Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Chao Wu

DOI: https://doi.org/10.1016/j.techsoc.2024.102457

IF: 6.879

2024-01-01

Technology in Society

Abstract:In recent years, data privacy has attracted increasing public concerns, especially with public scandals from top Internet companies, emerging over inappropriate data collection, lack of transparency in data usage, and manipulation of users' preferences. This has led to responsive efforts from multiple sectors of society to constrain the violation of individuals’ data privacy. Among these efforts, the regulations like GDPR are the most influential, which are believed to be able to change the foundation of the whole data ecosystem. The main concern of current regulation is data transparency, designed to enable individuals to make rational decisions about their data. However, I argue that transparency cannot mitigate a key issue of data privacy, which is the right of receiving benefits from data. This issue is getting severe with the rapid development of the data economy and will become the essential problem of social welfare and fairness in the AI era. I further point out that the key to solving this issue is to migrate the current centralized data utilization paradigm to a new decentralized paradigm. Based on the recent technical advancements, I propose an applicable pathway to implement such a paradigm. And to realize a fair and sustainable data eco-system, joint efforts should be made within this paradigm.

J. Isaak,M. Hanna

DOI: https://doi.org/10.1109/MC.2018.3191268

2018-08-01

Computer

Abstract:With the revelation that Facebook handed over personally identifiable information of more than 87 million users to Cambridge Analytica, it is now imperative that comprehensive privacy policy laws be developed. Technologists, researchers, and innovators should meaningfully contribute to the development of these policies.

Law,Political Science,Computer Science

Xuemeng Song,Xiang Wang,Liqiang Nie,Xiangnan He,Zhumin Chen,Wei Liu

DOI: https://doi.org/10.1145/3209978.3209995

2018-01-01

Abstract:The booming of social networks has given rise to a large volume of user-generated contents (UGCs), most of which are free and publicly available. A lot of users' personal aspects can be extracted from these UGCs to facilitate personalized applications as validated by many previous studies. Despite their value, UGCs can place users at high privacy risks, which thus far remains largely untapped. Privacy is defined as the individual's ability to control what information is disclosed, to whom, when and under what circumstances. As people and information both play significant roles, privacy has been elaborated as a boundary regulation process, where individuals regulate interaction with others by altering the openness degree of themselves to others. In this paper, we aim to reduce users' privacy risks on social networks by answering the question of Who Can See What. Towards this goal, we present a novel scheme, comprising of descriptive, predictive and prescriptive components. In particular, we first collect a set of posts and extract a group of privacy-oriented features to describe the posts. We then propose a novel taxonomy-guided multi-task learning model to predict which personal aspects are uncovered by the posts. Lastly, we construct standard guidelines by the user study with 400 users to regularize users' actions for preventing their privacy leakage. Extensive experiments on a real-world dataset well verified our scheme.

Haifang Yang,Mingzheng Wang,Xiangpei Hu,Xiaobai Li

2019-01-01

Abstract:The Facebook/Cambridge Analytica data scandal shows a type of privacy threat where an adversary attacks on a massive number of people without prior knowledge about their background information. Existing studies typically assume that the adversary knew the background information of the target individuals. This study examines the disclosure risk issue in privacy breaches without such an assumption. We define the background disclosure risk and re-identification risk based on the notion of prior and conditional probabilities respectively, and integrate the two risk measures into a composite measure using the Minimum Description Length principle. We then develop a decision-tree pruning algorithm to find an appropriate group size considering the tradeoff between disclosure risk and data utility. Furthermore, we propose a novel tiered generalization method for anonymizing data at the group level. An experimental study has been conducted to demonstrate the effectiveness of our approach.

pan shi,heng xu,cheng zhang

2012-01-01

Abstract:Privacy is widely viewed as an interpersonal boundary regulation process in the context of online social networks (OSNs). Mediated by technologies provided by the OSNs, users manage both identity information and social relationships on OSNs. While previous studies mainly focus on users’ information sharing and disclosure behaviors from an individual perspective, this work looks into the social nuances of users’ interactional privacy concerns within their social circles from an interpersonal perspective. Through a case analysis of launching “Friendship Pages” by Facebook, we aim to examine the trigger conditions under which users perceive the launch of such feature to aggregate interpersonal interactions as privacy problems. This work calls for more research in conceptualizing and measuring users’ interpersonal privacy concerns in the context of OSNs. We conclude this work with a discussion on research challenges in support of mitigating users’ interpersonal concerns in OSNs.

Jana Korunovska,Bernadette Kamleitner,Sarah Spiekermann

DOI: https://doi.org/10.48550/arXiv.2005.08967

2020-05-18

Abstract:The new information and communication technology providers collect increasing amounts of personal data, a lot of which is user generated. Unless use policies are privacy-friendly, this leaves users vulnerable to privacy risks such as exposure through public data visibility or intrusive commercialisation of their data through secondary data use. Due to complex privacy policies, many users of online services unwillingly agree to privacy-intruding practices. To give users more control over their privacy, scholars and regulators have pushed for short, simple, and prominent privacy policies. The premise has been that users will see and comprehend such policies, and then rationally adjust their disclosure behaviour. In this paper, on a use case of social network service site, we show that this premise does not hold. We invited 214 regular Facebook users to join a new fictitious social network. We experimentally manipulated the privacy-friendliness of an unavoidable and simple privacy policy. Half of our participants miscomprehended even this transparent privacy policy. When privacy threats of secondary data use were present, users remembered the policies as more privacy-friendly than they actually were and unwittingly uploaded more data. To mitigate such behavioural pitfalls we present design recommendations to improve the quality of informed consent.

Computers and Society

JaeWon Kim,Soobin Cho,Robert Wolfe,Jishnu Hari Nair,Alexis Hiniker

2024-10-23

Abstract:Privacy is essential to fully enjoying the benefits of social media. While fear around privacy risks can sometimes motivate privacy management, the negative impact of such fear, particularly when it is perceived as unaddressable (i.e., "dysfunctional" fear), can significantly harm teen well-being. In a co-design study with 136 participants aged 13-18, we explored how teens can protect their privacy without experiencing heightened fear. We identified seven different sources of dysfunctional fear, such as `fear of a hostile environment' and `fear of overstepping privacy norms.' We also evaluated ten designs, co-created with teen participants, that address these fears. Our findings suggest that social media platforms can mitigate dysfunctional fear without compromising privacy by creating a culture where privacy protection is the norm through default privacy-protective features. However, we also found that even the most effective privacy features are not likely to be adopted unless they balance the multifaceted and diverse needs of teens. Individual teens have different needs -- for example, public and private account users have different needs -- and teens often want to enjoy the benefits they get from slightly reducing privacy and widening their social reach. Given these considerations, augmenting default privacy features by allowing them to be toggled on and off will allow individual users to choose their own balance while still maintaining a privacy-focused norm.

Human-Computer Interaction

Chaochen Qian,Xiaochun Xiao,Siming Chen,Xueping Wang

DOI: https://doi.org/10.1109/anthology.2013.6784955

2013-01-01

Abstract:Social Networking Sites (SNS) such as Facebook and MySpace have attracted millions of users because of their ability to combine individuals by social graphs. Nonetheless, considerable amount of users are suffering from their poor privacy settings. It is partly due to their lack of the awareness of privacy. To most normal users, the too exhausting privacy settings on SNS is another important reason. Moreover, even friends cannot be trusted all the time, and the privacy issues involving friends have actually been serious. In this paper1, we propose a novel approach of grouping friends to improve the privacy policy. We introduce a closeness degree model to quantify relationship between one user and his friends, based on which all the friends can be categorized automatically and dynamically. With some further statistical inference and analysis, our approach reflects the users' tendency of disclosing personal data as well as their original privacy preferences.

Néstor Cataño

DOI: https://doi.org/10.48550/arXiv.1806.03519

2018-06-10

Abstract:We present a novel approach to deal with transitivity permission-delegation threats that arise in social networks when content is granted permissions by third-party users thereby breaking the privacy policy of the content owner. These types of privacy breaches are often unintentional in social networks like Facebook, and hence, (more) in-place mechanisms are needed to make social network users aware of the consequences of changing their privacy policies. Our approach is unique in its use of formal methods tools and techniques. It builds on a predicate logic definition for social networking that caters for common aspects of existing social networks such as users, social network content, friendship, permissions over content, and content transmission. Our approach is implemented in Yices. For the predicate logic model, we formulate a security policy for the verification of the permission flow of content owned by social network users and demonstrate how this security policy can be verified.

Software Engineering,Cryptography and Security

Feng Xu,Katina Michael,Xi Chen

DOI: https://doi.org/10.1007/s10660-013-9111-6

2013-01-01

Electronic Commerce Research

Abstract:The self-disclosure of personal information by users on social network sites (SNSs) play a vital role in the self-sustainability of online social networking service provider platforms. However, people’s levels of privacy concern increases as a direct result of unauthorized procurement and exploitation of personal information from the use of social networks which in turn discourages users from disclosing their information or encourages users to submit fake information online. After a review of the Theory of Planned Behavior (TPB) and the privacy calculus model, an integrated model is proposed to explain privacy disclosure behaviors on social network sites. Thus, the aim of this paper is to find the key factors affecting users’ self-disclosure of personal information. Using privacy calculus, the perceived benefit was combined into the Theory of Planned Behavior, and after some modifications, an integrated model was prescribed specifically for the context of social network sites. The constructs of information sensitivity and perceived benefit were redefined after reviewing the literature. Through a study on the constructs of privacy concern and self-disclosure, this article aims at reducing the levels of privacy concern, while sustaining online transactions and further stimulating the development of social network sites.

Alessandro Acquisti,Ralph Gross

DOI: https://doi.org/10.1007/11957454_3

2006-01-01

Abstract:Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. These networks offer attractive means for interaction and communication, but also raise privacy and security concerns. In this study we survey a representative sample of the members of the Facebook (a social network for colleges and high schools) at a US academic institution, and compare the survey data to information retrieved from the network itself. We look for underlying demographic or behavioral differences between the communities of the network’s members and non-members; we analyze the impact of privacy concerns on members’ behavior; we compare members’ stated attitudes with actual behavior; and we document the changes in behavior subsequent to privacy-related information exposure. We find that an individual’s privacy concerns are only a weak predictor of his membership to the network. Also privacy concerned individuals join the network and reveal great amounts of personal information. Some manage their privacy concerns by trusting their ability to control the information they provide and the external access to it. However, we also find evidence of members’ misconceptions about the online community’s actual size and composition, and about the visibility of members’ profiles.

Jebreel Alamari,Aziz Alshehri

DOI: https://doi.org/10.1007/s11042-024-20423-4

IF: 2.577

2024-11-06

Multimedia Tools and Applications

Abstract:In the era of digital communication, ensuring user privacy on social media platforms is essential. A major challenge is aligning platform privacy settings with individual user preferences without overwhelming them with too many questions. This research presents a methodology for designing adaptive privacy preferences on social media sites, aimed at minimizing user burden while accurately capturing their privacy needs. The methodology involves four steps: clustering users based on their responses, classifying them into specific groups, selecting the most important questions, and implementing the tailored settings. By grouping users according to their privacy concerns, we gain insights into their preferences, which help in customizing their privacy settings. We applied various classification techniques, including random forest, gradient boosting, AdaBoost, SVM, and k-NN, with random forest showing the highest accuracy in assigning users to appropriate clusters. The selection of questions is optimized using feature importance analysis, ensuring that only the most critical questions are asked, which reduces user fatigue while maintaining accuracy. This research is significant because it offers practical, personalized privacy controls that can enhance user satisfaction and privacy protection on social media platforms. By reducing the number of questions and tailoring settings to specific user groups, our methodology improves the overall user experience and privacy management.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jana Korunovska,Bernadette Kamleitner,Sarah Spiekermann

DOI: https://doi.org/10.48550/arXiv.1911.09386

IF: 6.4588

2019-11-21

Human-Computer Interaction

Abstract:Users disclose ever-increasing amounts of personal data on Social Network Service platforms (SNS). Unless SNSs' policies are privacy friendly, this leaves them vulnerable to privacy risks because they ignore the privacy policies. Designers and regulators have pushed for shorter, simpler and more prominent privacy policies, however the evidence that transparent policies increase informed consent is lacking. To answer this question, we conducted an online experiment with 214 regular Facebook users asked to join a fictitious SNS. We experimentally manipulated the privacy-friendliness of SNS's policy and varied threats of secondary data use and data visibility. Half of our participants incorrectly recalled even the most formally "perfect" and easy-to-read privacy policies. Mostly, users recalled policies as more privacy friendly than they were. Moreover, participants self-censored their disclosures when aware that visibility threats were present, but were less sensitive to threats of secondary data use. We present design recommendations to increase informed consent.

Saijing Zheng,Pan Shi,Heng Xu,Cheng Zhang

DOI: https://doi.org/10.1007/978-3-642-30921-2_19

2012-01-01

Abstract:While the body of privacy research on online social networks has been growing over the past several years, privacy problems emerged from the dynamism inherent in the launch of new features or interfaces have not been widely discussed. Drawing on the grounded theory approach, we aim to fill this gap by investigating the trigger conditions under which users may perceive the introduction of a new IT artifact as privacy threats. With the specific case of the New Profile introduced by Facebook, we conducted a content analysis of user responses posted on the official blog of Facebook. Results can be constructed as a process model including two stages. The first stage of the model presented four broad categories of trigger conditions of privacy concerns---information processing, increased accessibility, intrusion, and loss of control. The second stage describes three types of outcomes, including psychological outcomes, behavior outcomes, and suggested privacy mechanisms.

Jinxue Zhang

DOI: https://doi.org/10.48550/arXiv.1701.01900

2017-07-27

Abstract:The increasing popularity of online social network brings huge privacy threat for the end users. While existing work focus on inferring sensitive attributes from the social network such as age, location and gender, little has been done on how to protect the users' privacy by preventing the malicious inference. In this paper we investigated the privacy vulnerability of the existing social network and designed a privacy-preserving framework. We evaluated the framework's privacy and usefulness guarantees, demonstrated its effectiveness on classification and the defense against the privacy attack.

Social and Information Networks,Cryptography and Security

Pan Shi,Heng Xu,Lee B. Erickson,Cheng Zhang

2012-01-01

Abstract:The feature of "See Friendship" was launched in late Oct 2010, which chronicles the history of social interactions between two friends (e.g., wall conversations, photos both are tagged in, comments they share, and mutual friends, etc). As soon as this new feature automatically replaced prior Wall-to-Wall feature on Facebook, it triggered users' privacy concerns, discontent, anxiety, as well as mass media's questioning of privacy breach. In this research, we conducted two stages of studies to examine interpersonal privacy concerns surrounding this feature. By applying a user-centered design approach, we first investigated users' privacy needs and expectations through a qualitative study, followed by our proposed new interface designs for privacy control options and evaluation. Our results highlight the tension between users' social needs and interpersonal privacy that involves peers' information privacy. This work provides preliminary conceptual and empirical insights in terms of design implications to address the tensions in interpersonal information privacy management. © (2012) by the AIS/ICIS Administrative Office All rights reserved.

Thomas Paul,Daniel Puscher,Thorsten Strufe

DOI: https://doi.org/10.48550/arXiv.1505.06178

2015-05-23

Abstract:Privacy in Online Social Networks (OSNs) evolved from a niche topic to a broadly discussed issue in a wide variety of media. Nevertheless, OSNs drastically increase the amount of information that can be found about individuals on the web. To estimate the dimension of data leakage in OSNs, we measure the real exposure of user content of 4,182 Facebook users from 102 countries in the most popular OSN, Facebook. We further quantify the impact of a comprehensible privacy control interface that has been shown to extremely decrease configuration efforts as well as misconfiguration in audience selection. Our study highlights the importance of usable security. (i) The total amount of content that is visible to Facebook users does not dramatically decrease by simplifying the audience selection interface, but the composition of the visible content changes. (ii) Which information is uploaded to Facebook as well as which information is shared with whom strongly depends on the user's country of origin.

Social and Information Networks

Jun Du,Chunxiao Jiang,Kwang-Cheng Chen,Yong Ren,H. Vincent Poor

DOI: https://doi.org/10.1109/tifs.2017.2758756

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Social networks have attracted billions of users and supported a wide range of interests and practices. Users of social networks can be connected with each other by different communities according to professions, living locations, and personal interests. With the development of diverse social network applications, academic researchers, and practicing engineers pay increasing attention to the related technology. As each user on the social network platforms typically stores and shares a large amount of personal data, the privacy of such user-related information raises serious concerns. Most research on privacy protection relies on specific information security techniques such as anonymization or access control. However, the protection of privacy depends heavily on the incentive mechanisms of social networks, like users' psychological decisions on security execution and socio-economic considerations. For example, the desire to influence the behaviors of other people may change a user's choice of security setting. In this paper, a game theoretic framework is established to model users' interactions that influence users' decisions as to whether to undertake privacy protection or not. To model the relationship of user communities, community-structured evolutionary dynamics are introduced, in which interactions of users can only happen among those users who have at least one community in common. Then the dynamics of the users' strategies to take a specific privacy protection or not is analyzed based on the proposed community structured evolutionary game theoretic framework. Experiments show that the proposed framework is effective in modeling the users' relationships and privacy protection behaviors. Moreover, results can also help social network managers to design appropriate security service and payment mechanisms to encourage their users to take the privacy protection, which can promote the spreading of privacy behavior throughout the network.