Sharing data on online social networks (OSNs) has become an important part of everyday life for a wide majority of citizens worldwide. OSN users share myriads of volunteered data (such as photos, videos, text messages, Web queries, and likes) and are observed by a variety of Web services (through various means such as browser cookies and ad trackers) that record a massive amount of observed behavioral data. From volunteered and observed data, many online services automatically infer new information and build user profiles that they sell to third parties, thus constituting the core of their current business models.
Available data-processing capabilities are highly imbalanced in favor of OSNs and third parties rather than end users — a situation determined by “democratization” in content production and sharing, but not in the means of content and personal profile management and control available to end users. This situation is echoed by recent studies that have concluded that a large percentage of OSN users feel they have insufficient control of their shared data and that many are concerned with the way that companies that gain access to such data handle it.
From a Technical Perspective
A wide range of technologies is employed to track online user activities, analyze the collected data, and build user profiles. Perhaps the most common approach to tracking is the use of cookies for recording browser-specific attributes, as well as the use of URLs as information-snippet containers — including key-value pairs that often contain personal information, such as locations, email addresses, and even passwords. As Andrew West and Adam Aviv discuss in “Measuring Privacy Disclosures in URL Query Strings,” it’s noteworthy that users rarely notice the structure and content of such URLs. As a result, a considerable number end up on the public Web via the sharing facilities offered by most Web 2.0 platforms, as well as due to leaks and hacks that can potentially affect thousands of user accounts.
Another source of information disclosure within social networks stems from the principle of homophily, the tendency of “friends” to share some attributes. Coupled with the fact that a sizeable portion of OSN users choose to make multiple profile attributes public, it becomes possible to devise algorithms that can propagate such attributes across the social network’s structure to infer information about other users who have opted not to disclose such details about themselves. Location presents a very characteristic example, given that geographically proximal users are more likely to establish friendship relations. Hence, it’s possible to infer an OSN user’s location with relatively high accuracy based on some known locations for their contacts. In fact, as Dan Xu and his colleagues examine in “Graph-Based Residence Location Inference for Social Media Users,” location inference accuracy can improve even further when taking into account additional cues such as the similarity between OSN users’ posts.
Symeon Papadopoulos and colleagues’ “Cluster-Based Landmark and Event Detection for Tagged Photo Collections” shows that yet another possibility is to derive location from mining image content — by detecting the landmarks or events depicted in a user’s photos, for instance. Such technological capabilities shape the thinking that when some OSN users choose to forego privacy, their data can create stereotypes against which privacy-sensitive individuals might be matched despite their attempts to maintain control. With this fact in mind, Kieron O’Hara argues in “Are We Getting Privacy the Wrong Way Round?” that privacy should be considered a public good, like clean air, rather than as a private benefit, such as health or accommodation.
Human factors in OSN usage also give rise to further issues with respect to private information disclosure. Although modern OSNs commonly offer their users a variety of security and privacy settings, Kaze Wong and his colleagues’ “Trust and Privacy Exploitation in Online Social Networks” shows that users tend to trust the information obtained from their networks regardless of the settings, which malicious human or software agents might be able to exploit. Furthermore, poor usability and the cognitive overload associated with managing multiple services and their settings ultimately lead to a loss of control over disclosed information, especially when “invisible” third parties are involved — for example, OSN apps that gain access to private information through available APIs and users’ one-time consent. As Sami Vihavainen and his colleagues explore in “The Clash Between Privacy and Automation in Social Media,” such human aspects can actually be more important than technical aspects in determining the level of security and privacy in OSN environments.
Industry Perspectives
David Lund on data protection and information trust.
Sanja Ilic on privacy and personal data protection issues.
In the two accompanying videos, industry experts from the fields of digital security and mobile marketing discuss their views on questions arising in this emerging field, pointing out crucial issues and challenges in online privacy, examining the potential business opportunities in this area, and identifying emerging trends that they expect to have a transformational impact on the field.
David Lund, head of research and development at HW Communications (www.hwcomms.com) focuses on cybersecurity topics, particularly data protection and information trust.
Sanja Ilic, director of business development at Velti (www.velti.com), a mobile marketing company with extensive experience in ad-oriented data processing and management, presents his views on privacy and personal data protection issues.
Further Efforts
Given the large number of private information disclosure risks involved in the use of OSNs, and users’ increasing need for transparency and empowerment in how their data — and ultimately their identities — are managed by online service providers, several efforts have attempted to increase OSN users’ awareness of and control over their data. Existing tools, often referred to as privacy enhancing technologies (PETs), typically focus on particular technical aspects of the problem and are generally bound to specific online services.
A more concerted effort comes from the User Empowerment for Enhanced Online Management project (USEMP, www.usemp-project.eu), a recently launched research initiative that’s building tools to empower users with respect to their volunteered, observed, and inferred data. The project builds on a multidisciplinary approach, involving multimedia information extraction, social network analysis, and information visualization and interaction, paying particular attention to legal, social, and ethical constraints and desiderata. The core idea behind the project is to create transparent, easy-to-understand interfaces that make visible the results of user profiling technologies, such as those described in the articles in this month’s Computing Now theme. Ultimately, the tools coming out of the project are expected to empower users by augmenting their awareness, understanding, and control over the data they distribute or interact with.
USEMP is focused on users and, naturally, they play an important role in the implementation of the empowerment tools, the first version of which will be tested in 2015. Within the project, samples of the general population are involved through lab and living lab studies. In addition, participation by and feedback from computer-savvy users, such as Computing Now readers, with expertise in different areas related to the project would be of foremost importance for improving the developed tools. If you are interested in getting involved, please visit the website after reading this month’s theme articles.
Citation
S. Papadopoulos and A. Popescu, ” Privacy Awareness and User Empowerment in Online Social Networking Settings,” Computing Now, vol. 8, no. 1, January 2015, IEEE Computer Society [online]; http://www.computer.org/publications/tech-news/computing-now/privacy-awareness-and-user-empowerment-in-online-social-networking-settings.
Symeon Papadopoulos is a post-doc research fellow at the Information Technologies Institute (ITI) of the Centre for Research and Technology Hellas (CERTH). He has a PhD in computer science from the Aristotle University of Thessaloniki, Greece. His technical interests include Web multimedia indexing and search, data mining, social network analysis, and information retrieval. Contact him at papadop@iti.gr.
Adrian Popescu is a researcher at the Vision & Content Engineering Lab of Commissariat à l’Energie Atomique, France. He has a PhD in computer science from Télécom Bretagne, France. His technical interests include multimedia mining and search, geographic information retrieval, and social network analysis. Contact him at adrian.popescu@cea.fr.