Privacy Implications of Privacy Settings and Tagging in Facebook - - PowerPoint PPT Presentation

privacy implications of privacy settings and tagging in
SMART_READER_LITE
LIVE PREVIEW

Privacy Implications of Privacy Settings and Tagging in Facebook - - PowerPoint PPT Presentation

Mar 26, 2024 284 likes •480 views

Privacy Implications of Privacy Settings and Tagging in Facebook 1 Privacy Implications of Privacy Settings and Tagging in Facebook Stan Damen, Nicola Zannone Eindhoven University of Technology 10th VLDB Workshop on Secure Data Management

slide-1
SLIDE 1

Privacy Implications of Privacy Settings and Tagging in Facebook 1

Privacy Implications of Privacy Settings and Tagging in Facebook

Stan Damen, Nicola Zannone

Eindhoven University of Technology

10th VLDB Workshop on Secure Data Management COMMIT/

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-2
SLIDE 2

Privacy Implications of Privacy Settings and Tagging in Facebook 2 Motivations

Social Networks

Increasingly popular

◮ millions of users across the world

Benefits

◮ Finding old friends ◮ Building communities around common

interests

◮ Gaming ◮ ...

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-3
SLIDE 3

Privacy Implications of Privacy Settings and Tagging in Facebook 3 Motivations

Information Sharing

◮ Posting ◮ Sharing pictures ◮ Profile (partially) publicly available ◮ Third party applications

◮ games, online marketplace

◮ Tagging

Huge amount of personal information available on social networks

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-4
SLIDE 4

Privacy Implications of Privacy Settings and Tagging in Facebook 4 Motivations

Privacy Issues

◮ Social network privacy practices: related to the collection and

processing of personal data by the social network and their disclosure to third parties.

◮ user tracking (e.g., Facebook “Like” button), user profiling for

advertisement purposes, secondary usage of data, and storing information after it was deleted by the user.

◮ Information disclosure to contacts: misuse of personal information

by other users in the social network.

◮ e.g., cyberstalking, identity theft, discrimination

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-5
SLIDE 5

Privacy Implications of Privacy Settings and Tagging in Facebook 5 Motivations

Privacy Paradox

“There is only one thing in the world worse than being Facebook stalked, and that is not being Facebook stalked” Atwan and Lushing (2008)

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-6
SLIDE 6

Privacy Implications of Privacy Settings and Tagging in Facebook 6 Motivations

Privacy Regulations

◮ Privacy legislation imposes stringent requirements on

the collection, processing and disclosure of personal data

◮ Upcoming European regulation on data protection

◮ user empowerment in controlling own data ◮ easier access own data ◮ right to be forgotten ◮ right to data portability

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-7
SLIDE 7

Privacy Implications of Privacy Settings and Tagging in Facebook 7 Motivations

Empowering Users

◮ Social networks provide control tools

◮ Privacy setting ◮ Facebook “View As” functionality ◮ Google Dashboard

◮ False confidence of being in control of data

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-8
SLIDE 8

Privacy Implications of Privacy Settings and Tagging in Facebook 7 Motivations

Empowering Users

◮ Social networks provide control tools

◮ Privacy setting ◮ Facebook “View As” functionality ◮ Google Dashboard

◮ False confidence of being in control of data

Goal

◮ Understand exiting privacy controls for collaborative systems. ◮ Focus on privacy impact of privacy settings and tagging in Facebook.

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-9
SLIDE 9

Privacy Implications of Privacy Settings and Tagging in Facebook 8

Outline

Facebook Profile Privacy Issues Proof-of-Concept Conclusions & Future Work

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-10
SLIDE 10

Privacy Implications of Privacy Settings and Tagging in Facebook 9 Facebook Profile

Profile Model

Profile Image Post Tag Profile Information Comment

Posted_By

User Data Provider Tag Target Data Host Tag Issuer

Owns 1

*

1 1 1 Made_By

Album

1 1

Group

Belong_To 1 Uploaded_By

*

Issued_By Refer_To 1 1

*

1 1 1 * 1

* *

1

*

1

*

1 1

* * *

1

* *

Defined_By

*

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-11
SLIDE 11

Privacy Implications of Privacy Settings and Tagging in Facebook 10 Facebook Profile

Privacy Settings

◮ Settings for visibility

◮ Specify who can view an object ◮ Defined in terms of groups (only me, friend, friend of friend, custom

groups)

◮ Defined for each object (album, photo, post, etc.)

◮ Settings for posting (define who can post) ◮ Settings for the visibility of new objects

◮ User friendly ◮ By default, more permissive settings

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-12
SLIDE 12

Privacy Implications of Privacy Settings and Tagging in Facebook 11 Facebook Profile

Tagging

◮ Tagging allows users to share information faster and easier ◮ A tag is an unambiguous link to another user ◮ Additional “features”

◮ Modify visibility of tagged object ◮ Create a copy of the tagged object in the profile of the tagged user

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-13
SLIDE 13

Privacy Implications of Privacy Settings and Tagging in Facebook 12 Facebook Profile

Permissions

◮ Permissions: view, delete, post, comment, tag ◮ Depending on the role

◮ Data host: all permissions ◮ Data provider: delete his post (if still in visibility of the post) ◮ Tag target: delete tag

◮ Depending on privacy setting

◮ users can see a post if they are in the visibility of the post

◮ Privacy settings can only be seen by data host

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-14
SLIDE 14

Privacy Implications of Privacy Settings and Tagging in Facebook 13 Privacy Issues

Scenario (1)

  • 1. Alice posts on Bob’s profile

Visibility: Bob’s FoF

  • 2. Eve becomes Alice’s friend

Eve in the visibility of the post on Bob’s profile

◮ Eve can see contents on Bob’s profile without Bob knowing it

◮ Facebook’s “View As” functionality does not help

◮ Bob can restrict visibility to only me or friend

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-15
SLIDE 15

Privacy Implications of Privacy Settings and Tagging in Facebook 14 Privacy Issues

Scenario (2)

  • 1. Alice posts some content on her profile and tags Bob

Visibility: Alice’s FoF ∪ Bob’s FoF Visibility (copy): Bob’s FoF Eve in the visibility of the post

  • 2. Alice changes the visibility to friend

Visibility: Alice’s friend ∪ Bob’s friend Visibility (copy): Bob’s FoF Eve in the visibility of the post

  • 3. Alice changes the visibility to only me

Visibility: Alice ∪ Bob Visibility (copy): Bob’s FoF Eve in the visibility of (the copy of) the post

◮ Alice cannot remove Eve from the visibility of the post without

removing the tag

◮ Alice depends on Bob’s settings

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-16
SLIDE 16

Privacy Implications of Privacy Settings and Tagging in Facebook 15 Privacy Issues

Scenario (3)

  • 1. Bob uploads a picture of Alice and tags Eve

Visibility: Bob’s friends ∪ Eve’s friends Visibility (Eve copy): Eve’s FoF

  • 2. A tag of Alice is added to the picture

Visibility (Eve copy): Bob’s friends ∪ Eve’s friends ∪ Alice’s friends Visibility (Eve copy): Eve’s FoF Visibility (Alice copy): Alice’s FoF

◮ Alice (data subject) cannot influence visibility of the post ◮ Alice can only remove the tag

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-17
SLIDE 17

Privacy Implications of Privacy Settings and Tagging in Facebook 16 Privacy Issues

Issues

◮ User(s) in control of information

◮ data host in control ◮ privacy concerns data subject

◮ Object-centric

◮ copies are treated as independent objects

◮ Business-driven

◮ Personal data (and their sharing) are a business asset ◮ By default, more permissive restrictions

◮ Tagging

◮ visibility difficult to control ◮ can be used to identify data subject(s), but not main goal ◮ additional risk of data exposure

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-18
SLIDE 18

Privacy Implications of Privacy Settings and Tagging in Facebook 17 Proof-of-Concept

Proof-of-Concept

◮ Implementation of privacy settings in Facebook

◮ Actual view on information (vs. object view)

◮ Limitation

◮ Need access to privacy settings of users ◮ Can only be deployed as a functionality of the social network

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook

slide-19
SLIDE 19

Privacy Implications of Privacy Settings and Tagging in Facebook 18 Conclusions & Future Work

Conclusions & Future Work

◮ Privacy issues mainly caused by design decisions ◮ Need for novel access control model for collaborative systems

◮ able to consider role of users wrt data ◮ able to support novel modalities of social communication (e.g.,

tagging)

◮ Need for user-friendly transparency tools

◮ visualize who can see information ◮ notify when own policy is not enforced

  • S. Damen & N. Zannone

Privacy Implications of Privacy Settings and Tagging in Facebook