Privacy wizards for social networking sites

Privacy is an enormous problem in online social networking sites. While sites such as Facebook allow users fine-grained control over who can see their profiles, it is difficult for average users to specify this kind of detailed policy. In this paper, we propose a template for the design of a social networking privacy wizard. The intuition for the design comes from the observation that real users conceive their privacy preferences (which friends should be able to see which information) based on an implicit set of rules. Thus, with a limited amount of user input, it is usually possible to build a machine learning model that concisely describes a particular user's preferences, and then use this model to configure the user's privacy settings automatically. As an instance of this general framework, we have built a wizard based on an active learning paradigm called uncertainty sampling. The wizard iteratively asks the user to assign privacy "labels" to selected ("informative") friends, and it uses this input to construct a classifier, which can in turn be used to automatically assign privileges to the rest of the user's (unlabeled) friends. To evaluate our approach, we collected detailed privacy preference data from 45 real Facebook users. Our study revealed two important things. First, real users tend to conceive their privacy preferences in terms of communities, which can easily be extracted from a social network graph using existing techniques. Second, our active learning wizard, using communities as features, is able to recommend high-accuracy privacy settings using less user input than existing policy-specification tools.

[1]  Santo Fortunato,et al.  Community detection in graphs , 2009, ArXiv.

[2]  David Evans,et al.  Privacy Protection for Social Networking Platforms , 2008 .

[3]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[4]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[5]  David D. Lewis,et al.  Heterogeneous Uncertainty Sampling for Supervised Learning , 1994, ICML.

[6]  Thomas P. Minka,et al.  Gates , 2008, NIPS.

[7]  George Danezis Inferring privacy policies for social networking services , 2009, AISec '09.

[8]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[9]  Wenke Lee,et al.  xBook: Redesigning Privacy Control in Social Networking Platforms , 2009, USENIX Security Symposium.

[10]  William A. Gale,et al.  A sequential algorithm for training text classifiers , 1994, SIGIR '94.

[11]  Frank Stajano,et al.  Privacy-enabling social networking over untrusted networks , 2009, WOSN '09.

[12]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[13]  Kevin Borders,et al.  Social networks and context-aware spam , 2008, CSCW.

[14]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[15]  Alec Wolman,et al.  A Social Networking-Based Access Control Scheme for Personal Content , 2007 .

[16]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[17]  Rob Johnson,et al.  More Content - Less Control: Access Control in the Web 2.0 , 2006 .

[18]  Jack R. Fraenkel Ask the Right Questions , 1966 .

[19]  Barbara Carminati,et al.  Private Relationships in Social Networks , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[20]  Patrick P. Tsang,et al.  Social Circles: Tackling Privacy in Social Networks , 2008 .

[21]  Lujo Bauer,et al.  Expandable grids for visualizing and authoring computer security policies , 2008, CHI.

[22]  Gábor Csárdi,et al.  The igraph software package for complex network research , 2006 .

[23]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[24]  Frank Stajano,et al.  Privacy stories: confidence in privacy behaviors through end user programming , 2009, SOUPS.

[25]  Carmela Troncoso,et al.  On the Impact of Social Network Profiling on Anonymity , 2008, Privacy Enhancing Technologies.

[26]  Evimaria Terzi,et al.  A Framework for Computing the Privacy Scores of Users in Online Social Networks , 2009, 2009 Ninth IEEE International Conference on Data Mining.

[27]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2010, The VLDB Journal.

[28]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[29]  Heather Richter Lipford,et al.  Strategies and struggles with privacy in an online social networking community , 2008, BCS HCI.

[30]  Eric Gilbert,et al.  Predicting tie strength with social media , 2009, CHI.

[31]  E. Michael Maximilien,et al.  Privacy-asa-Service : Models , Algorithms , and Results on the Facebook Platform , 2009 .

[32]  M E J Newman,et al.  Finding and evaluating community structure in networks. , 2003, Physical review. E, Statistical, nonlinear, and soft matter physics.

[33]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[34]  Ingo Mierswa,et al.  YALE: rapid prototyping for complex data mining tasks , 2006, KDD '06.

[35]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[36]  Norman M. Sadeh,et al.  Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? , 2009, Privacy Enhancing Technologies.

[37]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[38]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[39]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[40]  David S. Rosenblum,et al.  What Anyone Can Know: The Privacy Risks of Social Networking Sites , 2007, IEEE Security & Privacy.