Understanding and Specifying Social Access Control Lists

Online social network (OSN) users upload millions of pieces of content to share with others every day. While a significant portion of this content is benign (and is typically shared with all friends or all OSN users), there are certain pieces of content that are highly privacy sensitive. Sharing such sensitive content raises significant privacy concerns for users, and it becomes important for the user to protect this content from being exposed to the wrong audience. Today, most OSN services provide fine-grained mechanisms for specifying social access control lists (social ACLs, or SACLs), allowing users to restrict their sensitive content to a select subset of their friends. However, it remains unclear how these SACL mechanisms are used today. To design better privacy management tools for users, we need to first understand the usage and complexity of SACLs specified by users. In this paper, we present the first large-scale study of finegrained privacy preferences of over 1,000 users on Facebook, providing us with the first ground-truth information on how users specify SACLs on a social networking service. Overall, we find that a surprisingly large fraction (17.6%) of content is shared with SACLs. However, we also find that the SACL membership shows little correlation with either profile information or social network links; as a result, it is difficult to predict the subset of a user’s friends likely to appear in a SACL. On the flip side, we find that SACLs are often reused, suggesting that simply making recent SACLs available to users is likely to significantly reduce the burden of privacy management on users.

[1]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[2]  Ed H. Chi,et al.  Talking in circles: selective sharing in google+ , 2012, CHI.

[3]  Keith W. Ross,et al.  Facebook users have become much more private: A large-scale study , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Eytan Adar,et al.  The PViz comprehension tool for social network privacy settings , 2012, SOUPS.

[6]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[7]  Michael S. Bernstein,et al.  Quantifying the invisible audience in social networks , 2013, CHI.

[8]  Robin I. M. Dunbar Social Brain Hypothesis , 1998, Encyclopedia of Evolutionary Psychological Science.

[9]  Jean-Loup Guillaume,et al.  Fast unfolding of community hierarchies in large networks , 2008, ArXiv.

[10]  Qian Xiao,et al.  Towards ad-hoc circles in social networking sites , 2012, DBSocial '12.

[11]  Krishna P. Gummadi,et al.  Simplifying friendlist management , 2012, WWW.

[12]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.

[13]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[14]  Mary Beth Rosson,et al.  journal homepage: www.elsevier.com/locate/ecra Privacy as information access and illusory control: The case of the Facebook News Feed privacy outcry , 2022 .

[15]  Siddharth Suri,et al.  Conducting behavioral research on Amazon’s Mechanical Turk , 2010, Behavior research methods.

[16]  William M. Rand,et al.  Objective Criteria for the Evaluation of Clustering Methods , 1971 .

[17]  Robin I. M. Dunbar,et al.  Social network size in humans , 2003, Human nature.

[18]  Lorrie Faith Cranor,et al.  An Investigation into Facebook Friend Grouping , 2011, INTERACT.

[19]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..

[20]  Steven M. Bellovin,et al.  The Failure of Online Social Network Privacy Settings , 2011 .

[21]  James Fogarty,et al.  Regroup: interactive machine learning for on-demand group creation in social networks , 2012, CHI.

[22]  Marco Conti,et al.  Analysis of Ego Network Structure in Online Social Networks , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[23]  Matthieu Latapy,et al.  Computing Communities in Large Networks Using Random Walks , 2004, J. Graph Algorithms Appl..

[24]  Alessandro Acquisti,et al.  Silent Listeners: The Evolution of Privacy and Disclosure on Facebook , 2013, J. Priv. Confidentiality.

[25]  Steven M. Bellovin,et al.  Facebook and privacy: it's complicated , 2012, SOUPS.

[26]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[27]  M. Newman,et al.  Finding community structure in very large networks. , 2004, Physical review. E, Statistical, nonlinear, and soft matter physics.

[28]  Danah Boyd,et al.  Facebook privacy settings: Who cares? , 2010, First Monday.