Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
1Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Facebook: Threats to Privacy

Facebook: Threats to Privacy

Ratings: (0)|Views: 17 |Likes:
Published by vobios
Facebook: Threats to Privacy
Harvey Jones, Jose Hiram Soltren
December 14, 2005

End-users share a wide variety of information on Facebook, but a discussion of the privacy implications of doing so has yet to emerge. We examined how Facebook affects privacy, and found serious flaws in the system. Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook. We based our end-user findings on a survey of MIT students and statistical analysis of Facebook data from MIT, Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of Fair Information Practices as recommended by the Federal Trade Commission. In light of the information available and the system that protects it, we used a threat model to analyze specific privacy risks. Specifically, university administrators are using Facebook for disciplinary purposes, firms are using it for marketing purposes, and intruders are exploiting security holes. For each threat, we analyze the efficacy of the current protection, and where solutions are inadequate, we make recommendations on how to address the issue.
Facebook: Threats to Privacy
Harvey Jones, Jose Hiram Soltren
December 14, 2005

End-users share a wide variety of information on Facebook, but a discussion of the privacy implications of doing so has yet to emerge. We examined how Facebook affects privacy, and found serious flaws in the system. Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook. We based our end-user findings on a survey of MIT students and statistical analysis of Facebook data from MIT, Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of Fair Information Practices as recommended by the Federal Trade Commission. In light of the information available and the system that protects it, we used a threat model to analyze specific privacy risks. Specifically, university administrators are using Facebook for disciplinary purposes, firms are using it for marketing purposes, and intruders are exploiting security holes. For each threat, we analyze the efficacy of the current protection, and where solutions are inadequate, we make recommendations on how to address the issue.

More info:

Published by: vobios on Jul 21, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/28/2011

pdf

text

original

 
Facebook: Threats to Privacy
Harvey Jones, Jos´e Hiram SoltrenDecember 14, 2005
Abstract
End-users share a wide variety of information on Facebook, but a discussion of the privacyimplications of doing so has yet to emerge. We examined how Facebook affects privacy, andfound serious flaws in the system. Privacy on Facebook is undermined by three principal factors:users disclose too much, Facebook does not take adequate steps to protect user privacy, andthird parties are actively seeking out end-user information using Facebook. We based our end-user findings on a survey of MIT students and statistical analysis of Facebook data from MIT,Harvard, NYU, and the University of Oklahoma. We analyzed the Facebook system in terms of Fair Information Practices as recommended by the Federal Trade Commission. In light of theinformation available and the system that protects it, we used a threat model to analyze specificprivacy risks. Specifically, university administrators are using Facebook for disciplinary purposes,firms are using it for marketing purposes, and intruders are exploiting security holes. For eachthreat, we analyze the efficacy of the current protection, and where solutions are inadequate,we make recommendations on how to address the issue.
1
 
Contents
1 Introduction 42 Background 5
2.1 Social Networking and Facebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 Information that Facebook stores . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Previous Work 64 Principles and Methods of Research 7
4.1 Usage patterns of interest. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74.2 User surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.3 Direct data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.4 Obscuring personal data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.5 A brief technical description of Facebook from a user perspective . . . . . . . . . . . 104.6 Statistical signicance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5 End-UsersInteraction with Facebook 13
5.1 Major trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.2 Facebook is ubiquitous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145.3 Users put time and eort into proles . . . . . . . . . . . . . . . . . . . . . . . . . 155.4 Students join Facebook before arriving on campus . . . . . . . . . . . . . . . . . . . 155.5 A substantial proportion of students share identifiable information . . . . . . . . . . 165.6 The most active users disclose the most . . . . . . . . . . . . . . . . . . . . . . . . 165.7 Undergraduates share the most, and classes keep sharing more . . . . . . . . . . . . 185.8 Dierences among universities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185.9 Even more students share commercially valuable information . . . . . . . . . . . . . 205.10 Users are not guarded about who sees their information . . . . . . . . . . . . . . . . 205.11 Users Are Not Fully Informed About Privacy . . . . . . . . . . . . . . . . . . . . . . 205.12 As Facebook Expands, More Risks Are Presented . . . . . . . . . . . . . . . . . . . 215.13 Women self-censor their data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215.14 Men talk less about themselves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225.15 General Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6 Facebook and Fair Information Practices22
6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226.2 Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226.3 Choice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
 
6.4 Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246.5 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246.6 Redress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
7 Threat Model 25
7.1 Security Breach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257.2 Commercial Datamining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267.3 Database Reverse-Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277.4 Password Interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.5 Incomplete Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.6 University Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297.7 Disclosure to Advertisers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327.8 Lack of User Control of Information . . . . . . . . . . . . . . . . . . . . . . . . . . 337.9 Summary and Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8 Conclusion 34
8.1 Postscript: What the Facebook does right . . . . . . . . . . . . . . . . . . . . . . . 348.2 Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358.3 College Newspaper Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9 Acknowledgements 38
9.1 Interview subjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
A Facebook Privacy Policy 39B Facebook Terms Of Service 41C Facebook SpiderCode: Acquisition and Processing 45
C.1 Data Downloading BASH Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . 46C.2 Facebook Profile to Tab Separated Variable Python Script . . . . . . . . . . . . . . 46C.3 Data Analysis Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
D Supplemental Data 56E Selected Survey Comments 73
E.1 User Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
F Paper Survey 75
3

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->