behaviour of each individual user and adapt accordingly to provide personally relevant assistance. One major concern with such systems may be that they run the risk of becoming too intrusive as they observe and analyse all communication between users and infer from it. Unlike in the offline world, communication on most OSNs is mediated by a single entity which is the OSN provider (except a handful of distributed OSNs implemented by peerto-peer nodes). Thus, the OSN provider can influence the amount and nature of communication between individuals on their platforms. For example, a recent experiment studied the emotional contagion of Facebook status updates by moderating the amount of content received by users from various friends [7]. This confirms that the OSN provider can modify the input being fed to the user through the network which can result in an alteration of the nature and the strength of relationships, as they depend on interactions between the individuals on these mediums. This highlights the fact that the so-called institutional privacy can also play a role in social privacy [8]. Indeed, institutional and social privacy are known to be intertwined, so that none of them can be completely solved without the other which points to the need of studying social media privacy from a holistic point of view reconciling these two privacy angles. 4

4. Conclusion The good news is that, according to the classification we showed in this article, mainstream social media seem to be moving towards more socially aware privacy controls. Research on privacy for Social Media are clearly making advances to give more importance to the modelling and exploitation of social relationships, which we expect would lead to next-generation privacy controls more intuitive as they would try to mimic more how privacy is handled by people socially in the offline world. However, there needs to be caution against developing assistance to users that becomes intrusive, as this could then have the collateral effect of becoming privacy-invasive on its own, so a delicate balance needs to be found. References [1] Nissenbaum, Helen. "Privacy as contextual integrity." Washington law review 79.1 (2004). [2] Palen, L., & Dourish, P. (2003, April). Unpacking privacy for a networked world. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 129-136). ACM. [3] Fogues, Ricard, et al. "Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services." International Journal of Human-Computer Interaction just-accepted (2015). [4] Yuan, Lin, et al. "Privacy-preserving photo sharing based on a public key infrastructure." SPIE Optical Engineering+ Applications. International Society for Optics and Photonics, 2015. [5] A. Lampinen, V. Lehtinen, A. Lehmuskallio, and S. Tamminen, We re in it together: interpersonal management of disclosure in social network services, in Proc. CHI. ACM, 2011, pp. 3217 3226. [6] Such, Jose M., Agustín Espinosa, Ana García-Fornes, and Carles Sierra. "Selfdisclosure decision making based on intimacy and privacy." Information Sciences 211 (2012): 93-111. [7] Kramer, A. D., Guillory, J. E., & Hancock, J. T. (2014). Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences, 111(24), 8788-8790. [8] Gurses, Seda, and Claudia Diaz. "Two tales of privacy in online social networks." Security & Privacy, IEEE 11.3 (2013): 29-37. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information