Privacy in online social networks
View/
Keywords
Privacy by design ; Privacy policies ; Privacy risks ; Privacy by networks ; Online social networks ; PrivacyAbstract
The privacy of data that users share over Online Social Networks (OSNs) cannot be taken for
granted. A mixture of public and private user profiles create difficulties in preserving the
intended privacy levels; privacy conflicts leave a large number of personally identifiable
information (PII) exposed to and accessible by unauthorized audiences. Not only the weak
privacy preserving architectures of OSNs but also the tendency of the service providers to
make publicly available all uploaded content types lead to inability to ensure privacy by
design and by default. As a result, privacy management seems to be a hard task even for
experienced users; vague guidelines and incorrect perception of the applicable privacy levels
may lead to serious privacy breaches.
In this thesis, privacy in OSNs was studied both from an end user and from a provider
perspective. User studies were carried out to assess the appropriateness and the adequacy of
privacy controls that OSNs offer.
We found that the privacy protection levels that are offered as default by the service
providers progressively tend to deactivate any privacy control there is, as multiple types of
uploaded data become publicly available, without restrictions. It is also worth noting that the
usability of default OSN privacy controls is low. At the same time, the complexity of these
settings seems to lead to divergence between the intended and the achieved level of privacy.
We then assessed the privacy risks resulting from a number of popular user interactions with
the OSNs, with an eye towards increasing the awareness of such risks among OSN users, that
will in turn result in motivating them to engage with protecting the privacy of their PII. To
this end, we applied risk assessment methods and we proposed the use of visualization
techniques to provide the users with a realistic perception of the privacy risks they face.
Despite the fact that such visualization may indeed activate the end users, leading them to
change their attitude against privacy risks, risk reduction strategies need to be followed by the end users themselves, rendering them a leading role in decision making with regards to PII
privacy management. To this end, we formulated proposals for managing such risks by the
end user.
From the provider’s perspective, we investigated the extent of compliance of the OSN
privacy protection policies with relevant regulation. We found significant divergence; in
order to reduce this, we proposed a common structure for such policies that is based on the
PII lifecycle.
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών ΣυστημάτωνNumber of pages
132Language
EnglishCollections
Except where otherwise noted, this item's license is described as
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές