The VLDB Journal

, Volume 19, Issue 6, pp 777–796 | Cite as

Privacy policies for shared content in social network sites

  • Anna C. Squicciarini
  • Mohamed Shehab
  • Joshua Wede
Special Issue Paper

Abstract

Social networking is one of the major technological phenomena of the Web 2.0, with hundreds of millions of subscribed users. Social networks enable a form of self-expression for users and help them to socialize and share content with other users. In spite of the fact that content sharing represents one of the prominent features of existing Social network sites, they do not provide any mechanisms for collective management of privacy settings for shared content. In this paper, using game theory, we model the problem of collective enforcement of privacy policies on shared data. In particular, we propose a solution that offers automated ways to share images based on an extended notion of content ownership. Building upon the Clarke-Tax mechanism, we describe a simple mechanism that promotes truthfulness and that rewards users who promote co-ownership. Our approach enables social network users to compose friendship based policies based on distances from an agreed upon central user selected using several social networks metrics. We integrate our design with inference techniques that free the users from the burden of manually selecting privacy preferences for each picture. To the best of our knowledge, this is the first time such a privacy protection mechanism for social networking has been proposed. We also extend our mechanism so as to support collective enforcement across multiple social network sites. In the paper, we also show a proof-of-concept application, which we implemented in the context of Facebook, one of today’s most popular social networks. Through our implementation, we show the feasibility of such approach and show that it can be implemented with a minimal increase in overhead to end-users. We complete our analysis by conducting a user study to investigate users’ understanding of co-ownership, usefulness and understanding of our approach. Users responded favorably to the approach, indicating a general understanding of co-ownership and the auction, and found the approach to be both useful and fair.

Keywords

Social networks Privacy Game theory Clarke-Tax 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acquisti A., Grossklags J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. mag. 3(1), 26–33 (2005)CrossRefGoogle Scholar
  2. 2.
    Acquisti, A., Gross, R.: Imagined communities: Awareness, information sharing, and privacy on the facebook. In: Proceeding of Privacy Enhancing Technologies, pp 36–58. Springer (2006)Google Scholar
  3. 3.
    Bartal, Y., Gonen, R., Nisan, N.: Incentive compatible multi unit combinatorial auctions. In: Proceedings of the 9th Conference on Theoretical Aspects of Rationality and Knowledge, ACM. pp. 72–87 (2003)Google Scholar
  4. 4.
    Beaver, D.: 10 billion photos. http://www.facebook.com/note.php?note_id=30695603919, October (2008)
  5. 5.
    Bonneau J., Preibusch, S.: The privacy jungle: On the market for data protection in social networks. In the eighth workshop on the economics of information security (WEIS 2009) (2009)Google Scholar
  6. 6.
    Borgatti S.P., Everett M.G.: A graph-theoretic perspective on centrality. Soc. Networks 28(4), 466–484 (2006)CrossRefGoogle Scholar
  7. 7.
    Carminati, B., Ferrari, E.: Privacy-aware collective access control in web-based social networks. In DBSec, pp. 81–96 (2008)Google Scholar
  8. 8.
    Carminati, B., Ferrari, E., and Perego, A.: Rule-based access control for social networks. In OTM Workshops (2), pp. 1734–1744 (2006)Google Scholar
  9. 9.
    Chen L., Den X., Fang Q., Tian F.: Condorcet winners for public goods. Ann. Oper. Res. 137, 229–242 (2005)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Clarke E.H.: Multipart pricing of public goods. Public Choice 11, 17–33 (1971)CrossRefGoogle Scholar
  11. 11.
    Clarke, E.H.: Multipart Pricing of Public Goods: an example. In public price for public products, urban inst (1972)Google Scholar
  12. 12.
    Cormen T.H., Leiserson C.E., Rivest R.L.: Clifford Stein Introduction to Algorithms (3rd ed). MIT Press, Cambridge (2009)Google Scholar
  13. 13.
    Cox, I.J., Kilian, J., Leighton, T., Shamoon, T.: Secure spread spectrum watermarking for images, audio and video. In: Proceedings of International Conference on Image Processing, IEEE. pp. 243–246 (1996)Google Scholar
  14. 14.
    Davis, M., Smith, M., Canny, J., Good, N., King, S., Janakiraman, R.: Towards context-aware face recognition. In: Proceedings of the 13th Annual ACM International Conference on Multimedia, ACM, pp. 483–486 (2005)Google Scholar
  15. 15.
    Enterprise, C. F., Josang, A., Pope, S.: Auscert conference 2005. In in Asia Pacific information technology security conference, AusCERT2005, Austrailia, pp. 77–89 (2005)Google Scholar
  16. 16.
    Ephrati, E., Rosenschein, J.-S.: The Clarke-tax as a consensus mechanism among automated agents. In national conference on artificial intelligence, pp. 173–178 (1991)Google Scholar
  17. 17.
    Ephrati, E., Rosenschein, J.-S.: Voting and multi-agent consensus (1991)Google Scholar
  18. 18.
    Ephrati E., Rosenschein J.S.: Deriving consensus in multi-agent systems. J. Artif. Intell. 87, 21–74 (1996)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Facebook. Facebook web site. http://www.facebook.com/
  20. 20.
    Felt A.: Defacing Facebook: A security case study. Technical report. University of Virginia, Charlottesville (2007)Google Scholar
  21. 21.
    Felt, A., Evans, D.: Privacy protection for social networking platforms. In: Proceedings of Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy) (2008)Google Scholar
  22. 22.
    Gates, C.: Access control requirements for Web 2.0 Security and Privacy. In IEEE Web 2.0 privacy and security workshop (2007)Google Scholar
  23. 23.
    Geambasu, R., Balazinska, M., Gribble, S.-D., Levy, H.-M.: Homeviews: peer-to-peer middleware for personal data sharing applications. In SIGMOD conference, pp. 235–246 (2007)Google Scholar
  24. 24.
    Gibbard A.: Manipulation of voting schemes: a general result. Econometrica 41(4), 587–601 (1973)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Gollu, K. K., Saroiu, S., Wolman, A.: A social networking-based access control scheme for personal Content. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP ’07)- Work-in-Progress Session (2007)Google Scholar
  26. 26.
    Google open social api available at: http://code.google.com/apis/opensocial/
  27. 27.
    Greenberg J., Mackay R., Tideamn N.: Some limitations of the Groves-Ledyard Optimal mechanism. Public Choice 29(2), 129–137 (2005) SpringerCrossRefGoogle Scholar
  28. 28.
    Gross, R., and Acquisti, A.: Information revelation and privacy in online social networks. In workshop on privacy in the electronic society (2005)Google Scholar
  29. 29.
    Grossklags, J., Christin, N., Chuang, J.: Secure or insure? a game-theoretic analysis of information security games. In World Wide Web Conference pages 209–218 (2008)Google Scholar
  30. 30.
    Herlocker J.: Evaluating collaborative filtering recommender systems. ACM Tran. Inf. Syst. 22(1), 5–53 (2004)CrossRefGoogle Scholar
  31. 31.
    Groves T.: Incentives in teams. Econometrica 41, 617–631 (1973)MATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    Hart, M., Johnson, R., and Stent, A.: More content - less control: access control in the Web 2.0. In IEEE Web 2.0 privacy and security workshop (2007)Google Scholar
  33. 33.
    Hobgen, G.: Security issues and recommendations for online social networks. ENISA. Pos. Paper N. 1 (2007)Google Scholar
  34. 34.
    Jameson, A.: More than the sum of its members: challenges for group recommender systems. In Working Conference on Advanced Visual interfaces, ACM, (2004)Google Scholar
  35. 35.
    Jiang, J., Conrath, D.: Semantic similarity based on corpus statistics and lexical taxonomy. In: Proceedings of ROCLING X Sep (1997)Google Scholar
  36. 36.
    Josang, A., Zomai, M. A., Suriadi, S.: Usability and privacy in identity management architectures. In: ACSW ’07: Proceedings of the Fifth Australasian Symposium on ACSW Frontiers, pp. 143–152, Darlinghurst, Australia, Australia, (2007). Australian Computer Society, IncGoogle Scholar
  37. 37.
    Krishna V.: Auction Theory. 1st edn. Academic Press, Elsevier (2002)Google Scholar
  38. 38.
    Linden, G., Smith, B., York, J.: Amazon.com recommendations: item-to-item collaborative filtering. IEEE internet computing, pp. 76–80, January/February (2003)Google Scholar
  39. 39.
    Lenhart, A., Madden, M.: Teens, privacy & online social networks. Pew internet & American life project, 18 April (2007)Google Scholar
  40. 40.
    Lowensohon, J.: Facebook’s auto-tagging features could be tip of tagging icerberg. CNET News. http://news.cnet.com/8301-17939_109-10004835-2.html. August (2008)
  41. 41.
    Maliki, T. E., Seigneur, J.-M.: A survey of user-centric identity management technologies. In SECUREWARE ’07: Proceedings of The International Conference on Emerging Security Information, Systems, and Technologies, IEEE Computer Society, Washington, DC, USA, pp. 12–17 (2007)Google Scholar
  42. 42.
    Mannan, M., van Oorschot, P.-C.: Privacy-enhanced sharing of personal content on the Web. In WWW, ACM, pp. 487–496 (2008)Google Scholar
  43. 43.
    Mas-Colell A., Whinston M.D.: Micro-Economic Theory Chapter 23. Oxford University Press, Oxford (1998)Google Scholar
  44. 44.
    Mathes, A.: Folksonomies: cooperative classification and communication through shared metadata. http://www.adammathes.com/academic/computer-mediated-communication/folksonomies.html (2004)
  45. 45.
    Miller G.A.: Wordnet: a lexical database for english. Commun. ACM 38(11), 39–41 (1995)CrossRefGoogle Scholar
  46. 46.
    Naaman, M., Yeh, R.B., Garcia-Molina, H., Paepcke, A.: Leveraging context to resolve identity in photo albums. In: Proceedings of the 5th ACM/IEEE-CS Joint Conference on Digital libraries, pp. 178–187, ACM Press (2005)Google Scholar
  47. 47.
    Ellison, C.L.N.B., Steinfield, C.: Benefits of Facebook “Friends”: social capital and college students’ use of online social network. J Comput Mediat Commun-Electron (2007)Google Scholar
  48. 48.
    McCarthy, J., Anagnost, T.: MusicFX: An arbiter of group preferences for computer supported collective workouts. In: Proceedings of the 1998 Conference on Computer-Supported Cooperative Work, pp. 363–372, (1998)Google Scholar
  49. 49.
    McCarthy, K., Salam, M., Coyle, L., McGinty, L., Smyth, B., Nixon, P.: group recommender systems: a critiquing-based approach. IUI 2006: international conference on intelligent user interfaces, pp. 267–269. ACM Press (2006)Google Scholar
  50. 50.
    McCarthy, K., Salam, M., McGinty, L., Smyth, B.: CATS: A synchronous approach to collective group recommendation. In: Proceedings of the Nineteenth International Florida Artificial Intelligence Research Society Conference, Melbourne Beach, FL (2006)Google Scholar
  51. 51.
    Minr, S., Magnusson, B.: A model for semi-(a)synchronous collaborative editing. In: Proceedings of the Third Conference on European Conference on Computer-Supported Cooperative Work, pp. 13–17 (1993)Google Scholar
  52. 52.
    Norberg, P.-A., Horne, D.-R., Horne, D.-A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Cons. Aff (2007)Google Scholar
  53. 53.
    O’Connor, M., Cosley, D., Konstan, J., Riedl, J.: PolyLens: A recommender system for groups of users. In: Proceedings of the Seventh European Conference on Computer-Supported Cooperative Work, Kluwer, Dordrecht (2001)Google Scholar
  54. 54.
    Newman M.-E.-J.: Scientific collaboration networks. ii. shortest paths, weighted networks, and centrality. Physical Review E 64(1), 016132+ (2001)CrossRefGoogle Scholar
  55. 55.
    Pirro’, G., Seco, N.: Design, implementation and evaluation of a new semantic similarity metric combining features and intrinsic information content. In: Proceedings of On the Move to Meaningful Internet Systems (2008)Google Scholar
  56. 56.
    Ray P.: Independence of irrelevant alternatives. Econometrica 41, 987–991 (1973)MATHCrossRefMathSciNetGoogle Scholar
  57. 57.
    Resnick, P., Iacovou, N., Suchak, M., Bergstrom, P., and Riedl, GroupLens, J.: an open architecture for collaborative filtering of netnews. In ACM conference on computer supported cooperative work. ACM, Chapel Hill, NC, pp. 175–186 (1998)Google Scholar
  58. 58.
    Manuel Romero Salcedo: Dominique Decouchant, structured cooperative authoring for the World Wide Web, computer supported cooperative Work 6(2–3):157–174 (1997)Google Scholar
  59. 59.
    Rosenblum D.: What anyone can know: the privacy risks of social networking sites. IEEE Secur. Pri. 5(3), 40–49 (2007)CrossRefMathSciNetGoogle Scholar
  60. 60.
    Satterthwaite M.A.: Strategy-proofness and Arrow’s conditions: existence and correspondence theorems for voting procedures and social welfare functions. J. Econ. Theory 10, 187–217 (1975)MATHCrossRefMathSciNetGoogle Scholar
  61. 61.
    Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior. In EC ’01: Proceedings of the 3rd ACM conference on Electronic Commerce. ACM. pp. 38–47 (2001)Google Scholar
  62. 62.
    Stone, Z., Zickler, T., Darrell, T.: Autotagging facebook: social network context improves photo annotation, computer vision and pattern recognition workshops, pp. 1–8 (2008)Google Scholar
  63. 63.
    Sun, C., Ellis, C.: Operational transformation in real-time group editors: Issues, algorithms, and achievements. In conference on CSCW, ACM, pp. 59–68, Seattle (1998)Google Scholar
  64. 64.
    Varian, H.R. (2002) System Reliability and Free Riding. In Economics of Information Security. Kluwer Academic Publishers, pages 1–15Google Scholar
  65. 65.
    Vickrey, W.: Counterspeculation, auctions and competitive sealed tenders. J. Financ., p. 8–37 (1961)Google Scholar
  66. 66.
    Vidot, N., Cart, N.M., Ferrić4, J., Suleiman, M.: Copies convergence in a distributed real-time collective environment. In: Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work, ACM, pp. 171–180 (2000)Google Scholar
  67. 67.
    Wang, C., fung Leung, H.: A secure and private Clarke-tax voting protocol without trusted authorities. In: Proceedings of 6th International conference on Electronic Commerce, ACM, pp. 556–565, New York, NY, USA (2004)Google Scholar
  68. 68.
    Watson, J. (2008) Strategy, an introduction to game theory. Second Edition, Norton PublisherGoogle Scholar
  69. 69.
    Wu, X., Zhang, L., Yu, Y.: Exploring social annotations for the semantic Web. In World Wide Web conference, ACM, pp. 417–426 (2006)Google Scholar
  70. 70.
    Yao M.Z., Rice R., Wallis E.K.: Predicting user concerns about online privacy. Am. Soc. Inf. Sci. Technol. 58(5), 710–722 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2010

Authors and Affiliations

  • Anna C. Squicciarini
    • 1
  • Mohamed Shehab
    • 2
  • Joshua Wede
    • 3
  1. 1.College of Information Sciences and TechnologyPennsylvania State UniversityUniversity ParkUSA
  2. 2.Department of Software and Information SystemsUniversity of North CarolinaCharlotteUSA
  3. 3.Department of PsychologyPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations