COMP8240 Privacy

Privacy Issues in Selected

Applications (1)
Online Social Networks (OSNs) – Part 1

Budi Arief (b.arief@kent.ac.uk)

Based (in parts) on materials by Özgür Kafalı

 Outline
• Introduction
• OSN: A Closer Look
• Sharing and Disclosure

2
 Introduction
• Online Social Networks (OSNs)

3
Borrowed from: https://medium.com/@christina_meyer/what-is-the-difference-between-social-media-and-social-network-e6dd5ad28d8f
 Introduction (contd.)
• Online Social Networks (OSNs)
• “decentralized and distributed computer networks
where users communicate with each other through
internet services” [1]
• “online environments where people can present
themselves on their individual profiles, make links to
other users, and communicate with them” [2]

4
 Outline
• Introduction
• OSN: A Closer Look
• Sharing and Disclosure

5
 OSN: A Closer Look

Based on an article by Gürses and Diaz (2013) [3] 6

OSN: A Closer Look (contd.)
• Three types of OSN privacy problems:
• Surveillance problems
• Governments and service providers making use of OSN
users’ personal information and social interactions
• Social privacy problems
• The result of the necessary renegotiation of boundaries,
as social interactions move to OSNs
• Institutional privacy problems
• Users losing control and oversight of OSNs’ collection and
processing of their data
7
OSN: A Closer Look (contd.)
• The paper focuses on the first two:
• Surveillance problems
• Governments and service providers making use of OSN
users’ personal information and social interactions
• Social privacy problems
• The result of the necessary renegotiation of boundaries,
as social interactions move to OSNs
• Institutional privacy problems
• Users losing control and oversight of OSNs’ collection and
processing of their data
8
OSN: A Closer Look (contd.)
• OSN providers have access to all user-
generated contents
• They can decide who has access to which information
• This can cause social privacy problems
• E.g., OSN provider changing content visibility globally,
without informing their users
• Social privacy problems can lead to
surveillance problems (or vice versa)
• E.g., social tagging of people in posted photos
9
 Surveillance Perspective
• OSNs have been perceived to drive socio-
political changes
• Arab Spring and Occupy Movement in early 2010s
• Intelligence agencies have developed strategies for
monitoring and blocking OSNs
• While at the same time, using OSN data for their own
interests

10
 Surveillance (contd.)
• Two uses:
• OSNs have gained importance beyond just “social”
• A site for citizens to contest their ruling institutions
• The ruling institutions will try to use OSNs to monitor
and intervene in their citizens’ lives
• They are in tension!
Citizen’s use State’s use
Democratic versus Monitoring and
emancipation influencing citizens
11
 Surveillance (contd.)
• “Surveillant assemblage”
• Law enforcement and intelligence agencies forming
partnership with OSN providers
• Not just surveillance, but also limiting free speech (e.g.,
censoring user content or groups; blocking certain sites)
• It is not enough to rely solely on legal
measures for protecting citizens
• We need Privacy Enhancing Technologies (PETs)
• “technologies specifically designed to protect citizens’
online privacy from overbearing states and collaborating
service providers” [3] 12
 Social Privacy Perspective
• Portrayal of OSNs as “consumer goods”
• Users are consuming these services for
• Socialising with family and friends
• Obtaining access to information and discussions
• Gaining a sense of belonging
• And having these activities made public
• Note: this should occur at the users’ discretion
• May lead to unexpected and regrettable interactions
• Sometimes things “go viral”

13
 Social Privacy (contd.)
• When boundaries are crossed, social privacy
may lead to:
• Concerns raised by users
• Harms experienced by users
• Addressing social privacy problems in OSNs
• Human-Computer Interaction (HCI)
• Design principles to assist users in making better privacy
decisions (e.g., “privacy nudges”)
• Access control
• User modelling for intuitive, meaningful privacy settings
14
 Outline
• Introduction
• OSN: A Closer Look
• Sharing and Disclosure

15
 Revelation and Privacy [4]

Also, you can watch Alessandro’s TED Talk (if you have not seen it):
https://www.ted.com/talks/alessandro_acquisti_what_will_a_future_without_secrets_look_like

16
 Revelation and Privacy [4]

• Patterns of information revelation in OSN

• And their implications on privacy
• Over 4,000 Carnegie Mellon University students who
use Facebook
• Paying a close attention to
• The amount of information they disclose
• The usage of the site’s privacy settings
• Potential attacks on various aspects of their privacy
• Only a minimal percentage of users changes the highly
permeable privacy preferences
17
 Revelation and Privacy [4]

• Types and Amount of Information Disclosed

18
 Revelation and Privacy [4]

• Real/partial/ fake profile names

• From a subset of 100 participants

19
 Revelation and Privacy [4]

• Privacy Implications
• Stalking
• Re-identification
• Demographics and face re-identification
• Social Security Numbers and Identity Theft
• Building a digital dossier
• Fragile privacy protection
• Fake email address
• Manipulating users
• Advanced search features
20
 Revelation and Privacy [4]

• Conclusion
• OSNs are much larger and looser than their offline
counterparts
• any individuals in a person’s online extended network
would hardly be defined as actual friends
• in fact, many may be complete strangers
• Users seem to be unconcerned about privacy risks
• personal and sensitive information is freely and publicly
provided
• limiting privacy preferences are hardly used
• only a small number of members change the default
privacy preferences 21
Why We Disclose [2]

22
 Why We Disclose [2]

• This paper looks at the motivating and

discouraging factors for information
disclosure on OSN platforms
• Trade-off between the perceived risks and benefits of
self-disclosure
• “any message about self that a person communicates to
another”
• Personally identifiable information (e.g., full name, date of
birth, address)
• Other private information (e.g., hobbies, sexual
orientation, relationship status)
23
 Why We Disclose [2]

• Methodology
• Two focus groups of participants
• With experience using Facebook or StudiVZ (a German
social networking platform for students)
• Constructing an information disclosure model
• Empirical evaluation of the model

24
 Why We Disclose [2]

• Benefits of disclosure
• Convenience of maintaining relationship
• Enjoyment
• Relationship building
• Self-presentation
• Cost of disclosure
• Perceived privacy risk

25
 Why We Disclose [2]

• Mitigating factors
• Control
• Platform-enabled
• Legal assurance
• Trust in OSN members
• Trust in OSN provider

26
 Why We Disclose [2]

• Privacy-related behaviour
• Information disclosure
• Information falsification
• Selectivity in friends
• Privacy settings
• Complaining

27
 Why We Disclose [2]

• Implications for OSN providers

• Should have an even stronger interest in enriching
their core functionality
• Facilitating the maintenance of relationship
• Should foster relationship-building among users
• By actively presenting users to each other
• Should place more emphasis on the enjoyment
aspect
• By bringing their functionality to a level of immersion equal
to virtual world communities
28
 Why We Disclose [2]

• Conclusion
• The key benefits of OSN platforms are significantly
linked to information disclosure
• Convenience, Relationship Building, Enjoyment
• Risk hinders self-disclosure, but people may share
anyway due to perceived benefits
• Mitigated by trust and control beliefs
• There are likely other factors that would influence self-
disclosure

29
Facebook and Privacy [5]

Next Lecture

30
 References
[1] Wikipedia, “Social networking service”.
https://en.wikipedia.org/wiki/Social_networking_service
[2] Hanna Krasnova, Sarah Spiekermann, Ksenia Koroleva and Thomas
Hildebrand, "Online Social Networks: Why We Disclose”, Journal of
information technology, 25(2): 109-125, 2010.
https://journals.sagepub.com/doi/pdf/10.1057/jit.2010.6
[3] Seda Gürses and Claudia Diaz, "Two tales of privacy in online social
networks”, IEEE Security & Privacy, 11(3): 29-37, 2013.
https://ieeexplore.ieee.org/abstract/document/6493309
[4] Ralph Gross and Alessandro Acquisti. "Information revelation and privacy
in online social networks." In Procs. 2005 ACM Workshop on Privacy in
the Electronic Society (WPES), pp. 71-80. 2005.
https://dl.acm.org/doi/abs/10.1145/1102199.1102214
[5] Maritza Johnson, Serge Egelman and Steven M. Bellovin. "Facebook and
Privacy: It’s Complicated." In Procs. 8th Symposium on Usable Privacy
and Security (SOUPS’12), pp. 1-15, 2012.
31
https://dl.acm.org/doi/abs/10.1145/2335356.2335369