The document discusses privacy risks for users of social network sites. It proposes prioritizing and analyzing threats by examining activities that cause damage and the reasons why activities are damaging. A framework is presented for applying concepts like information-based harm, informational inequality, and informational injustice to a case study about harmful remarks posted on MySpace. The analysis shows how identity-relevant information can be used to harm users when moving through different spheres.
18. Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social
Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at:
www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
19. Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social
Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at:
www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
26. Information Dissemination
Threat
“If you use a service from a partner, the privacy
statement of that partner applies. Check their
privacy statement when visiting their website.”
Source: Hyves Prvacy Policy. Available at: http://www.hyves.nl/privacy/
28. </info>
<userid>738a3e92186fe5e9</userid>
</blogs_getComments_result>
<visibility>superpublic</visibility>
APIMethods - hyves_api - Trac <created>1205496045</created>
</www>
Information Dissemination
returnvalues
<www> <totalresults>2</totalresults>
<wwwid>a08d0f76c34ea081</wwwid>
<totalpages>1</totalpages>
body, comment, commentid, created, currentpage, info, resultsperpage, running_millise
<emotion>Distracting Gorilla</emotion>
<resultsperpage>2</resultsperpage>
target_blogid, timestamp_difference, totalpages, totalresults, userid
Threat <where>jungle</where>
<currentpage>1</currentpage>
<userid>738a3e92186fe5e9</userid>
<running_milliseconds>281</running_milliseconds>
blogs.getForFriends <visibility>superpublic</visibility>
</info>
<created>1205496004</created>
</tips_getComments_result>
Retrieves the most recent blogs for the friends of the loggedin user.
</www>
<info>
Added: Apr 17, 2008
returnvalues <timestamp_difference>0</timestamp_difference>
Paginated <totalresults>3</totalresults>
body, comment, commentid, created, currentpage, info, resultsperpage, running_millisec
<totalpages>2</totalpages>
params <resultsperpage>2</resultsperpage>
target_tipid, timestamp_difference, totalpages, totalresults, userid
<currentpage>1</currentpage>
tips.getForFriends <running_milliseconds>297</running_milliseconds>
none
</info>
</wwws_getByUser_result>
Retrieves the most recent tips for the friends of the loggedin user.
responsefields
Added: Apr 17, 2008
returnvalues
This method supports the use of ha_responsefields. Acceptable values are a comma sep
Paginated
of 0 or more of the following:
created, currentpage, emotion, info, resultsperpage, running_milliseconds, timestamp_differe
totalpages, totalresults, userid, visibility, where, www, wwwid
params commentscount
respectscount
wwws.getForFriends
tipcategoryid --- Filter selecting tips by tipcategoryid.
tags
Optional
Retrieves the most recent www(Who What Where)s for the friends of the loggedin user.
sort
responsefields
Paginated
Sorted by age. The most recently created items are returned first.
This method supports the use of ha_responsefields. Acceptable values are a comma sep
params
of 0 or more of the following:
extra
none
commentscount to work, you need to supply a valid access token to oauth_token
Source: API MethodsFor this Available at: http://trac.hyves-api.nl/wiki/APIMethods
Hyves API. function
sort respectscount
For more information on oAuth, see APIoAuth and http://oauth.net/.
36. How is this Damaging?
Threat
1. Information-based harm
Incident
Damage
37. How is this Damaging?
Threat
1. Information-based harm
Incident 2. Informational inequality
Damage
38. How is this Damaging?
Threat
1. Information-based harm
Incident 2. Informational inequality
3. Informational injustice
Damage
39. How is this Damaging?
Threat
1. Information-based harm
Incident 2. Informational inequality
3. Informational injustice
Damage
4. Restriction of moral autonomy /
Inability to create moral identity
42. MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Threat
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
Incident
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
Damage dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
Recovery With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
43. MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Threat
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
Incident
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
Damage dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
Recovery With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
44. MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Threat
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
Incident
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
Damage dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
Recovery With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
45. MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Threat
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
Incident
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
Damage dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
Recovery With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
46. MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Threat
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
Incident
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
Damage dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
Recovery With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
57. Collection
Privacy threats in Social Network Sites
should be conceptualized as
Processing
unwanted access to
Identity-Relevant Information
Dissemination
58. The main incident that puts the
Collection
privacy of users of SNS at risk is:
Processing
The collection of information from
secondary sources,
Dissemination
Which is used by the government
65. The Online Panopticon
SNS restricts access to SNS leaves access to
information information open
User does not join SNS User: ( 0 ) - ( 0 ) = ( 0 ) User: ( 0 ) - ( 1 ) = ( -1 )
SNS: ( 0 ) - ( 1 ) = ( -1 ) SNS: ( 0 ) - ( 0 ) = ( 0 )
User does join SNS User: ( 1 ) - ( 0 ) = ( 1 ) User: ( 1 ) - ( 2 ) = ( -1 )
SNS: ( 1 ) - ( 1 ) = ( 0 ) SNS: ( 1 ) - ( 0 ) = ( 1 )
Table 1: options with pay-offs for Social Network Sites and users.
The model is based on game theory, a science that investigates options and
outcomes of multi-actor situations in the terms of alternatives with different pay-offs.
Users always derive benefits from joining a SNS in terms of increased social contact,
therefore this option always scores (1). However, users are also subject to ‘tagging’ of
their photographs and discussions about them if they are not members of SNS
(ENISA 2007). If a SNS restricts this form of information uploading without consent,
71. identity, but from controlling the dissemination of their identity to others.
Information- Information Informational Moral autonomy
based harm inequality injustice and
identification
Information 2. Information 1. Information
collection collection takes collected from
place without third-party
informed consent website, other
and this social sphere.
information could
be embarrassing
to users.
Information 4. Users are 3.Algorithm
processing unaware of how defines to whom
this algorithm the information
works.
will be
disseminated.
Information 6. Information 5. Information is 7. User not able to
dissemination could be used to being build his own
harm user, for disseminated to moral biography.
example friends, in
embarrassing various social
information. spheres.
Table 5: Framework applied to Beacon case
72. harm.
Information-based Information Informational Moral
harm inequality injustice autonomy and
identification
Information 3. Harmful remarks
collection towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information 1. Disclosure of 2. An adult, from a
dissemination Megan's profile ID different social
makes contacting sphere, contacts
her possible. Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
73. Information- Information Informational Moral autonomy
based harm inequality injustice and identification
Information
collection
Information
processing
Information 1. More 2. Users cannot
dissemination information is expect that a birthday
disclosed than application gets access
needed to third to photos, because
parties, even this information
sensitive resides in different
information. social spheres.
Table 11: Framework applied to Facebook Third-party Applications case
The Facebook Third-Party Applications case shows that users' expectations of
privacy and expectations of an application’s function on Social Network Sites is very
different from what happens in reality. Also, it shows that SNS like Facebook do not
have the same standard of security on every part or function of their website.