Successfully reported this slideshow.

Towards Privacy-aware OpenSocial Applications

5

Share

May. 22, 2009
5 likes 1,766 views
Upcoming SlideShare
Privacy Aware Semantic Dissemination
Privacy Aware Semantic Dissemination
Loading in …3
×
1 of 36
1 of 36

Towards Privacy-aware OpenSocial Applications

May. 22, 2009
5 likes 1,766 views

5

Share

Technology News & Politics

Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users’ privacy: digital stalking and identity theft are some of the most common threats. Unfortunately, even sophisticated users who value privacy will often compromise it to improve their *presence* in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy preferences in online services is often a complicated and time-consuming task that users usually skip. To address these issues, we (IBM Research) are developing mechanisms and platforms to measure and monitor users’ privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area, and also discuss how the work can be incorporated with OpenSocial.

Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users’ privacy: digital stalking and identity theft are some of the most common threats. Unfortunately, even sophisticated users who value privacy will often compromise it to improve their *presence* in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy preferences in online services is often a complicated and time-consuming task that users usually skip. To address these issues, we (IBM Research) are developing mechanisms and platforms to measure and monitor users’ privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area, and also discuss how the work can be incorporated with OpenSocial.

Technology News & Politics

Recommended

More Related Content

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 30 day trial from Scribd

See all
High Conflict: Why We Get Trapped and How We Get Out Amanda Ripley
(4/5)
Free
The Forever Prisoner: The Full and Searing Account of the CIA’s Most Controversial Covert Program Cathy Scott-Clark
(3/5)
Free
Allow Me to Retort: A Black Guy’s Guide to the Constitution Elie Mystal
(4/5)
Free
Freedom Sebastian Junger
(4/5)
Free
There Is Nothing for You Here: Finding Opportunity in the Twenty-First Century Fiona Hill
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Liberalism and Its Discontents Francis Fukuyama
(4/5)
Free
The Power of Crisis: How Three Threats – and Our Response – Will Change the World Ian Bremmer
(3.5/5)
Free
The June 03-10, 2022 Audiozine Issue Newsweek International
(5/5)
Free
This Will Not Pass: Trump, Biden and the Battle for American Democracy Jonathan Martin
(4.5/5)
Free
The End of the World is Just the Beginning: Mapping the Collapse of Globalization Peter Zeihan
(5/5)
Free
Give Me Liberty: The True Story of Oswaldo Payá and his Daring Quest for a Free Cuba David E. Hoffman
(5/5)
Free
The May 20-27, 2022 Audiozine Issue Newsweek International
(5/5)
Free
The Flag, the Cross, and the Station Wagon: A Graying American Looks Back at His Suburban Boyhood and Wonders What the Hell Happened Bill McKibben
(5/5)
Free
Scorpions' Dance: The President, the Spymaster, and Watergate Jefferson Morley
(0/5)
Free
The Spy Who Knew Too Much: An Ex-CIA Officer’s Quest Through a Legacy of Betrayal Howard Blum
(0/5)
Free
The FBI War on Tupac Shakur: The State Repression of Black Leaders from the Civil Rights Era to the 1990s John Potash
(5/5)
Free
Unthinkable: Trauma, Truth, and the Trials of American Democracy Jamie Raskin
(4.5/5)
Free
The Black Agenda: Bold Solutions for a Broken System Anna Gifty Opoku-Agyeman
(4/5)
Free
The Naked Don't Fear the Water: An Underground Journey with Afghan Refugees Matthieu Aikins
(4/5)
Free
Recessional: The Death of Free Speech and the Cost of a Free Lunch David Mamet
(3.5/5)
Free
Freezing Order: A True Story of Russian Money Laundering, State-Sponsored Murder, and Surviving Vladimir Putin's Wrath Bill Browder
(5/5)
Free

Towards Privacy-aware OpenSocial Applications

  1. 1. Towards Privacy-aware OpenSocial Applications IBM Research May 19, 2009
  2. 2. The Team <ul><li>IBM Almaden Research Center </li></ul><ul><li>Tyrone Grandison </li></ul><ul><li>Kun Liu </li></ul><ul><li>Michael (Max) Maximilien </li></ul><ul><li>Evimaria Terzi </li></ul><ul><li>IBM Silicon Valley Lab </li></ul><ul><li>Sherry Guo </li></ul><ul><li>Dwayne Richardson </li></ul><ul><li>Tony Sun </li></ul>
  3. 4. Wait a minute, how come the talk is related Credit Score?
  4. 5. From humble beginnings in 1956, Fair Isaac Corp.'s credit score has come to loom over consumer finance like no other statistical measure ever has. The ubiquitous three-digit FICO score now helps determine everything from the interest rates people pay on their credit cards to their attractiveness as job candidates.
  5. 6. So, how about a Privacy Score that indicates the privacy risks of online social-networking users?
  6. 7. Do you want to design and integrate the privacy score and other advanced privacy and risk management modules in OpenSocial so that 50 years (or much less) later, people will appreciate your effort?
  7. 8. Roadmap <ul><li>Motivation and Goal </li></ul><ul><li>Privacy Score and Its Applications </li></ul><ul><li>Privacy Score and OpenSocial </li></ul><ul><li>Proof of Concept: The Privacy-Aware Market Place </li></ul><ul><li>Conclusions </li></ul>
  8. 9. Motivation Millions of users share details of their personal lives with vast networks of friends, and often, strangers Disclosure of personal info expose the users to identity theft, digital stalking, etc. Courtesy to: http://getyourfirstmortgage.com/wp-content/uploads/ 2008/08/identity-theft-protect-yourself-300x225.jpg Courtesy to: http://www.contrib.andrew.cmu.edu/%7Egct/mygroup.html
  9. 10. Motivation (Cont.) How to prevent my ex from seeing my status updates? How to hide my friend list in the search results? How to prevent the applications my friends installed from accessing my information? All my friends have shared their hometown and phone number, maybe I should also do this? I enjoyed sharing my daily activities with the World! But any adverse effects? My God! What information I have shared all these years and who can view these information?
  10. 11. Goal <ul><li>Our goal is to develop a mechanism and a platform that will </li></ul><ul><ul><li>measure and monitor the privacy risks of online social-networking users </li></ul></ul><ul><ul><li>boost public awareness of privacy </li></ul></ul><ul><ul><li>help users to easily manage their information sharing </li></ul></ul><ul><li>Our goal is NOT to prevent people from sharing information </li></ul><ul><li>How to achieve this goal? </li></ul><ul><ul><li>privacy score calculation </li></ul></ul><ul><ul><li>comprehensive information sharing report </li></ul></ul><ul><ul><li>privacy settings recommendation </li></ul></ul><ul><ul><li>and more … </li></ul></ul>
  11. 12. Roadmap <ul><li>Motivation and Goal </li></ul><ul><li>Privacy Score and Its Applications </li></ul><ul><li>Privacy Score and OpenSocial </li></ul><ul><li>Proof of Concept: The Privacy-Aware Market Place </li></ul><ul><li>Conclusions </li></ul>
  12. 13. Privacy Score Overview Privacy Risk Monitoring privacy score of the user Privacy Settings Recommendation Privacy Score Calculation Utilize Privacy Scores Comprehensive Privacy Report Privacy Settings Privacy Score measures the potential privacy risks of online social-networking users.
  13. 14. How is Privacy Score Calculated? – Basic Premises <ul><li>Sensitivity : The more sensitive the information revealed by a user, the higher his privacy risk. </li></ul><ul><li>Visibility : The wider the information about a user spreads, the higher his privacy risk. </li></ul>mother’s maiden name is more sensitive than mobile-phone number home address known by everyone poses higher risks than by friends only
  14. 15. Privacy Score Calculation Privacy Score of User j due to Profile Item i sensitivity of profile item i visibility of profile item i name, or gender, birthday, address, phone number, degree, job, etc.
  15. 16. Privacy Score Calculation Privacy Score of User j due to Profile Item i sensitivity of profile item i visibility of profile item i Overall Privacy Score of User j name, or gender, birthday, address, phone number, degree, job, etc.
  16. 17. The Naïve Approach R( n, N ) R( n, 1 ) R( i, j ) R( 1, N ) R( 1, 2 ) R( 1, 1 ) User_ 1 User_ j User_ N Profile Item_ 1 (birthday) Profile Item_ i (cell phone #) Profile Item_ n share, R( i, j ) = 1 not share, R( i, j ) = 0
  17. 18. The Naïve Approach R( n, N ) R( n, 1 ) R( i, j ) R( 1, N ) R( 1, 2 ) R( 1, 1 ) User_ 1 User_ j User_ N Profile Item_ 1 (birthday) Profile Item_ i (cell phone #) Profile Item_ n share, R( i, j ) = 1 not share, R( i, j ) = 0 Sensitivity:
  18. 19. The Naïve Approach R( n, N ) R( n, 1 ) R( i, j ) R( 1, N ) R( 1, 2 ) R( 1, 1 ) User_ 1 User_ j User_ N Profile Item_ 1 (birthday) Profile Item_ i (cell phone #) Profile Item_ n share, R( i, j ) = 1 not share, R( i, j ) = 0 Sensitivity: Visibility:
  19. 20. The Naïve Approach R( n, N ) R( n, 1 ) R( i, j ) R( 1, N ) R( 1, 2 ) R( 1, 1 ) User_ 1 User_ j User_ N Profile Item_ 1 (birthday) Profile Item_ i (cell phone #) Profile Item_ n share, R( i, j ) = 1 not share, R( i, j ) = 0 Sensitivity: Visibility: Privacy Score:
  20. 21. Item Response Theory (IRT) <ul><li>IRT (Lawley,1943 and Lord,1952) has its origin in psychometrics. </li></ul><ul><li>It is used to analyze data from questionnaires and tests. </li></ul><ul><li>It is the foundation of Computerized Adaptive Test like GRE, GMAT </li></ul>Ability
  21. 22. The Item Response Theory (IRT) Approach Profile item’s discrimination User’s attitude , e.g., conservative or extrovert Profile item’s sensitivity Profile item’s visibility R( n, N ) R( n, 1 ) R( i, j ) R( 1, N ) R( 1, 2 ) R( 1, 1 ) User_ 1 User_ j User_ N Profile Item_ 1 (birthday) Profile Item_ i (cell phone #) Profile Item_ n share, R( i, j ) = 1 not share, R( i, j ) = 0
  22. 23. Calculating Privacy Score using IRT Sensitivity: Visibility: Overall Privacy Score of User j byproducts: profile item’s discrimination and user’s attitude All the parameters can be estimated using Maximum Likelihood Estimation and EM.
  23. 24. Advantages of the IRT Model <ul><li>The mathematical model fits the observed data well </li></ul><ul><li>The quantities IRT computes ( i.e. , sensitivity, attitude and visibility) have intuitive interpretations </li></ul><ul><li>Computation is parallelizable using e.g. MapReduce </li></ul><ul><li>Privacy scores calculated within different social networks are comparable </li></ul>
  24. 25. Interesting Results from User Study Sensitivity of The Profile Items Computed by IRT Model Average Privacy Scores Grouped by Geographical Regions <ul><li>49 profile items </li></ul><ul><li>153 users from 18 countries/regions </li></ul><ul><li>53.3% are male and 46.7% are female </li></ul><ul><li>75.4% are in the age of 23 to 39 </li></ul><ul><li>91.6% hold a college degree or higher </li></ul><ul><li>76.0% spend 4+ hours online per day </li></ul>Statistics We collected the information-sharing preferences of 153 users on 49 profile items such as name, gender, birthday, political views, address, phone number, degree, job , etc. Survey
  25. 26. Utilize Privacy Scores <ul><li>Privacy Risk Monitoring </li></ul><ul><li>Privacy (Information Sharing) Report </li></ul><ul><li>Privacy Settings Recommendation </li></ul>Score: 100 ~ 150 Score: 100 ~ 150 Score: 100 ~ 150 Score: 100 ~ 150 Score: 100 ~ 150
  26. 27. Roadmap <ul><li>Motivation and Goal </li></ul><ul><li>Privacy Score and Its Applications </li></ul><ul><li>Privacy Score and OpenSocial </li></ul><ul><li>Proof of Concept: The Privacy-Aware Market Place </li></ul><ul><li>Conclusions </li></ul>
  27. 28. Privacy Score and OpenSocial Enable application developers to implement their own Privacy Scores. Provide native implementation of Privacy Score calculations. Enable application developers to build Information Sharing Report modules and Privacy Settings Recommendation modules.
  28. 29. Suggested APIs for OpenSocial <ul><li>profileItemID can be chosen from opensocial.Person.Field , opensocial.Address.Field , opensocial.Email.Field , opensocial.Name.Field , opensocial.Organization.Field , opensocial.Phone.Field , etc. </li></ul><ul><li>int getPrivacySetting(userID, profileItemID) </li></ul><ul><ul><li>Description: Gets user’s privacy setting for the profile item </li></ul></ul><ul><li>Boolean setPrivacySetting(userID, profileItemID, PrivacySetting) </li></ul><ul><ul><li>Description: Sets the user’s privacy setting for the profile item </li></ul></ul><ul><li>double getPrivacyScore(userID, key) </li></ul><ul><ul><li>Description: Gets the user’s privacy score, which is calculated by the native implementation. The key specifies the mathematical model, i.e., Naïve or IRT. </li></ul></ul><ul><li>double getPrivacyScore(userID) </li></ul><ul><ul><li>Description: Gets the user’s privacy score </li></ul></ul>
  29. 30. Privacy Settings Themselves Are Private/Sensitive OAuth allows the user to authorize access to his or her privacy settings stored in social networks. Request to access protected information of the user APPLICATION SOCIAL NETWORK USER Prompt user to provide authorization User authorizes access to private data Direct user to social network for authorization Grant access token & Direct user to application Use the token to access protected information 1 2 3 4 5 6
  30. 31. Roadmap <ul><li>Motivation and Goal </li></ul><ul><li>Privacy Score and Its Applications </li></ul><ul><li>Privacy Score and OpenSocial </li></ul><ul><li>Proof of Concept: The Privacy-Aware Market Place </li></ul><ul><li>Conclusions </li></ul>
  31. 32. Privacy-aware Marketplace (PaMP) <ul><li>PaMP allows one to create posts that are related to items for sale, housing, and jobs. </li></ul><ul><li>PaMP adopts the privacy models previously discussed </li></ul><ul><li>PaMP empowers users to control all aspects of their data and enable privacy settings to be configured with least effort. </li></ul><ul><li>PaMP is a significant differentiator from other online marketplace offerings. </li></ul>
  32. 33. Privacy-aware Marketplace (PaMP) http://apps.facebook.com/p_a_m_p
  33. 34. Conclusions <ul><li>In this talk, we have discussed </li></ul><ul><ul><li>the importance of privacy score and privacy management </li></ul></ul><ul><ul><li>two ways to compute privacy score using privacy settings </li></ul></ul><ul><ul><li>how to integrate the scores with OpenSocial </li></ul></ul><ul><li>Our goal is to develop a mechanism and a platform that will </li></ul><ul><ul><li>measure and monitor the privacy risks of online social-networking users </li></ul></ul><ul><ul><li>boost public awareness of privacy risks </li></ul></ul><ul><ul><li>help users to easily manage information sharing </li></ul></ul><ul><li>We believe that </li></ul><ul><ul><li>simple and effective privacy management makes users feel safe and comfortable about sharing information online, which will eventually facilitate the information sharing and integration. </li></ul></ul>
  34. 35. Next Steps <ul><li>The Initial Question to You </li></ul><ul><ul><li>Do you want to design and integrate the privacy score and other advanced privacy and risk management modules in OpenSocial so that 50 years (or much less) later, people will appreciate your effort? </li></ul></ul><ul><li>If Your Answer is Yes </li></ul><ul><ul><li>Let’s collaborate on a privacy management roadmap for OpenSocial </li></ul></ul>
  35. 36. <ul><li>Thank you and Questions? </li></ul>

Editor's Notes

  • Good afternoon, folks. My name is … It is my great pleasure to visit Google and introduce to you our work on privacy and risk management on social networks. As you know, social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure and sharing of personal information have caused many privacy concerns. Open a news paper or a web browser and you are certain to encounter a spate of stories about the misuse or loss of data and how it puts personal information at risk. To address these issues, we are developing mechanisms and platforms to measure and monitor users’ privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area, and also discuss how the work can be incorporated with OpenSocial. =======================================Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users’ privacy: digital stalking and identity theft are some of the most common threats. Unfortunately, even sophisticated users who value privacy will often compromise it to improve their *presence* in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy preferences in online services is often a complicated and time-consuming task that users usually skip. To address these issues, we are developing mechanisms and platforms to measure and monitor users’ privacy risks and help them easily manage their information sharing. In this talk, I am going to introduce our work in this area, and also discuss how the work can be incorporated with OpenSocial.
  • Before I start, I’d like to introduce the team ...these are the great people I’ve been working with in this projectTy – my manager, who oversee this project K – this is me Max – who leads the architecture and system part of the project Evi – deep expertise in algorithm and data mining We also have three engineers from SVL who helped to covert many ideas from concepts to practice.
  • So how about sth like a privacy score? It indicates the potential privacy risks of you as a social-networking user. It tells u what sensitive info u have shared, and who can view that info. It guides u towards a better privacy configuration that makes ur online environment safer and more comfortable.As I am giving this talk, I hope that you think about this question. Do you want to create a privacy score in open social that will have the same impact as the credit score?
  • Next I am gonna discuss why you should want to do this, and how to do this if u really want to do this. First, I will elaborate on the motivation and goal. Then I will describe the theory behind privacy score computation and its applications. After that, I will discuss how this can be integrated with opensocial. Finally, as a proof of concept, Max and I will demonstrate a Facebook application we have developed – called PaMP. This application has adopted many of the privacy concepts that I will be covering today.
  • Social-networking sites have grown tremendously in popularity in recent years. Services such as Facebook and MySpace allow millions of users to create online profiles and to share details of their personal lives with vast networks of friends, and often, strangers. Inevitably, the disclosure of personal information has implications on users’ privacy: digital stalking and identity theft are some of the most common threats. =======================================Although all major online social networks provide privacy-enhancing functionalities (explain …), the majority of users typically accept the default settings (which usually means that they let their information open to the public), and do not revisit their options until damage is done [12]. This is either due to the poor user-interface design or the common belief that sharing personal information online is more cool than harmful. Users are overwhelmed by these settings, or simply ignore these settings. The consequences of sharing the current level of information is either unknown, under-estimated or ignored.The current set of popular social networks provide an ever-increasing set of privacy controls. The number of online social networks is also increasing.Many users belong to more than one social network.Likely Conclusion: The explosion in privacy settings/controls in each network, in the number of networks, the lack of awareness about the effects of these settings and even graver public privacy breaches, will herald in the end of the social network as we know it.
  • Unfortunately, even sophisticated users who value privacy will often compromise it to improve their digital *presence* in the virtual world. They know that loss of control over their personal information poses a long-term threat, but they cannot assess the overall and long-term risk accurately enough to compare it to the short-term gain. Even worse, setting the privacy controls in online services is often a complicated and time-consuming task that many users feel confused about and usually skip.
  • To address these issues, we are developing mechanisms and platforms to measure and monitor users’ privacy risks. Our goal is to boost public awareness of privacy and help users to easily manage their information sharing.It is very important to note that we are not trying to prevent people from sharing information online. We believe that simple and effective privacy and risk management techniques can make the online environment safer and more comfortable, which eventually facilitates the sharing, flow and integration of information. To achieve this goal, we developed the notion of privacy score, which indicates the potential privacy risks of online social networking users. With this score, there could be many applications …For example, similar to your credit report, we can provide a information sharing report to help user understand what sensitive info he has shared and who can view that info. The user can compare his score with other users in the network and see where he stands. In the case where overall privacy risk is lower than this user, the system may recommend a better privacy setting for this user automatically. I am sure you can think of other applications as is the case we do with credit score.
  • This is the life cycle of a privacy score. The system takes as inputs the current privacy settings of the users profile items and calculates the privacy score. The score is delivered to the user as a privacy-o-meter. With this score, the users can monitor his privacy take a more active role in safe-gurading his information if necessary. The user can also compare his privacy risk score with the rest of the population to know where he stands. In the case where the overall privacy risks of a user’s social graph are lower than that of the user, the system can recommend the user stronger privacy settings based on the information from his social neighbors.Privacy settings for a user profile control what subset of profile items are accessible by whom. For example, friends have full access, but strangers have restricted access to a user profile.
  • There could be many different ways to compute privacy score. Here is our way. It exhibits several advantages which I will discuss later. From the technical point of view, our definition of privacy score satisfies the following properties: 1) the more sensitive information a user reveals, the higher his privacy risk; and 2) the more visible the disclosed the information becomes in the network, the higher his privacy risk.Next I am going to show how to combine these two factors in the calculation of the privacy risk score.
  • To calculate a user’s privacy score, we need to first look at his profile items. These items include but are not limited to user’s real name, email, hometown, mobile-phone number, relationship status, sexual orientation, IM screen name, etc.The contribution of a single profile item i in the overall privacy score of a user j is a function of the sensitivity of the item and the visibility it gets.Note that x can be an arbitrary combination function as long as PR(i,j) is monotonically increasing with beta_i and V(i,j).
  • To compute the overall privacy score of user j, denoted by Pr (j), we can simply combine the privacy score of this user due to all different profile items.
  • How to compute the sensitivity and visibility? Here I am going to present two different ways. For simplicity, let’s consider a dichotomous case, where for a user and a profile item, the user will either share it with the public or not at all. Now we can represent the information sharing of all users and all profile items using a single big table. Each row represents one profile item, and each column a user. If the cell located at the i-row and j-th column is white, meaning user j will disclose item i, if grey user j will NOT disclose item i.
  • Intuitively speaking, if a profile item is very sensitive, then very few people will share it, many people will not share it. Thus, we simply compute the proportion of users that are reluctant to disclose item I, and use this value as the sensitivity. The sensitivity, as computed here takes values between 0 and 1; the higher the value of βi, the more sensitive item I, the more people who are reluctant to disclose it.
  • The simplest way to compute the visibility of an item i belonging to a user j is to use the explicit setting from the i-th row and j-th column table – i.e., the corresponding cell value in the table, i.e.., R(i, j), which is either 1 or 0, meaning share or not share. From a statistician’s point of view , what we have observed is just a sample from some underlying probability distribution. This table is no exception either. Therefore, we are more interested in the expected value in each cell, not just the observed value. In this case, the visibility of an item I belonging to user j becomes the probability that j will share I – that is, a cell value is 1. Then, what is the probability the value of a cell such as R(i, j) is equal to 1?Assuming independence between items and individuals, we can compute Pij to be the probability of an 1 in the i-th row times the probability of an 1 in the j-th column. In other words, if the user j has high tendency to disclose lots of his profile items, he is more likely to disclose item I too. Also, if many other users have shared this item, the sensitivity is low, then it is very likely that user j will also share this item.
  • French psychologist Alfred Binet and physician Theodore Simon developed a method of identifying intellectually deficient children for their placement in special education programs. An item of interest was administrated to a number of kids with age ranging from 5 to 12 years. The free response of each kid to the item was scored as right or wrong. The proportion of correct response at each age level was obtained and presented in tabular form. In his 1916 revision of the Binet-Simon scale, the Stanford psychologist Lewis Terman plotted the proportion of correct response at a function of age and fitted a smooth line to these points by graphical means. This fitted line, shown in this figure is called the ICC. From this example, it can be seen that the ICC is the functional relationship between the proportion of correct response to an item and a criterion variable. This relationship is characterized by the location and shape of the ICC. This curve has an appearance of a cumulative distribution function. The ICC can be defined as a member of a family of two-parameter monotonic functions of the ability variable. Let us next formalize the ICC using appropriate statistical notation.
  • The Na
  • The problem is that we do not know these parameters. We only know the observations, and the objective is to use the observed data to estimate these parameters. IRT defines for each user and each profile item, how likely this user is to disclose/share this item. From this perspective, IRT can be viewed as a generative model. We can compute the log likelihood of the data using this generative model and then use MLE or EM to estimate the parameters.
  • The IRT model seems arbitrary. It seems that any model could be used. Why IRT?The advantages of the IRT framework can be summarized as follows: 1) IRT defines for each user and each profile item, how likely this user is to disclose/share this item. From this perspective, IRT can be viewed as a generative model. Our experiments shows that this generative model fits the real-world data very well in terms of χ2 goodness-of-fit test. That is, real data does follow the distributions defined by IRT.2) The quantities IRT computes, i.e., sensitivity, attitude and visibility, have an intuitive interpretation. For example, the attitude can serve as a psychometric instrument that sociologists can use to study online behaviors of people. The sensitivity of information can be used to send early alerts to users when the sensitivities of their shared profile items are out of the comfortable region. 3) Due some mild assumptions, many of the computations in MLE can be parallelized, which makes the algorithm practically efficient. Most importantly, the estimates obtained from IRT framework are sample independent. This property is also called group invariance.
  • To evaluate the model, we conducted experiments on real-data gathered from our user study. We collected the information-sharing preferences of 153 users on 49 profile items such as name, gender, birthday, political views, address, phone number, degree, job, etc. For each profile item, we ask the user to specify whether he wants to keep the item confidential, or share with friends, or friends of friends, et. In the figure we visualize, using a tag cloud, the sensitivity of the profile items we computed from the survey. The larger the fonts used to represent a profile item in the tag cloud, the higher its estimated sensitivity value. It is easily observed that Mother’s Maiden Name is the most sensitive item, while one’s Gender, which locates just right above the letter “h” of “Mother” has the lowest sensitivity; too small to be visually identified.We compute the privacy scores of the 153 respondents using the IRT-based computations. We then group the respondents based on their geographic location. The Figure shows the average values of the users’ privacy scores per location. The results indicate that people from North America and Europe have higher privacy risk than people from Asia and Australia. This experimental finding indicates that people from North America and Europe are more comfortable to reveal personal information on the social networks they participate. This can be either a result of inherent attitude or social pressure. Since online social-networking is more widespread in these regions, one can assume that people in North America and Europe succumb to the social pressure to reveal things about themselves online in order to appear “cool” and become popular.Restate that under social pressure people tend to share more and more information. At some point, they start to worry about their privacy, but it is too late that they have already lost control of their information.
  • So for instance, if I am selecting to change my privacy to a score of 25 from whatever score, we would analyze the population of users and select a partition of users with scores around 25, say from 20 to 30----various heuristics could be used for making 'around' more precise---and then from these users determine the average settings for each data item and use that to apply and thus get the score close to 25... Taking the arithmetic average is one approach and others could be used given more information about the current user, the population, and more importantly about the sensitivity of the data the settings will affect.An exact score of 25 could then be achieved by iteratively adjusting some settings and recalculating the score until the actual score reaches 25 +/- some delta. Very likely the average settings and partitioning of the user population would need to be done in batch mode (e.g., Map Reduce calculations) and the results saved in the database for quick access and score computation.
  • After having described the models and applications of privacy score, now I am going to discuss how we can work together to create a privacy-aware opensocial environments.
  • As the first step the simplest way is to Provide native implementation of Privacy Score calculations in opensocial, as well as APIs to enable developers to implement their own privacy scores.
  • To accomplish the first step, we need the following API support …
  • OAuth allows the user to authorize access to his or her privacy settings stored in social networks. The basic flow is:A user logs in to a website/applicaiton and performs some action that requires privacy settings of the user’s profile items.The website/application directs the user to a web page hosted on the social network's domain. This web page asks the user if the external website/application should to be able to access his or her privacy settings. If the user agrees, the website/application will receive an OAuth authorization token.The website/application can then include this token in requests made with the OpenSocial REST and RPC protocols.

    • ×