Professional Documents
Culture Documents
net/publication/331743066
CITATIONS READS
0 8,053
1 author:
SEE PROFILE
All content following this page was uploaded by Sai Lakshmi Harichandana Nandyala on 14 March 2019.
1 Introduction
Instagram is a social media platform that mainly focused on sharing photos with the
use of filters in the past, but over recent years it has grown to provide various
services. The mobile application gained huge momentum in terms of users; by 2018 it
gained over 800 million monthly active users [1]. It was initially released in 2010 for
sharing phots and videos and was later purchased by Facebook [2]. Eventually the
latest version has multiple features to add filters, send messages, add stories, provide
user insights for a business profile. Approximately 888 Instagram photos are
uploaded in one second[3],which leads to collection of enormous amounts of
personal information of the users.
The aim is to make user experience better and use the same for advertising products
of a company which pay Instagram for their promotion. This is a business model in
which users are the products of the company. Despite the measures taken by the
company for user privacy protection, lot of risks still prevail that need to be avoided.
We will go through the application description, data collection and other factors to
perform a privacy impact assessment and come up with strategies to decrease the
privacy issues.
Every new user has to sign up using an email id or Facebook account to become a
member of the instagram community as both the accounts are interlinked. You can
sign into Instagram using your phone number, email id or Facebook credentials and
even have multiple accounts under same user .The users can view their profiles
through a web browser but can only use the functionalities using a smartphone.
1
A profile can be made public or private based on user choice. Another kind of
commercial accounts are the business profiles where one can promote a brand or
personal blog. Upon creation, the users share their pictures and videos for the
followers to like, comment and share the content. Users can follow the people they
are interested in and tag their friends in pictures. The stories feature taken from
Snapchat enables the user to post photos and videos that last until 24 hours. Instagram
now has enabled its users to shop the products they like by introducing a feature in
which users click on the product links embedded in the photos [4].
The archive feature helps in hiding posts which only the user can see, which is a
step towards enhancing privacy of posts. The insights feature is based on data
analytics where a business profile is provided with details like the reach of a post,
impressions and profile visits[5]. For promotion of accounts, users must have a
Facebook page and upon payment, their post’s reach is boosted and it appears as an
ad on audience feed[6]. The “explore” feed shows photos and videos of all the public
accounts the user has previously showed interest in and it’s created using the user
activity of the accounts followed by the user.[7]
2
2.2 Stakeholders
Firstly the main stakeholders are its active end-users of age 13 and above all over
the world. Second section of stakeholders are corporate companies which invest
in advertising their brands and even the shareholders of Facebook as it owns this
application[8]. Due to Instagram’s huge user base, all the top companies in the
world are trying to reach out and market themselves on Instagram to keep their
customers updated about their latest developments. Various news channels, public
figures, food and fashion industry constantly use it to gain popularity by
increasing their followers with quality content. Various non-profit organisations
collaborate and try to create awareness on various issues for social causes on their
profiles.
3
Further this data is usually shared by Instagram to third party companies which use
data analytics to figure out what kind of advertisements can be shown on the user’s
feed. The location tags used help the algorithm to learn about future locations the
user might like to visit, or calculate the popularity of a restaurant by the number of
posts with the location tag . This also gives information to different travel companies.
Business profiles can obtain a daily feedback on how well their posts are doing by
gaining insights on number of likes per post, age range and gender; the user details
are continuously being extracted for this feature[11].
2.4 Implementation
Instagram had a paradigm shift from a reverse chronological display of posts to its
latest algorithm which is more intelligent and personalised[12]. The algorithm works
using machine learning techniques that extract feature functions from the user’s
activity. The learning models further process the features based on hashtags, likes,
comments and geo-tags and cookies stored by browsing data. The models use
4
artificial intelligence to create a unique feed for every user which helps Instagram
know its customers better.
The users are shown advertisements of the companies that pay Instagram to promote
their products, based on interest prediction done by the machine learning models.
This constitutes to the social media marketing strategies implemented by companies
that use Instagram. The daily activity of a user is recorded for personalising the feed.
Instagram is also used as a search engine by users. The user search for the
information they want using hashtags and geo-tags for example, by searching for a
place, Instagram shows all the pictures and videos related to that location. The latest
features incorporated features enable the application to broaden its horizons in terms
of user engagement.
5
3.1 Technical privacy risks
3.1.1 Location Tracking through GPS
The Data Policy of Instagram states that,“We use location-related information-such
as your current location, where you live, the places you like to go, and the businesses
and people you're near-to provide, personalise and improve our Products, including
ads, for you and others”[Section 2]. By this we can infer that Instagram is constantly
tracking your location and storing every move of yours. Although the user grants the
permission to the application to track location, there is a threat for life if an external
factor like a hacker, attacks the system and gains access to this private information.
Instagram is using various protection methods to avoid hackers but what is bothering
is the credibility of the third parties. How can one trust the third party with this
information is a major concern.The users can choose to opt out of sharing location,
but this restricts the user from experiencing certain features of the application.
6
3.1.3 Under Age Users and Fake Profiles
The eligibility criteria for creating an Instagram account is to have an email address
or a Facebook account. This is not enough to identify if someone is above the
certified age to access the application. This lack of identification is the reason behind
huge number of under age and fake profiles on the platform. The absence of an age
evidence system leads to an environment where under age kids are exposed to adult
content and advertisements not suitable for children. In the privacy and safety centre
description, Instagram clearly states that, “Anyone signed into the Instagram app can
view photos or videos on someone's public profile. If you'd like to make sure that only
approved followers can see your child's posts, we suggest setting your posts to
private. Once you set your posts to private, anyone who wants to see your child's
posts will have to send your child a follower request which they can then approve or
ignore” [tips for parents section]. The application gives the warning that the children
profiles can be accessed by anyone who is on it.
Despite the option of reporting an underage profile activity if found, this
precautionary approach is not enough to curb down the problem due to profile
creations done without the parent’s knowledge. Secondly, there is an alarming
increase in third party companies which gain money by creating bots that signup as
fake profiles, whose purpose is to provide likes and comments to increase popularity
of the customer profile[14]. Existence of users who don’t have an evidence to prove
their identity must be handled.
9
The language used here is not very accurate. There is a lack of definition when it
comes to “parts of service” as there is no clear distinction between what services the
user will be denied post rejection of consent and what are the consequences following
that decision. Many users might not be interested in viewings ads from third party
users, and hence might not give consent. But this does not mean that the user should
be exempted from accessing services from the application.
This creates a situation of forced consent where the user is indirectly pressurised to
accept to provide the persistent cookies without knowing the purpose behind
collection of data[17]. GDPR does not mention about rejecting services to a user
explicitly. It’s quite unsure whether this behaviour of applications is obeying the
regulations or not. There has to be more transparence between the application and its
users.
4 Alleviation Suggestions
In this final section, we discuss some of the strategies Instagram can adapt to
strengthen privacy of its users. The application is experiencing mammoth increase in
users which comes with huge risks concerning safety. To overcome some of the
problems discusses in section 3, here are some ideas that are potential and practical.
11
application’s motive should not be quantity of users, rather it must concentrate on the
quality of users.
12
4.1.5 User friendly explanation of data and platform policies
The common scenario experienced is, most of the users find it time consuming to go
through the entire description of terms and conditions before they signup for the
application. As Instagram has users as young as 13 and above, it is very important for
the application to make sure that the customer understands the terms. Due to lack of
patience the users click the forward button multiple times and tap the “I agree” button
way too fast. This can be avoided if Instagram adopted a user friendly interactive
policy form where, the language can be understood by a thirteen year old, a mini-quiz
can be asked to the users to check their knowledge about the application and their
data. This can create awareness among the users regarding the policies i.e what is
Instagram responsible for and not.
For example, a lot of users might not know that Instagram explicitly states in its
platform policy number 15 that, “ Instagram shall not, under any circumstances, be
liable to you for any indirect, incidental, consequential, special or exemplary
damages arising out of or in connection with use of the Instagram Platform and any
data derived through such Platform, whether based on breach of contract, breach of
warranty, tort[…] Under no circumstances shall Instagram be liable to you for any
amount.”
13
So an alternative solution to this is, a request-response mechanism where a tagger
has to send a request to tag the other person, and upon acceptance of the tagged, the
post will be published. This can be provided as an optional service for those users
who want tag alerts. This can cut down the post process of reporting a picture once it
has been posted or deal with the tension of having no control over a picture that you
own.
CONCLUSION
Instagram has evolved over the years from a basic photo sharing application to a
concoction of various social media services as discussed above. This work focuses on
the privacy aspects of Instagram and the risks associated with it. Various mitigation
approaches were proposed to prune the threats concerned to user’s personal
information. Instagram has been a game changer in the evolving world of social
media where each application is interlinked or dependent on various other third party
sites, leading to a situation where implementing security measures can get complex.
Future of social media security needs to develop highly robust systems to handle the
ever growing data and provide feasible solutions for user safety without leaving any
space for errors.
14
REFERENCES
[1] Instagram now has 1 billion users worldwide by Ashley Carman, June
20,2018. The Verge [url: https://tinyurl.com/y7tocswf]
[6] How do I view insights on Instagram, Facebook Help Centre [url: https://
tinyurl.com/ybn2ya5d]
[7] How Does the Instagram Algorithm Work ? By Caroline Forsey, HubSpot
[https://tinyurl.com/ycnc4jl6]
[8] who is the owner of Instagram now(2018), Julie Kwach Feb 2018. Tuko [url:
https://tinyurl.com/ybl4hvcy]
15
[10] Facebook explored unpicking personalities to target ads by Rory Cellan-
Jones, 24 April 2018, BBC News [ url: https://tinyurl.com/yccgczcf]
[11] Provide measurement, analytics, and other business services, Instagram [url:
https://tinyurl.com/yd9kpgtb]
[12] Top Instagram Updates you need to know in 2018 , Ana Gotter, December
18, 2018 [url: https://tinyurl.com/yccgopjn]
[13] Instagram will no longer notify people when you screenshot their stories,
Sean Wolfe June 15, 2018. Business Insider [url:https://tinyurl.com/yadf6uh6]
[14] Why fake instagram followers can put your online safety at risk, Chelsea
Ritschel, independent.co.uk ,New York(Friday 18 May 2018) [url: https://
tinyurl.com/y7zsz5to]
[15] What Instagram users need to know about Facebook’s security breach,
Taylor Hatmaker, Tech Crunch, September 2018. [url: https://tinyurl.com/
y85fsz8p]
[16] Why Instagram is the worst social media for Mental Health by Amanda
Machmillan, May 25, 2017. TIME [url: https://tinyurl.com/ko3cws8]
16
17