HOW SOCIAL ARE SOCIAL MEDIA PRIVACY CONTROLS? Gaurav Misra, Jose M. Such School of Computing and Communications Lancaster University, UK g.misra@lancaster.ac.uk, j.such@lancaster.ac.uk Abstract: Social Media are key mediators of social interactions in the cyber world. Yet, the privacy controls of mainstream social media are far from facilitating social interactions, even when privacy management is known to be an interpersonal boundary regulation process fundamental to the appropriate functioning and development of social relationships. 1. Introduction Social Media sites are an example of modern socio-technical systems that allow computer-mediated interactions among users, in which they are able to share content that is usually generated by them (posts, photos, etc.). The use of Social Media such as Facebook, Twitter, Google+, Myspace, LinkedIn, Pinterest, Xing, LastFm, Flickr, and many others have massively grown over the last decade. This huge growth of Social Media use is in part due to the many benefits that users experience when using Social Media. Moreover, Social Media is increasingly playing a central role in users social relationships. In particular, Social Media allows users to establish, develop, and maintain social relationships by means of sharing personal information, which indeed plays a crucial role to manage what is known as social capital. It also enables users to participate in and build communities and networks of people who share similar interests to them. Even governments and politicians around the world are using Social Media to engage with citizens, e.g., UK Government ICT Strategy promotes and provides guidance for civil servants to use Social Media, and Social Media arguably played an important role in the re-election of President Barack Obama in the US. Despite the unquestionable success of Social Media, privacy remains one of the major concerns with regards to these technologies. These privacy concerns have been increasing over the last few years because users are more aware of the privacy threats that Social Media entail. Sharing personal information with an unintended audience is of particular concern, which is commonly referred to as the insider threat. This problem is particularly critical in those Social Media sites that treat all of the users friends in the same manner, that is, without any distinction between friends with different types and strengths of social relationships, usually belonging in different life spheres or contexts. The social context of a particular disclosure forms a significant part (together with other variables like location, etc.) of the overall context of that disclosure. This helps in determining the appropriate audience for that disclosure, ensuring contextual integrity maintenance [1] and enabling dynamic social boundary regulation [2]. Acknowledgement and accommodation of such social contexts is, therefore, imperative in order to safeguard the privacy of social media users, but how socially aware are current mainstream social media privacy controls? 1
2. Classification of mainstream Social Media Privacy Controls We classified the top-30 Social Media sites according to the Alexa traffic rank (http://www.alexa.com/topsites/category/computers/internet/on_the_web/online_communities/soc ial_networking, accessed in January, 2015) according to their social awareness with respect to the contact grouping and relationship management mechanisms they afford to users. We ignored and excluded dating sites, online shopping sites and sites that were too specific to particular populations (e.g.,: Classmates for only US graduates, Naijapals for only Nigerians). The first 30 general-purpose online social networks we found on the Alexa ranking are classified in Figure 1. The individual Social Media infrastructures were evaluated by looking at their privacy policies and settings. In most cases, user accounts were created in order to examine the actual options available for the users of the individual infrastructures, as this was not directly evident from their privacy policies. We created sample user accounts using different email addresses and experimented with the different access control mechanisms afforded by each infrastructure. Binary Classification: Nearly half the sites (14) we evaluated were found to have only a binary distinction between a user s friends and the rest of the network. The only relationship type supported is a blanket term friends and no further granularity is afforded. In such a scenario, a user is unable to distinguish between two friends and hence is unable to fully express real-life relationships on the online medium. Figure 1. Top OSNs classified according to the social aspect of their privacy controls and ordered alphabetically for each level as of January 2015. Predefined Groups: Some OSNs, such as LinkedIn, do provide predefined groups, which help the users to better organize their contacts. Users can populate groups which are created for them (some popular ones can be colleagues or family ) and can then treat these groups differently. However, there is no provision to include individuals separately and the whole group is required to be allowed or denied access to content while making disclosure decisions. We found 4 OSNs which had this type of privacy mechanism. Predefined Groups + Individuals: An improvement is found in sites such as Tagged and Hi5 which provide the option of treating individuals separately from the predefined groups. This helps the user to direct their content in a way that is closer to the social experience in real life. For example, a user may have a group for colleagues but he may not wish to treat all of them equally all the time when making access control 2
decisions. This kind of mechanism provides them with a larger amount of granularity and control over their content. User Defined Groups + Individuals: An enhancement on predefined grouping is to afford the users the ability to create their own groups. In this scenario, the user can create groups according to their own preferences (which may or may not include the default ones provided). The popular social networks such as Google+ and Facebook offer the user to manage circles and lists respectively. They provide some default groups which the user can populate but they can also choose to create their own groups according to their preferences to reflect their real-world relationships. Computer Supported Grouping: We enlist Facebook separately as its privacy controls provide an enhanced grouping mechanism as compared to other OSNs. The smart lists feature on Facebook automatically creates friend based on features like location, workplace, etc. This aids users to classify their friends into groups. Also, the introduction of close friends and acquaintances lists by Facebook does indicate an acceptance of the important role of relationship strength. Users can use these lists to decide access control policies. 3. Towards more social Privacy Controls According to the classification we showed above, mainstream social media seem to be moving towards more socially aware privacy controls. This is an important move as it actually recognises the importance of social relationships and the interplay between social relationships and privacy. However, there is still much room for improving privacy controls in order to make them support the social nature of privacy, so that privacy controls would be more aware of social contexts. Traditional access control approaches such as role-based access controls (RBAC) or indeed the group-based approaches used by social media as described before cannot capture the social relationships among the users. Therefore, the need for Relationship-based Access Controls (ReBAC) arises [3]. A ReBAC model considers a different set of properties to define relationships (e.g., different relationship types, closeness, or social distance) and hence results in a more natural information disclosure which is closer to real world communication. For instance, employing ReBAC, a user can decide that only her friends and close friends of her can access a photo. One of the main stumbling blocks for ReBAC is usability. These models consider a large number of social features, which can very much help users to better identify the social context in which disclosure are to happen. However, users ought to be assisted in the process of defining their relationships and selecting audiences as we stated above. This entails improving visualization of audiences as well as information already shared and with whom (and possible inferences from that), suggesting privacy configurations based on relationships, and inferring the relationship features needed. Moreover, relationship-based privacy controls also need to be computationally lightweight and seamlessly integrate with the social media interface in order to preserve the dynamism of users experience on social networks. A recent effort to implement a ReBAC mechanism uses attribute-based encryption to enable the users to control access to their photos on an ios platform [4]. Another shortcoming noticed in our analysis of privacy controls is the glaring absence of mechanisms supporting Collective Decision Making by multiple users for shared content [5]. Social Media sites need to consider mechanisms for multiple users to negotiate access control decisions for items that involve them, such as pictures and posts, before these items get actually posted in Social Media. Most privacy controls solve such situations by only applying the privacy preferences of the party that uploads the item and users are forced to negotiate manually using other means such as e-mail, 3
SMSs, phone calls, etc. Even then, negotiations may happen after the item has been already uploaded and a privacy violation has occurred. Computational mechanisms that can automate the negotiation process have been identified as a possible mitigation. Note that this does not mean that users would lose control in any way. Instead, these mechanisms would suggest a possible solution to the conflicts that users will need to accept to be finally applied if users do not accept the suggestion they will need to enter into a manual negotiation by other means. Therefore, the main challenge is to propose solutions that can be accepted most of the time by all the users involved, so that users are forced to negotiate manually as little as possible, thus minimising the burden on the user to resolve such conflicts. There have been some mechanisms proposed in this very young discipline, but a more fundamental study is required in order to understand: (i) under which conditions users will make concessions; and (ii) what are the variables that make users take stronger or more lenient positions during these negotiations. This can then become the basis upon which novel mechanisms should be designed, so that they are able to suggest acceptable solutions for all users involved most of the time. Another open challenge is the ability of privacy controls to adequately support the users in disclosure decisions which would be favourable for them in self-presentation or in managing relationship dynamics. Users maintain different relationships with varying objectives (personal attachment, professional networking, etc.) and the manner and content of their communication varies accordingly. Such nuances have to be adequately accommodated and supported to provide the users with assistance in Relationship Management online. This poses many socio-technical challenges for future research in the topic. One particular challenge is the development of tools that are aware of relationship status, including information disclosures made by the user as well as the reciprocations provided by other members of the network [6]. This information would then provide the intelligence for a decision support system which would help users understand their relationships and fine tune the information disclosures based on this understanding and self-presentation needs. Such systems would be required to include a learning mechanism within them in order to understand the behaviour of each individual user and adapt accordingly to provide personally relevant assistance. One major concern with such systems may be that they run the risk of becoming too intrusive as they observe and analyse all communication between users and infer from it. Unlike in the offline world, communication on most OSNs is mediated by a single entity which is the OSN provider (except a handful of distributed OSNs implemented by peerto-peer nodes). Thus, the OSN provider can influence the amount and nature of communication between individuals on their platforms. For example, a recent experiment studied the emotional contagion of Facebook status updates by moderating the amount of content received by users from various friends [7]. This confirms that the OSN provider can modify the input being fed to the user through the network which can result in an alteration of the nature and the strength of relationships, as they depend on interactions between the individuals on these mediums. This highlights the fact that the so-called institutional privacy can also play a role in social privacy [8]. Indeed, institutional and social privacy are known to be intertwined, so that none of them can be completely solved without the other which points to the need of studying social media privacy from a holistic point of view reconciling these two privacy angles. 4
4. Conclusion The good news is that, according to the classification we showed in this article, mainstream social media seem to be moving towards more socially aware privacy controls. Research on privacy for Social Media are clearly making advances to give more importance to the modelling and exploitation of social relationships, which we expect would lead to next-generation privacy controls more intuitive as they would try to mimic more how privacy is handled by people socially in the offline world. However, there needs to be caution against developing assistance to users that becomes intrusive, as this could then have the collateral effect of becoming privacy-invasive on its own, so a delicate balance needs to be found. References [1] Nissenbaum, Helen. "Privacy as contextual integrity." Washington law review 79.1 (2004). [2] Palen, L., & Dourish, P. (2003, April). Unpacking privacy for a networked world. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 129-136). ACM. [3] Fogues, Ricard, et al. "Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services." International Journal of Human-Computer Interaction just-accepted (2015). [4] Yuan, Lin, et al. "Privacy-preserving photo sharing based on a public key infrastructure." SPIE Optical Engineering+ Applications. International Society for Optics and Photonics, 2015. [5] A. Lampinen, V. Lehtinen, A. Lehmuskallio, and S. Tamminen, We re in it together: interpersonal management of disclosure in social network services, in Proc. CHI. ACM, 2011, pp. 3217 3226. [6] Such, Jose M., Agustín Espinosa, Ana García-Fornes, and Carles Sierra. "Selfdisclosure decision making based on intimacy and privacy." Information Sciences 211 (2012): 93-111. [7] Kramer, A. D., Guillory, J. E., & Hancock, J. T. (2014). Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences, 111(24), 8788-8790. [8] Gurses, Seda, and Claudia Diaz. "Two tales of privacy in online social networks." Security & Privacy, IEEE 11.3 (2013): 29-37. 5