ABSTRACT
Privacy is an enormous problem in online social networking sites. While sites such as Facebook allow users fine-grained control over who can see their profiles, it is difficult for average users to specify this kind of detailed policy.
In this paper, we propose a template for the design of a social networking privacy wizard. The intuition for the design comes from the observation that real users conceive their privacy preferences (which friends should be able to see which information) based on an implicit set of rules. Thus, with a limited amount of user input, it is usually possible to build a machine learning model that concisely describes a particular user's preferences, and then use this model to configure the user's privacy settings automatically.
As an instance of this general framework, we have built a wizard based on an active learning paradigm called uncertainty sampling. The wizard iteratively asks the user to assign privacy "labels" to selected ("informative") friends, and it uses this input to construct a classifier, which can in turn be used to automatically assign privileges to the rest of the user's (unlabeled) friends.
To evaluate our approach, we collected detailed privacy preference data from 45 real Facebook users. Our study revealed two important things. First, real users tend to conceive their privacy preferences in terms of communities, which can easily be extracted from a social network graph using existing techniques. Second, our active learning wizard, using communities as features, is able to recommend high-accuracy privacy settings using less user input than existing policy-specification tools.
- Facebook development platform. http://developers.facebook.com/.Google Scholar
- Facebook statistics. http://www.facebook.com/press/info.php?statistics.Google Scholar
- The igraph software package for complex network research. InterJournal Complex Systems, 2006.Google Scholar
- A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In Privacy Enhancing Technologies Workshop, 2006. Google ScholarDigital Library
- F. Adu-Oppong, C. Gardiner, A. Kapadia, and P. Tsang. Socialcircles: Tacking privacy in social networks. In Symposium on Usable Privacy and Security (SOUPS), 2008.Google Scholar
- J. Anderson, C. Diaz, J. Bonneau, and F. Stajano. Privacy-enabling social networking over untrusted networks. In WOSN, 2009. Google ScholarDigital Library
- L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In WWW, 2007. Google ScholarDigital Library
- J. Becker and H. Chen. Measuring privacy risk in online social networks. In Web 2.0 Security and Privacy Workshop, 2009.Google Scholar
- L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: Automated identity theft attacks on social networks. In WWW, 2009. Google ScholarDigital Library
- G. Brown, T. Howe, M. Ihbe, A. Prakash, and K. Borders. Social networks and context-aware spam. In CSCW, 2008. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Rule-based access control for social networks. In Workshop on Reliability in Decentralized Distributed Systems, 2006.Google ScholarDigital Library
- B. Carminati, E. Ferrari, and A. Perego. Private relationships in social networks. In ICDE Workshops, 2007. Google ScholarDigital Library
- Symposium on Usable Privacy and Security (SOUPS),Google Scholar
- G. Danezis. Inferring privacy policies for social networking services. In AISec, 2009. Google ScholarDigital Library
- C. Diaz, C. Troncoso, and A. Serjantov. On the impact of social network profiling on anonymity. In Privacy-Enhancing Technologies Workshop, 2008. Google ScholarDigital Library
- A. Felt and D. Evans. Privacy protection for social networking platforms. In Web 2.0 Security and Privacy Workshop, 2008.Google Scholar
- P. Fong, M. Anwar, and Z. Zhao. A privacy preservation model for facebook-style social network systems. University of Calgary Technical Report 2009-926-05, 2009.Google Scholar
- S. Fortunato. Community detection in graphs. http://arxiv.org/abs/0906.0612v1 (Preprint), 2009.Google Scholar
- C. Gates. Access control requirements for web 2.0 security and privacy. In Web 2.0 Security and Privacy Workshop, 2007.Google Scholar
- E. Gilbert and K. Karahalios. Predicting tie strength with social media. In CHI, 2009. Google ScholarDigital Library
- K. Gollu, S. Saroiu, and A. Wolman. A social networking-based access control scheme for personal content. In SOSP, 2007.Google Scholar
- R. Gross and A. Acquisti. Information revelation and privacy in online social networks. In Workshop on Privacy in the Electronic Society, 2005. Google ScholarDigital Library
- M. Hart, R. Johnson, and A. Stent. More content - less control: Access control in the web 2.0. In Web 2.0 Security and Privacy Workshop, 2007.Google Scholar
- M. Hay, G. Miklau, D. Jensen, D. Towsley, and P. Weis. Resisting structural re-identification in anonymized social networks. In VLDB, 2008. Google ScholarDigital Library
- D. Lewis and J. Catlett. Heterogeneous uncertainty sampling for supervised learning. In ICML, 1994.Google ScholarCross Ref
- D. Lewis and W. Gale. A sequential algorithm for training text classifiers. In SIGIR, 1994. Google ScholarDigital Library
- H. Lipford, A. Besmer, and J. Watson. Understanding privacy settings in facebook with an audience view. In Proceedings of the 1st Conference on Usability, Psychology, and Security, 2008. Google ScholarDigital Library
- K. Liu and E. Terzi. A framework for computing the privacy scores of users in online social networks. In ICDM, 2009. Google ScholarDigital Library
- M. Lucas and N. Borisov. flybynight: Mitigating the privacy risks of social networking. In Workshop on Privacy in the Electronic Society, 2008. Google ScholarDigital Library
- E. M. Maximilien, T. Grandison, T. Sun, D. Richardson, S. Guo, and K. Liu. Privacy-as-a-service: Models, algorithms, and results on the facebook platform. In Web 2.0 Security and Privacy Workshop, 2009.Google Scholar
- I. Mierswa, M. Wurst, R. Klinkenberg, M. Scholz, and T. Euler. Yale: Rapid prototyping for complex data mining tasks. In SIGKDD, 2006. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. De-anonymizing social networks. In IEEE Symposium on Security and Privacy, 2009. Google ScholarDigital Library
- M. Newman and M. Girvan. Finding and evaluating community structure in networks. Physical Review, 69(2), 2004.Google Scholar
- R. Ravichandran, M. Benisch, P. Kelley, and N. Sadeh. Capturing social networking privacy preferences. In Symposium on Usable Privacy and Security (SOUPS), 2009. Google ScholarDigital Library
- R. Reeder, L. Bauer, L. Cranor, M. Reiter, K. Bacon, K. How, and H. Strong. Expandable grides for visualizing and authoring computer security policies. In CHI, 2008. Google ScholarDigital Library
- D. Rosenblum. What anyone can know: The privacy risks of social networking sites. IEEE Security and Privacy, 2007. Google ScholarDigital Library
- K. Singh, S. Bhola, and W. Lee. xBook: Redesigning privacy control in social networking platforms. In USENIX Security, 2009. Google ScholarDigital Library
- A. C. Squicciarini, M. Shehab, and F. Paci. Collective privacy management in social networks. In WWW, 2009. Google ScholarDigital Library
- K. Strater and H. Lipford. Strategies and struggles with privacy in an online social networking community. In British Computer Society Conference on Human-Computer Interaction, 2008. Google ScholarDigital Library
- E. Zheleva and L. Getoor. To join or not to join: The illusion of privacy in social networks with mixed public and private user profiles. In WWW, 2009. Google ScholarDigital Library
Index Terms
- Privacy wizards for social networking sites
Recommendations
A privacy recommendation wizard for users of social networking sites
CCS '10: Proceedings of the 17th ACM conference on Computer and communications securityPrivacy is a huge problem for users of social networking sites. While sites like Facebook allow individual users to personalize fine-grained privacy settings, this has proven quite difficult for average users. This demonstration illustrates a machine ...
Uses and gratifications of social networking sites for bridging and bonding social capital
Applying uses and gratifications theory (UGT) and social capital theory, our study examined users of four social networking sites (SNSs) (Facebook, Twitter, Instagram, and Snapchat), and their influence on online bridging and bonding social capital. ...
Privacy concerns on social networking sites
This study examines the impact of the types of posting, information types, and privacy concerns toward audience types across two types of social networking sites (SNSs), Facebook and Twitter. The findings indicate that on Facebook, young SNS users are ...
Comments