Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy in Social Network Sites

6,112 views

Published on

There are severe privacy threats for users of Social Network Sites. If we want to prevent those from materializing, we need to prioritize and deconstruct them. Graduation presentation of David Riphagen.
www.privacyinsocialnetworksites.nl

Published in: Technology, News & Politics

Privacy in Social Network Sites

  1. Privacy Risks in Social Network Sites Prioritization and Framework David Riphagen
  2. Social Network Sites?
  3. Social Network Sites? 1.Personal profile
  4. Social Network Sites? 1.Personal profile 2.Friends list
  5. Social Network Sites? 1.Personal profile 2.Friends list 3.Ability to view other profiles
  6. Social Network Sites? 1.Personal profile 2.Friends list 3.Ability to view other profiles 4.Membership rules
  7. Severe Privacy Threats for Users of Social Network Sites
  8. Prioritize Threats
  9. Deconstruct Threats by 1. Activities that cause damage 2. Reasons why activities are damaging
  10. Threat?
  11. Information Collection Threat “Joe”
  12. Information Collection Threat “Joe”
  13. Information Collection Threat “Joe”
  14. Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at: www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
  15. Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at: www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
  16. Threat Collection “Joe”
  17. Threat Collection Processing “Joe”
  18. Information Processing Threat Processing
  19. Information Processing Threat Δ Processing Joe changed his relationship status from ‘in a relation’ to ‘invisible’
  20. Threat Collection Processing “Joe”
  21. Threat Collection Processing “Joe” Dissemination
  22. Information Dissemination Threat “If you use a service from a partner, the privacy statement of that partner applies. Check their privacy statement when visiting their website.” Source: Hyves Prvacy Policy. Available at: http://www.hyves.nl/privacy/
  23. Information Dissemination Threat Source: API Methods Hyves API. Available at: http://trac.hyves-api.nl/wiki/APIMethods
  24. </info> <userid>738a3e92186fe5e9</userid> </blogs_getComments_result> <visibility>superpublic</visibility> APIMethods - hyves_api - Trac <created>1205496045</created> </www> Information Dissemination returnvalues <www> <totalresults>2</totalresults> <wwwid>a08d0f76c34ea081</wwwid> <totalpages>1</totalpages> body, comment, commentid, created, currentpage, info, resultsperpage, running_millise <emotion>Distracting Gorilla</emotion> <resultsperpage>2</resultsperpage> target_blogid, timestamp_difference, totalpages, totalresults, userid Threat <where>jungle</where> <currentpage>1</currentpage> <userid>738a3e92186fe5e9</userid> <running_milliseconds>281</running_milliseconds> blogs.getForFriends <visibility>superpublic</visibility> </info> <created>1205496004</created> </tips_getComments_result> Retrieves the most recent blogs for the friends of the loggedin user. </www> <info> Added: Apr 17, 2008 returnvalues <timestamp_difference>0</timestamp_difference> Paginated <totalresults>3</totalresults> body, comment, commentid, created, currentpage, info, resultsperpage, running_millisec <totalpages>2</totalpages> params <resultsperpage>2</resultsperpage> target_tipid, timestamp_difference, totalpages, totalresults, userid <currentpage>1</currentpage> tips.getForFriends <running_milliseconds>297</running_milliseconds> none </info> </wwws_getByUser_result> Retrieves the most recent tips for the friends of the loggedin user. responsefields Added: Apr 17, 2008 returnvalues This method supports the use of ha_responsefields. Acceptable values are a comma sep Paginated of 0 or more of the following: created, currentpage, emotion, info, resultsperpage, running_milliseconds, timestamp_differe totalpages, totalresults, userid, visibility, where, www, wwwid params commentscount respectscount wwws.getForFriends tipcategoryid --- Filter selecting tips by tipcategoryid. tags Optional Retrieves the most recent www(Who What Where)s for the friends of the loggedin user. sort responsefields Paginated Sorted by age. The most recently created items are returned first. This method supports the use of ha_responsefields. Acceptable values are a comma sep params of 0 or more of the following: extra none commentscount to work, you need to supply a valid access token to oauth_token Source: API MethodsFor this Available at: http://trac.hyves-api.nl/wiki/APIMethods Hyves API. function sort respectscount For more information on oAuth, see APIoAuth and http://oauth.net/.
  25. Collection Processing Dissemination
  26. Incident?
  27. Survey Threat • American privacy and Internet experts Incident • Identify privacy incidents • How much damage incurred? • How many users affected?
  28. !quot;#$%$&'&()*+*,-.%/(*0%(quot;&1*#2*!quot;&3%/)*,4/&564(7 #quot;! $I $I B C ? 'quot;# D G A 'quot;! E %I H $I F &quot;# 869%(&36*,-.%/(*#4*:76quot;7 &quot;! %I @ %quot;# ?I()*+,*-(./0,1,02(03./4,*5 @I(6553-5.0,7*(78(9.0.(:(;378,+-<(78(=<-3< , %quot;! AI(>7(,*873?.0,7*(71-3(:(/7*037+(78(<-/7*9.32(=<- BI(@0.+4-3<(:(;3-9.073<(:A=++,-< CI(B9-*0,02(0C-80 $quot;# DI*D71-3*?-*0(=<.5-(78(,*87 EI(@C.3,*5(:(<-++,*5(78(,*87(07(&39(;.30,-< J#(%'*,42#quot;-%(&#4*?K%quot;64677 FI(E*F.*0-9(9,<<-?,*.0,7*(07(70C-3<(:(537=;< $quot;! B&776-&4%(&#4*(#*Lquot;#495#6quot;7 ,I(G,<;+-.<=3-(837?(A-,*5(?7*,073-9 GI(G.?.5-(07(3-;=0.0,7*(A/(78(9,</+7<=3- 8#*A#4(quot;#'*#36quot;*,42#quot;-%(&#4 !quot;# HI*H7<0,*5(78(,*873?.0,7*(A2(70C-3< $I JK;-30<(97(*70(.53--(7*(L;37A.A,+,02M %I JK;-30<(97(*70(.53--(7*(L*-5.0,1-(,?;./0M ! ! !quot;# $quot;! $quot;# %quot;! %quot;# &quot;! &quot;# 'quot;! 'quot;# #quot;! !quot;#$%$&'&()*#2*;//<quot;quot;64/6*#4*%*=%quot;96*>/%'6
  29. Damage?
  30. Collection Processing Dissemination
  31. How is this Damaging? Threat Incident Damage
  32. How is this Damaging? Threat 1. Information-based harm Incident Damage
  33. How is this Damaging? Threat 1. Information-based harm Incident 2. Informational inequality Damage
  34. How is this Damaging? Threat 1. Information-based harm Incident 2. Informational inequality 3. Informational injustice Damage
  35. How is this Damaging? Threat 1. Information-based harm Incident 2. Informational inequality 3. Informational injustice Damage 4. Restriction of moral autonomy / Inability to create moral identity
  36. Recovery?
  37. MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove (2008d) states that it is hard to prove that these remarks led directly to the suicide. However, it is very clear that the remarks were made to harm Megan, and therefore part of information-based harm. Threat Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are Incident uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a Damage dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case Recovery With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  38. MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove (2008d) states that it is hard to prove that these remarks led directly to the suicide. However, it is very clear that the remarks were made to harm Megan, and therefore part of information-based harm. Threat Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are Incident uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a Damage dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case Recovery With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  39. MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove (2008d) states that it is hard to prove that these remarks led directly to the suicide. However, it is very clear that the remarks were made to harm Megan, and therefore part of information-based harm. Threat Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are Incident uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a Damage dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case Recovery With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  40. MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove (2008d) states that it is hard to prove that these remarks led directly to the suicide. However, it is very clear that the remarks were made to harm Megan, and therefore part of information-based harm. Threat Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are Incident uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a Damage dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case Recovery With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  41. MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove (2008d) states that it is hard to prove that these remarks led directly to the suicide. However, it is very clear that the remarks were made to harm Megan, and therefore part of information-based harm. Threat Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are Incident uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a Damage dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case Recovery With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  42. Severe Privacy Threats for Users of Social Network Sites
  43. Prioritize Threats
  44. Deconstruct Threats by 1. Activities that cause damage 2. Reasons why activities are damaging
  45. Privacy Risks in Social Network Sites Questions?
  46. Back-up
  47. Research Activities
  48. Research Activities 1 2 3 4 Facebook Literature Desk Expert Case Review Research Survey Study
  49. Threat “Joe”
  50. Threat Collection “Joe”
  51. Collection Privacy threats in Social Network Sites should be conceptualized as Processing unwanted access to Identity-Relevant Information Dissemination
  52. The main incident that puts the Collection privacy of users of SNS at risk is: Processing The collection of information from secondary sources, Dissemination Which is used by the government
  53. !quot;#$%quot;%&'()*+,- !quot;##$%&'quot;()quot;*) quot;+,$%&'-$)'(*quot;./0&'quot;( !quot;#$%quot;%&'()*+.- !(/'01 1(*quot;./0&'quot;()0(0#23'3 83%/9%&'()*+:- 0(4)(quot;./0&'-$ $-0#50&'quot;( !(/'01 !(/'01 64$/#4#)&%&'()*+7- 2#3#/($4#)&*+5-
  54. 6#2-17+ !quot;#$%&%'(quot;)*quot;#+#(quot;,- 3#,-'%45#+ S*)1 2quot;#3().*450)'*( O4#P*F%( !quot;#$%&'(')'*(#*+ M')%./)5.%#.%F'%8 >*:*F% #',-*.)/()#0*(0%-)1 $%19#.%1%/.0B Q'19#/(/:;1'1 6quot;#7./,%8*.9 M')%./)5.%#.%F'%8 #+*.#/(/:;1'1 $%19#.%1%/.0B ./0$1quot;(21quot;)*quot;#+#(quot;,- DAD#+./,%8*.9 M')%./)5.%#.%F'%8 <quot;#=%;#+%/)5.%1 7/'.#3(+*.,/)'*( 7/0%N**9#A/1%#>)54; #*+#>?> H./0)'0%1 $%19#.%1%/.0B O4#P*F%( @quot;#A:/11'&'0/)'*( M')%./)5.%#.%F'%8 >*:*F% #*+#)B.%/)1 $%19#.%1%/.0B .&0%quot;%,($*quot;#+#(quot;,- $'1/E.%%,%() Cquot;#D%)B*4*:*E; M')%./)5.%#.%F'%8 ,%/15.%,%() #*+#15.F%; $%19#.%1%/.0B H*11'N':');#R#3,-/0) >5.F%;#/(4#'()%.F'%81 Gquot;#H.'F/0;#'(0'4%()1 ,/).'K $%19#.%1%/.0B O4#P*F%( Iquot;#JK/,-:%1#*+ M')%./)5.%#.%F'%8 >*:*F% #-.'F/0;#.'191 $%19#.%1%/.0B Tquot;#Q%&:%0)'*(1 2Lquot;#A*(0:51'*(1#/(4 #.%0*,,%(4/)'*(1
  55. !quot;#$%& '(80#-%&*0(4)099$)&*0(:4 ;#0)$55*(.:4+*55$-*(%&*0( 3#$1$(&*1$4 -$%56#$5 <54*+$(&*=*$+44>24$?;$#&5 '()*+$(& *(4)quot;%;&$#4@ ,$&$)&*1$4 -$%56#$5 A$%+54&04-0#%94#$%50(54&0 ,%-%.$ #$5&#*)&4%))$554&04*(80#-%&*0( 70##$)&*1$4 -$%56#$5 /$)01$#2
  56. ! !quot;#$%&'()$*('+quot;,&-.$%()/quot;$01(&-$&-02'32'(,&-.$,1&'4$ 3(',&quot;56 ! 7!7$8(0&)&,(,quot;$&-82'*(,&2-$4&55quot;*&-(,&2-$,2$2,1quot;'$/5quot;'56 ! 71('&-.$&-82'*(,&2-$9quot;,#quot;quot;-$,23:)quot;%quot;)$42*(&-56 !quot;#$%&'(&)* ! ;&-(-0&()$(.'quot;quot;*quot;-,$9quot;,#quot;quot;-$;<$(-4$='4$3(',&quot;5 ! >-82'*(,&2-$02))quot;0,&2-?$/5quot;'@5$(0,&2-5$8'2*$($,1&'4:3(',A$ #quot;95&,quot;6 ! >-82'*(,&2-$3'20quot;55&-.?$4quot;,quot;'*&-quot;$,2$#12*$,2$5quot;-4$,1quot;$ &-82'*(,&2-B$3'23'&quot;,('A$().2'&,1*6 +,-##&.&$-(&)* ! >-82'*(,&2-$4&55quot;*&-(,&2-?$,2$3quot;23)quot;$&-$8'&quot;-45$)&5,6 ! !2$&-82'*quot;4$02-5quot;-,$#1quot;-$02))quot;0,&-.$&-82'*(,&2-?$9('quot;)A$ -2,&0quot;(9)quot;$23,:2/,$@,2(5,$323:/3@6 ! !2-:,'(-53('(-,$3'20quot;55&-.$28$&-82'*(,&2-$&-$($9)(0+$92C$ *24quot;)B$/5quot;'$0(--2,$3(',&0&3(,quot;$D$-2$(002/-,(9&)&,A6 /quot;$0-*&#1# ! E&55quot;*&-(,&2-$28$&-82'*(,&2-$9quot;A2-4$/5quot;'@5$02-,'2)6 ! ;quot;quot;)&-.$28$-2$02-,'2)$2%quot;'$&-82'*(,&2-$02))quot;0,&2-B$ /-3)quot;(5(-,$5/'3'&5quot;6 ! F5quot;'5$4&4$-2,$(-,&0&3(,quot;$,1(,$,1quot;&'$8'&quot;-45$#2/)4$9quot;02*quot;$ (#('quot;$28$3/'01(5quot;4$3'quot;5quot;-,56 23($)1quot;#
  57. !quot;#$%&'()*+,$-quot;+.%+& 9quot;:.&;&<%=$#quot;-),*. 1%quot;-$0%.&,2&-(%& 1quot;)0*%..&&,2&5,*-0quot;5- +.?5(,#,=? 34%5)6)5&+0,8$5- Bquot;/%&>(%,0? /$+'+#$'()/(quot;0 D5,*,/)5. +,-%*-)quot;# Bquot;/%&>(%,0? C5-,0&C*quot;#?.). !quot;#$%&'(quot;)* '$.-,/%0. /(quot;0)quot;1)2quot;quot;34)5)!%-,$#%4 1%quot;-$0%.&,2&-(%& >,4,#,=? 34%5)6)5&7%8)$/ 3,5)quot;#&@%-:,0A&>(%,0?
  58. !.quot;1(%quot; :&%quot;& ;<'quot;8=>.quot;1, B#9%quot;(5%(1@ ;<'quot;8=>.quot;1, ?%+&'1%& 7>>/'$.1'#( A%)C/.1#quot;& 7>>/'$.1'#( !quot;#9'8%quot;& !quot;#9'8%quot;& D(1%quot;.$1*2'1< :&%quot;& 4'&&%5'(.1%*1# !quot;#$%&&'()*+, 6#//%$1'#( -#$'./*0%12#quot;3*-'1% 4'&&%5'(.1'#( 789%quot;1'&'() 7$1'9'&1&@ 789%quot;1'&'() 789%quot;1'&%quot;& 0%12#quot;3& A%&%.quot;$<%quot;& 0%12#quot;3&
  59. The Online Panopticon SNS restricts access to SNS leaves access to information information open User does not join SNS User: ( 0 ) - ( 0 ) = ( 0 ) User: ( 0 ) - ( 1 ) = ( -1 ) SNS: ( 0 ) - ( 1 ) = ( -1 ) SNS: ( 0 ) - ( 0 ) = ( 0 ) User does join SNS User: ( 1 ) - ( 0 ) = ( 1 ) User: ( 1 ) - ( 2 ) = ( -1 ) SNS: ( 1 ) - ( 1 ) = ( 0 ) SNS: ( 1 ) - ( 0 ) = ( 1 ) Table 1: options with pay-offs for Social Network Sites and users. The model is based on game theory, a science that investigates options and outcomes of multi-actor situations in the terms of alternatives with different pay-offs. Users always derive benefits from joining a SNS in terms of increased social contact, therefore this option always scores (1). However, users are also subject to ‘tagging’ of their photographs and discussions about them if they are not members of SNS (ENISA 2007). If a SNS restricts this form of information uploading without consent,
  60. !quot;#$%&'()$quot;* /%$.-00)quot;1 +,,)(,quot;#-%. !quot;#$%&'()$quot;* /'(.#-0-1quot;#-%. +$,,-.()$quot; /.*(12)-#3 42)A(-&&quot;.1( 4(1%.'quot;)356*( /.#())%,quot;#-%. 781&2*-%. !quot;#quot; $%&'()* !quot;#$%&'()$quot;* 2)00-&)quot;'()$quot; 9)(quot;1:5%;5<%.0-'(.#-quot;&-#3 !-*1&%*2)( 2'('*3456-.( 78=%*2)( /.1)(quot;*('5+11(**->-&-#3 9&quot;1?@quot;-& +==)%=)-quot;#-%. !-*#%)#-%.
  61. 0 0.8 1.6 2.4 3.2 4.0 !quot;quot;#$quot;#%&'%$( 3.35 )*+,%-&'%$(.$/.quot;#%0&'1./&-'2 3.30 3#1&-4.$/.-$(/%51('%&,%'6 3.05 7&,21.,%84' 2.95 9%84'.'$.quot;*+,%-%'6 2.65 :('#*2%$( 2.25 !quot;#$%&'#()'(*'#'quot;#'%(+(#,&$+#&--.(++#/.01&23#%&.4+5
  62. 0 2 4 6 8 10 !quot;#$%&'()*#+,#-./0%.0/#&11201 3quot;#4(&.#56)21#6.#7%&'()*#+,#-./0%.0/#&11201 8quot;#4(&.#56)21#6.#7%&'()*#9:;#-./0%.0/#&11201 <quot;#=&>.&5&)(./#0?70%&0.)0#6.#-./0%.0/#7%&'()*#&11201 @quot;#,0)6>.&A0B#(1#(.#0?70%/#6.#-./0%.0/#7%&'()*#&11201
  63. identity, but from controlling the dissemination of their identity to others. Information- Information Informational Moral autonomy based harm inequality injustice and identification Information 2. Information 1. Information collection collection takes collected from place without third-party informed consent website, other and this social sphere. information could be embarrassing to users. Information 4. Users are 3.Algorithm processing unaware of how defines to whom this algorithm the information works. will be disseminated. Information 6. Information 5. Information is 7. User not able to dissemination could be used to being build his own harm user, for disseminated to moral biography. example friends, in embarrassing various social information. spheres. Table 5: Framework applied to Beacon case
  64. harm. Information-based Information Informational Moral harm inequality injustice autonomy and identification Information 3. Harmful remarks collection towards Megan are uploaded to MySpace (collected). Information processing Information 1. Disclosure of 2. An adult, from a dissemination Megan's profile ID different social makes contacting sphere, contacts her possible. Megan. Table 7: Framework applied to Megan Meier case With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities that identity-relevant information is used for harm, and the movement of this information through different spheres.
  65. Information- Information Informational Moral autonomy based harm inequality injustice and identification Information collection Information processing Information 1. More 2. Users cannot dissemination information is expect that a birthday disclosed than application gets access needed to third to photos, because parties, even this information sensitive resides in different information. social spheres. Table 11: Framework applied to Facebook Third-party Applications case The Facebook Third-Party Applications case shows that users' expectations of privacy and expectations of an application’s function on Social Network Sites is very different from what happens in reality. Also, it shows that SNS like Facebook do not have the same standard of security on every part or function of their website.

×