F ACEBOOK VS . P RIVACY A DVOCATES : A R OAD M AP F OR P EACE Joseph - PowerPoint PPT Presentation

F ACEBOOK VS . P RIVACY A DVOCATES : A R OAD M AP F OR P EACE Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Facebook Palo Alto, CA, USA July 14, 2009 Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 1 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

The Landscape SNS Industry Operators Developers Advertisers Tech Futurists Privacy Advocates Non-Profit Groups Advocates Academics Media Government Social Reactionaries Users? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 2 / 27

My Research Privacy in Graphs Sampled Graphs Inference Control Crawling Prevention Economic Factors Usability Next-Gen Designs Untrusted Server App Sandboxing Hacking Facebook Photo Serving FQL tricks App problems Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 3 / 27

My Research Privacy in Graphs Number/Sample of Users Photo Sharing Sampled Graphs Friends Are Already Members Communicate with Friends Inference Control Share Videos/Music Crawling Prevention Discover New People Signup is Free Profile Personalisation Economic Factors Privacy Controls Blogging Usability Applications/Games 0% 20% 40% 60% 80% 100% Next-Gen Designs general purpose (N=29) proportion of sites featuring this promotional argument non general purpose (N=16) Untrusted Server App Sandboxing Hacking Facebook Photo Serving FQL tricks App problems Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 3 / 27

My Research Privacy in Graphs Viewing Privacy Suite: Joe's Safe Settings Sampled Graphs Details Preview Adopt This Suite Inference Control Author: Joseph Bonneau Crawling Prevention Created: May 29, 2009 My settings share your photos with Economic Factors friends only, hide your email address from search engines, and... (more) Usability Used By: 24 of your friends Next-Gen Designs 234 people in the University of Cambridge network 457 people in the London network 1802 people overall Untrusted Server Reviewed By: Jonathan Anderson App Sandboxing Rating: ★★★★ I love it!!! Keeps my data out of Hacking Facebook stranger's hands, and Joe does a great job keeping it updated... (more) Photo Serving FQL tricks Reviewed By: Luke Church Rating: ★★★☆ App problems I liked this suite, but it hid too much of my info from my university network, so I modified it into my own Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 3 / 27

My Research Privacy in Graphs Sampled Graphs Inference Control Crawling Prevention Economic Factors Usability Next-Gen Designs Untrusted Server App Sandboxing Hacking Facebook Photo Serving FQL tricks App problems Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 3 / 27

My Research Privacy in Graphs Sampled Graphs Inference Control Crawling Prevention Economic Factors Usability Next-Gen Designs Untrusted Server App Sandboxing Hacking Facebook Photo Serving FQL tricks App problems Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 3 / 27

Disclaimer I often complain about Facebook... Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 4 / 27

Making Peace? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 5 / 27

A Roadmap For Peace Recognise common ground ie, ignore all the non-issues Compromise on the small points Work together on the big picture Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 6 / 27

What is Privacy, Anyways? Accidental information shared unintentionally bullying/harassment Malicious hacks deception crawlers/aggregators Structural advertisers developers Facebook & affiliates Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 7 / 27

Non-issues Sexual predators Bullying/Harassment Social/moral decline Censorship of hate speech (not yet) Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 8 / 27

Things Facebook is Doing Well Spam Detection Fine-grained privacy control Refusal to share “anonymised” data Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 9 / 27

Technical Things Facebook Can Fix Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 10 / 27

More TLS Encryption https://www.facebook.com Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 11 / 27

P3P Implementation Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 12 / 27

Encourage Responsible Disclosure Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 13 / 27

Fix Facebook Platform Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 14 / 27

Strengthen or Scrap Verified Application Program Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 15 / 27

Clarify Facebook Connect Don’t allow friends to view my memberships on other websites through Facebook Connect? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 16 / 27

Photo Security Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 17 / 27

Phishing Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 18 / 27

Clarify Privacy Policy Enumerate specific guarantees Email address sharing Data removal Narrower language Lessen legal requirements for users to provide real data Clarify “Programmatic Interaction” Remove democratic process Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 19 / 27

More Openness OpenID ‘Download my data’ button Open Social RSS export Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 20 / 27

The Tough Issues (hopefully, things we can work on together) Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 21 / 27

More Transparent Data Sharing Opt Out of Targeted Ads? Reference counting to data Subject Access Request Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 22 / 27

Usability of privacy controls Automatic inference of context? Automatic inference of intentions? Sharable privacy? Graphical end-user programming interface? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 23 / 27

Forward Privacy Ensuring new features “at least as private” as previous Enable “auto opt-out” of new features Make clear changes in data visibility with new features Privacy review process Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 24 / 27

Limiting Inference Protection against crawling Less-useful public views Theoretical grounding for query limits Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 25 / 27

Conclusion Facebook has much to gain by working with its critics Steady stream of ideas Credibility Researchers can gain as well Using Facebook as a research platform? Users will gain too In ways that is good for Facebook... Self-regulation is better for everybody Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 26 / 27

Questions? Joseph Bonneau (University of Cambridge) Facebook Talk July 14, 2009 27 / 27