xbook redesigning privacy control in social xbook
play

xBook: Redesigning Privacy Control in Social xBook: Redesigning - PowerPoint PPT Presentation

Feb 18, 2023 •236 likes •779 views

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee Social networking is growing 2 Privacy concerns are growing

  1. xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee

  2. Social networking is growing… 2

  3. Privacy concerns are growing… • More personal data being fed to social networks 3

  4. Privacy concerns are growing… • More personal data being fed to social networks Op-Ed: Post a photo, wear a pirate hat on myspace, and say goodbye to your career 4

  5. Privacy concerns are growing… • More personal data being fed to social networks Op-Ed: Post a photo, wear a pirate hat on myspace, and say goodbye to your career Mayor in MySpace photo flap asked to resign 5

  6. Privacy concerns are growing… • More personal data being fed to social networks Op-Ed: Post a photo, wear a pirate hat on myspace, and say goodbye to your career Mayor in MySpace photo flap asked to resign Hoover Police officers arrest Facebook burglary suspects 6

  7. Social Networks as Platforms • Social networks now act as programming platforms: third party applications. • Integration with the platform – Set of APIs allow an application to have access to user content and integrate into user’s profile 7

  8. Social Platform Architecture Application Trusted domain 8

  9. Social Platform Architecture Application Trusted domain No control over who can develop and deploy an application. No control over who can develop and deploy an application. 9

  10. Social Platform Architecture Application Trusted domain No control over who can develop and deploy an application. No control over who can develop and deploy an application. Minimal or no control on what these applications can access. Minimal or no control on what these applications can access. 10

  11. Social Platform Architecture External entities (e.g. Ad agencies) Application Trusted domain No control over who can develop and deploy an application. No control over who can develop and deploy an application. Minimal or no control on what these applications can access. Minimal or no control on what these applications can access. No control on what an application can do with what it can access. . No control on what an application can do with what it can access 11

  12. Current Affairs: Facebook 12

  13. Current Affairs: Facebook 13

  14. Facebook’s privacy policy is insufficient… If you, your friends, or members of your network use any third-party applications If you, your friends, or members of your network use any third-party applications developed using the Facebook Platform ("Platform Applications"), those Platform developed using the Facebook Platform ("Platform Applications"), those Platform Platform Platform Applications may access and share certain information about you with others Applications may access and share certain information about you with others with others in with others in Applications may access and share certain information about you Applications may access and share certain information about you accordance with your privacy settings. You may opt-out of any sharing of certain or all accordance with your privacy settings. You may opt-out of any sharing of certain or all information through Platform Applications on the Privacy Settings page. In addition, third information through Platform Applications on the Privacy Settings page. In addition, third party developers who have created and operate Platform Applications ("Platform party developers who have created and operate Platform Applications ("Platform may also have access to your personal information (excluding your may also have access to your personal information (excluding your r r Developers"), may also have access to your personal information (excluding you Developers"), may also have access to your personal information (excluding you contact information) if you permit Platform Applications to access your data. contact information) if you permit Platform Applications to access your data. ss your data. ss your data. contact information) if you permit Platform Applications to acce contact information) if you permit Platform Applications to acce Before allowing any Platform Developer to make any Platform Application available to Before allowing any Platform Developer to make any Platform Application available to you, Facebook requires the Platform Developer to enter into an agreement which, among you, Facebook requires the Platform Developer to enter into an agreement which, among other things, requires them to respect your privacy settings and strictly limits their other things, requires them to respect your privacy settings and strictly limits their collection, use, and storage of your information. However, while we have undertaken collection, use, and storage of your information. However, while we have undertaken contractual and technical steps to restrict possible misuse of such information by such contractual and technical steps to restrict possible misuse of such information by such Platform Developers, we of course cannot and do not guarantee that all Platform Platform Developers, we of course cannot and do not guarantee that all Platform we of course cannot and do not guarantee that all Platform we of course cannot and do not guarantee that all Platform Developers will abide by such agreements. Please note that Facebook Developers will abide by such agreements. Please note that Facebook Facebook does not Facebook does not does not does not Developers will abide by such agreements. Please note that Developers will abide by such agreements. Please note that screen or approve Platform Developers and cannot control how such Platform screen or approve Platform Developers and cannot control how such Platform h Platform h Platform screen or approve Platform Developers and cannot control how suc screen or approve Platform Developers and cannot control how suc Developers use any personal information that they may obtain in connection with Developers use any personal information that they may obtain in connection with Developers use any personal information that they may obtain in Developers use any personal information that they may obtain in connection with connection with Platform Applications. Platform Applications. Platform Applications. Platform Applications. 14

  15. Facebook applications • Users need to trust the applications. • Mistakes are made: – “Top Friends” application allowed access to the profile of anyone using the application. – “We expect expect third-party apps to follow the rules the users set” – director at Facebook. • Deliberate “mistakes” are made: – “Google confirms Adsense ads, security problems in Facebook applications” 15

  16. Facebook applications • Users need to trust the applications. • Mistakes are made: – “Top Friends” application allowed access to the profile of anyone using the application. – “We expect expect third-party apps to follow the rules the users set” – director at Facebook. • Deliberate “mistakes” are made: – “Google confirms Adsense ads, security problems in Facebook applications” No enforcement, because it is not possible in the No enforcement, because it is not possible in the current architecture! current architecture! 16

  17. Our Goals • Provide privacy protection for users’ data in presence of third party applications. – Prevent data leaks out to external entities. – Provide user-user access control (for data flowing through an application). – Protection of application’s proprietary data. • No changes should be required on the browser side. • The user should be oblivious to any design changes. 17

  18. 18 Trusted domain Our Solution: xBook

  19. Our Solution: xBook Trusted domain (xBook) • Pull the applications into the trusted Pull the applications into the trusted xBook xBook domain. domain. • 19

  20. Our Solution: xBook Trusted domain (xBook) • Pull the applications into the trusted Pull the applications into the trusted xBook xBook domain. domain. • • Monitor the applications at runtime in the browser. Monitor the applications at runtime in the browser. • 20

  21. Our Solution: xBook Pre-declared access Trusted domain (xBook) • Pull the applications into the trusted Pull the applications into the trusted xBook xBook domain. domain. • • Monitor the applications at runtime in the browser. Monitor the applications at runtime in the browser. • • Allow applications access to any user data, but Allow applications access to any user data, but require require require them to them to • require make use of that data explicit. make use of that data explicit. 21

  22. Our Solution: xBook Pre-declared access X External X entities External Trusted domain (xBook) entities • Pull the applications into the trusted Pull the applications into the trusted xBook xBook domain. domain. • • Monitor the applications at runtime in the browser. Monitor the applications at runtime in the browser. • • Allow applications access to any user data, but Allow applications access to any user data, but require require require them to them to • require make use of that data explicit. make use of that data explicit. • Use information flow techniques to prevent data leaks by the Use information flow techniques to prevent data leaks by the • applications. applications. 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Visualizing Privacy Implications of Access Control Policies in Social Networks Mohd Anwar ,

Visualizing Privacy Implications of Access Control Policies in Social Networks Mohd Anwar ,

Visualizing Privacy Implications of Access Control Policies in Social Networks Mohd Anwar , Philip W. L. Fong , Xue-Dong Yang , Howard Hamilton University of Calgary, Alberta, Canada University of Regina, Saskatchewan,

341 views • 31 slides
Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University

Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University

Privacy & Social Media Lisa Singh, PhD Department of Computer Science Georgetown University Outline Our world on the Internet Data privacy in a public profile world Methods for determining our web footprints Taking control of

717 views • 33 slides
Redesigning Downtown Transit & Redesigning Downtown Transit & the Providence Station

Redesigning Downtown Transit & Redesigning Downtown Transit & the Providence Station

Redesigning Downtown Transit & Redesigning Downtown Transit & the Providence Station Transit Center: Improved Mobility, Improved Economy Background & Need Why is Project Needed? Dow ntow n Providence is expanding. Key activity

367 views • 16 slides
Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy important? If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

725 views • 31 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se @raparuldo OUTLINE Define privacy Look at privacy issues in Social Network Sites (SNS) Ethically Theoretically (Informational

296 views • 25 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How do we manage our diversity? (identities) Privacy is difficult. Tech? Legal? action: collecting current practices (many) Me, You, Us. social

438 views • 14 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks Wei Wang ECE Dept. Worcester Polytechnic Institute (WPI) Security and Privacy Problems in the mobile and cloud computing Security and Privacy

608 views • 19 slides
Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E

Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E

Social Media Privacy WHAT IS PUBLIC, WHAT IS NOT? C H R I S T Y M A N N E R I N G , W E B D E V E L O P E R , U N I V E R S I T Y O F D E L A W A R E Rule #1 It is safe to assume if you put information online it isnt 100% private.

845 views • 28 slides
Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau Security Research Group Computer Laboratory Outline Why Privacy Matters How Social Networks Change The Game The Current Mess

495 views • 46 slides
More than Just a Document: Redesigning the Syllabus for Digital Environments Ary Aranguiz,

More than Just a Document: Redesigning the Syllabus for Digital Environments Ary Aranguiz,

More than Just a Document: Redesigning the Syllabus for Digital Environments Ary Aranguiz, Instructional Designer Laura Dicht, Instructional Designer #nyuonline Redesigning the Syllabus What do you think are the essential components an

678 views • 28 slides
PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo NWPT 2015 DataBIN Data-driven Secure Business Intelligence FACEBOOK PRIVACY SETTINGS Imagine you only want your friends to know your location 2

683 views • 27 slides
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman Princeton UPenn Joint work with: Aaron Blankstein, Michael J. Freedman, and Edward W. Felten Social Networking with

661 views • 27 slides
Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer School Sonja Buchegger, Assoc. Prof. Computer Science KTH ! Online Privacy Problematic Current services (FB, GMail, GCal, Flickr, Pinterest) are

398 views • 18 slides
Rule-Based Sentiment Analysis in Narrow Domain Detecting Sentiment in Daily Horoscopes Using

Rule-Based Sentiment Analysis in Narrow Domain Detecting Sentiment in Daily Horoscopes Using

Rule-Based Sentiment Analysis in Narrow Domain Detecting Sentiment in Daily Horoscopes Using Sentiscope eljko Agi and Danijela Merkler University of Zagreb Faculty of Humanities and Social Sciences SAAIP 2012, Mumbai, India, 2012-12-15

226 views • 12 slides
horoscop and starfont Matthew Skala Astrology rt ss

horoscop and starfont Matthew Skala Astrology rt ss

Astrological charts with horoscop and starfont Matthew Skala Astrology rt ss t t tt s rstr

623 views • 23 slides
If you are honest, this tells the truth - it's pretty good! Write your answers on a piece of

If you are honest, this tells the truth - it's pretty good! Write your answers on a piece of

Horoscope Test... If you are honest, this tells the truth - it's pretty good! Write your answers on a piece of paper. No cheating! The answers are at the next slide. 1. Write the name of a person of the opposite sex. 2. Which is your favorite

69 views • 3 slides
Repeating Years, Repeating Themes Leisa Schaim Annual Profections A timing technique that

Repeating Years, Repeating Themes Leisa Schaim Annual Profections A timing technique that

Repeating Years, Repeating Themes Leisa Schaim Annual Profections A timing technique that shows when certain themes are more active in a persons life All parts of chart not equally active all the time Specific natal placements

1.12k views • 43 slides
WIT COMP1000 Methods Wentworth Institute of Technology Engineering & Technology Methods

WIT COMP1000 Methods Wentworth Institute of Technology Engineering & Technology Methods

Wentworth Institute of Technology Engineering & Technology WIT COMP1000 Methods Wentworth Institute of Technology Engineering & Technology Methods Programs can be logically broken down into a set of tasks Example from horoscope

793 views • 32 slides
Vector-space models of meaning Christopher Potts CS 244U: Natural language understanding Jan 19

Vector-space models of meaning Christopher Potts CS 244U: Natural language understanding Jan 19

Overview Matrix designs Weighting/normalization Distance measures Experiments Dimensionality reduction Tools Looking ahead Vector-space models of meaning Christopher Potts CS 244U: Natural language understanding Jan 19 1 / 48 Overview

789 views • 65 slides
BiographyNet Linking the world of History Workshop on Biographical

BiographyNet Linking the world of History Workshop on Biographical

BiographyNet Linking the world of History Workshop on Biographical Linked Data Friday 22 January 2016 Team BiographyNet (h:p://www.biographynet.nl) The beginning

426 views • 38 slides
Knowledge Representation Part II III Credit to Ref. f.: Preface + Chapter 1 2 1 Jan

Knowledge Representation Part II III Credit to Ref. f.: Preface + Chapter 1 2 1 Jan

Knowledge Representation Part II III Credit to Ref. f.: Preface + Chapter 1 2 1 Jan Pettersen Nytun, Knowledge Representation III, UiA Preface S O P Beyond being a query language, SPARQL is a powerful graph-matching language

375 views • 10 slides

More recommend