Privacy in online social networks
KeywordsPrivacy by design ; Privacy policies ; Privacy risks ; Privacy by networks ; Online social networks ; Privacy
The privacy of data that users share over Online Social Networks (OSNs) cannot be taken for granted. A mixture of public and private user profiles create difficulties in preserving the intended privacy levels; privacy conflicts leave a large number of personally identifiable information (PII) exposed to and accessible by unauthorized audiences. Not only the weak privacy preserving architectures of OSNs but also the tendency of the service providers to make publicly available all uploaded content types lead to inability to ensure privacy by design and by default. As a result, privacy management seems to be a hard task even for experienced users; vague guidelines and incorrect perception of the applicable privacy levels may lead to serious privacy breaches. In this thesis, privacy in OSNs was studied both from an end user and from a provider perspective. User studies were carried out to assess the appropriateness and the adequacy of privacy controls that OSNs offer. We found that the privacy protection levels that are offered as default by the service providers progressively tend to deactivate any privacy control there is, as multiple types of uploaded data become publicly available, without restrictions. It is also worth noting that the usability of default OSN privacy controls is low. At the same time, the complexity of these settings seems to lead to divergence between the intended and the achieved level of privacy. We then assessed the privacy risks resulting from a number of popular user interactions with the OSNs, with an eye towards increasing the awareness of such risks among OSN users, that will in turn result in motivating them to engage with protecting the privacy of their PII. To this end, we applied risk assessment methods and we proposed the use of visualization techniques to provide the users with a realistic perception of the privacy risks they face. Despite the fact that such visualization may indeed activate the end users, leading them to change their attitude against privacy risks, risk reduction strategies need to be followed by the end users themselves, rendering them a leading role in decision making with regards to PII privacy management. To this end, we formulated proposals for managing such risks by the end user. From the provider’s perspective, we investigated the extent of compliance of the OSN privacy protection policies with relevant regulation. We found significant divergence; in order to reduce this, we proposed a common structure for such policies that is based on the PII lifecycle.