Abstract
Empirical privacy evaluation in OSNs may provide a better under standing of the effectiveness and the efficiency of the default privacy controls and those customized by the users. Proper user perception of the privacy risk could restrict possible privacy violation issues by enabling user participation in actively managing privacy. In this paper we assess the current state of play of OSN privacy risks. To this end, a new data classification model is first proposed. Based on this, a method for assessing the privacy risks associated with data assets is proposed, which is applied to the case where the default privacy controls are assumed. Recommendations on how the resulting risks can be mitigated are given, which reduce the risk.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Article 9 (1), (2): http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf.
References
Koops, B.: The trouble with European data protection law. Int. Data Priv. Law 4(4), 250–261 (2014)
Featherman, M., Pavlou, P.: Predicting e-services adoption: a perceived risk facets perspective. Int. J. Hum. Comput. Stud. 59(4), 451–474 (2003)
ISO 31000:2009 Risk management - Principles and guidelines, ISO (2009)
Betterley, R.S.: Cyber/Privacy Insurance Market Survey –2014: “Maybe Next Year” Turns Into “I Need It Now”. International Risk Management Institute, Inc. (IRMI) (2014)
Most popular activities of Facebook users worldwide as of 1st quarter 2016. The Statista Portal (2016). http://www.statista.com/statistics/420714/top-facebook-activities-worldwide/. Accessed 7 July 2017
Schneier, B.: A taxonomy of social networking data. IEEE Secur. Priv. 8(4), 88 (2010)
Beye, M., Jeckmans, A., Erkin, Z., Hartel, P., Lagendijk, R., Tang, Q.: Privacy in online social networks. In: Abraham, A. (ed.) Computational Social Networks: Security and Privacy. Springer, London (2012). https://doi.org/10.1007/978-3-642-27901-0_1
Ho, A., Maiga, A., Aimeur, E.: Privacy protection issues in social networking sites. In: ACS/IEEE International Conference on Computer Systems and Applications (AICCSA), Los Alamitos (2009)
Richthammer, C., Netter, M., Riesner, M., Sänger, J., Pernul, G.: Taxonomy of social network data types. EURASIP J. Inf. Secur. 11, 1–17 (2014)
Årnes, A., Skorstad, J., Michelsen, L.: Social Network Services and Privacy. Datatilsynet, Oslo (2011)
Racz, N., Weippl, E., Seufert, A.: A frame of reference for research of integrated governance, risk and compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 106–117. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13241-4_11
Liu, K., Terzi, E.: A framework for computing the privacy scores of users in online social networks. ACM Trans. Knowl. Discov. Data 5(1), 1–30 (2010)
Cutillo, L., Molva, R., Onen, M.: Analysis of privacy in online social networks from the graph theory perspective. In: 2011 IEEE Global Telecommunications Conference (GLOBECOM 2011), Kathmandu, Nepal (2011)
Symeonids, I., Beato, F., Tsormpatzoudi, P., Preneel, B.: Collateral damage of Facebook apps: an enhanced privacy scoring model. In: IACR Cryptology ePrint Archive, IACR (2015)
Becker, J., Chen, H.: Measuring privacy risk in online social networks (2009). http://web.cs.ucdavis.edu/~hchen/paper/w2sp2009.pdf. Accessed 11 July 2017
Ananthula, S., Abuzaghleh, O., Alla, N., Prabha, S.: Measuring privacy in online social networks. Int. J. Secur. Priv. Trust Manage. (IJSPTM) 4(2), 1–9 (2015)
Wang, Y., Nepali, R.: Privacy impact assessment for online social networks. In: International Conference on Collaboration Technologies and Systems (CTS), Atlanta, Georgia, USA (2015)
Ghazinour, K., Majedi, M., Barker, K.: A model for privacy policy visualization. In: 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC 2009), Seattle, WA, USA (2009)
Birge, C.: Enhancing research into usable privacy and security. In: 27th ACM International Conference on Design of Communication, Bloomington, Indiana, USA (2009)
Becker, J., Heddier, M., Öksuz, A.: The Effect of providing visualizations in privacy policies on trust in data privacy and security. In: 47th Hawaii International Conference on System Sciences (HICSS), Waikoloa, HI, USA (2014)
Kang, J., Kim, H., Cheong, Y.G., Huh, J.H.: Visualizing privacy risks of mobile applications through a privacy meter. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 548–558. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17533-1_37
Michota, A.K., Katsikas, S.K.: Tagged data breaches in online social networks. In: Katsikas, S.K., Sideridis, A.B. (eds.) e-Democracy 2015. CCIS, vol. 570, pp. 95–106. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27164-4_7
Wüest, S.: The Risks of Social Networking. Symantec (2006)
Facebook Data Policy (2017). https://www.facebook.com/policy.php. Accessed 11 July 2017
Open Web Application Security Project (OWASP) (2017). https://www.owasp.org/index.php/Main_Page. Accessed 11 July 2017
Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., Nadeau, E.: An introduction to privacy engineering and risk management in federal systems. National Institute of Standards and Technology, Gaithersburg, MD, USA (2017)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Brussels: European Commission (1995)
Michota, A., Katsikas, S.: The evolution of privacy-by-default in social networks. In: 18th Panhellenic Conference in Informatics (PCI 2014), Athens, Greece (2014)
Facebook. What’s the Privacy Checkup and how can I find it? (2015). Retrieved May 2015. https://www.facebook.com/help/443357099140264
NIST SP 800-63-1. Electronic authentication guidelines. From National Institute of Standards and Technology (2011)
Acknowledgement
The authors acknowledge, with special thanks, the support of the Research Center of the University of Piraeus to presenting this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Michota, A., Katsikas, S. (2017). Default OSN Privacy Settings: Privacy Risks. In: Katsikas, S., Zorkadis, V. (eds) E-Democracy – Privacy-Preserving, Secure, Intelligent E-Government Services. e-Democracy 2017. Communications in Computer and Information Science, vol 792. Springer, Cham. https://doi.org/10.1007/978-3-319-71117-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-71117-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71116-4
Online ISBN: 978-3-319-71117-1
eBook Packages: Computer ScienceComputer Science (R0)