Abstract
The social benefit derived from online social networks (OSNs) can lure users to reveal unprecedented volumes of personal data to a social graph that is much less trustworthy than the offline social circle. Although OSNs provide users privacy configuration settings to protect their data, these settings are not sufficient to prevent all situations of sensitive information disclosure. Indeed, users can become the victims of harms such as identity theft, stalking or discrimination. In this work, we design a privacy scoring mechanism inspired by privacy risk analysis (PRA) to guide users to understand the various privacy problems they may face. Concepts, derived from existing works in PRA, such as privacy harms, risk sources and harm trees are adapted in our mechanism to compute privacy scores. However, unlike existing PRA methodologies, our mechanism is user-centric. More precisely, it analyzes only OSN user profiles taking into account the choices made by the user and his vicinity regarding the visibility of their profile attributes to potential risk sources within their social graphs. To our best knowledge, our work is the first effort in adopting PRA approach for user-centric analysis of OSN privacy risks.
This work is partially funded by MAIF Foundation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
According to the GDPR (General Data Protection Regulation) of European Union.
- 3.
In Table 1, neither the list of inference methods nor the personal data that can be inferred from the given set of attributes nor the personal data types that must be considered is exhaustive. Other inferred personal data, personal data types and inference methods can be easily incorportated in our framework.
- 4.
Notation wise, for simplicity, we assume that the target user is the first friend for himself, i.e., when \(i=1\), \(v_i=v_T\).
- 5.
A.2 is included because a friend of \(v_i\) \((i\ne 1)\) is a friend of friend of the target user.
- 6.
The accuracy values lie between 0 (no accuracy) and 1 (full accuracy).
- 7.
The value of an attribute is known with full accuracy only when the value is disclosed by the target user himself, i.e., only for some cases of direct, similar attribute inferences (e.g., a risk source comes to know \(v_T\)’s gender because \(v_T\) reveals it).
References
Akcora, C., Carminati, B., Ferrari, E.: Privacy in social networks: how risky is your social graph? In: 2012 IEEE 28th International Conference on Data Engineering (ICDE), pp. 9–19. IEEE (2012)
Al Zamal, F., Liu, W., Ruths, D.: Homophily and latent attribute inference: inferring latent attributes of Twitter users from neighbors. In: ICWSM, vol. 270, pp. 387–390 (2012)
Commission Nationale de l’Informatique et des Libertes (CNIL): Privacy Impact Assessment (PIA) Methodology (How to Carry Out a PIA) (2015)
Commission Nationale de l’Informatique et des Libertes (CNIL): Privacy Impact Assessment (PIA) Tools (templates and knowledge bases) (2015)
De, S.J., Le Métayer, D.: PRIAM: a privacy risk analysis methodology. In: 11th International Workshop on Data Privacy Management (DPM). IEEE (2016)
De, S.J., Le Métayer, D.: Privacy risk analysis. In: Synthesis Series. Morgan & Claypool Publishers (2016)
De, S.J., Le Métayer, D.: A Risk-based Approach to Privacy by Design (Extended Version). Number RR-9001, December 2016
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: LINDDUN: running example-Social Network 2.0
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A Privacy threat analysis framework: supporting the elicitation and fulfilment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 71–80. ACM (2005)
Huang, L., Wang, D.: What a surprise: initial connection with coworkers on Facebook and expectancy violations. In: Proceedings of the 19th ACM Conference on Computer Supported Cooperative Work and Social Computing Companion, pp. 293–296. ACM (2016)
Johnson, M., Egelman, S., Bellovin, S.M.: Facebook and privacy: it’s complicated. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 9. ACM (2012)
Liu, K., Terzi, E.: A framework for computing the privacy scores of users in online social networks. ACM Trans. Knowl. Disc. Data (TKDD) 5(1), 6 (2010)
Mislove, A., Viswanath, B., Gummadi, K.P., Druschel, P.: You are who you know: inferring user profiles in online social networks. In: Proceedings of the Third ACM International Conference on Web Search and Data Mining, pp. 251–260. ACM (2010)
Nepali, R.K., Wang, Y.: SONET: a social network model for privacy monitoring and ranking. In: 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 162–166. IEEE (2013)
Ollier-Malaterre, A., Rothbard, N.P., Berg, J.M.: When worlds collide in cyberspace: how boundary work in online social networks impacts professional relationships. Acad. Manag. Rev. 38(4), 645–669 (2013)
Pergament, D., Aghasaryan, A., Ganascia, J.-G., Betgé-Brezetz, S.: FORPS: friends-oriented reputation privacy score. In: Proceedings of the First International Workshop on Security and Privacy Preserving in e-Societies, pp. 19–25. ACM (2011)
Petkos, G., Papadopoulos, S., Kompatsiaris, Y.: PScore: a framework for enhancing privacy awareness in online social networks. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 592–600. IEEE (2015)
Vidyalakshmi, B.S., Wong, R.K., Chi, C.-H.: Privacy scoring of social network users as a service. In: 2015 IEEE International Conference on Services Computing (SCC), pp. 218–225. IEEE (2015)
Wang, W., Zhuo, L.: Cyber security in the Smart Grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013)
Wang, Y., Norcie, G., Komanduri, S., Acquisti, A., Leon, P.G., Cranor, L.F.: I regretted the minute I pressed share: a qualitative study of regrets on Facebook. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, p. 10. ACM (2011)
Wang, Y., Nepali, R.K., Nikolai, J.: Social network privacy measurement and simulation. In: 2014 International Conference on Computing, Networking and Communications (ICNC), pp. 802–806. IEEE (2014)
Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176(20), 2933–2959 (2006)
Zheleva, E., Getoor, L.: To Join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web, pp. 531–540. ACM (2009)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
De, S.J., Imine, A. (2018). Privacy Scoring of Social Network User Profiles Through Risk Analysis. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-76687-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76686-7
Online ISBN: 978-3-319-76687-4
eBook Packages: Computer ScienceComputer Science (R0)