Default OSN Privacy Settings: Privacy Risks

  • Alexandra Michota
  • Sokratis KatsikasEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 792)


Empirical privacy evaluation in OSNs may provide a better under standing of the effectiveness and the efficiency of the default privacy controls and those customized by the users. Proper user perception of the privacy risk could restrict possible privacy violation issues by enabling user participation in actively managing privacy. In this paper we assess the current state of play of OSN privacy risks. To this end, a new data classification model is first proposed. Based on this, a method for assessing the privacy risks associated with data assets is proposed, which is applied to the case where the default privacy controls are assumed. Recommendations on how the resulting risks can be mitigated are given, which reduce the risk.


Privacy risk Asset Data classification Risk treatment 



The authors acknowledge, with special thanks, the support of the Research Center of the University of Piraeus to presenting this work.


  1. 1.
    Koops, B.: The trouble with European data protection law. Int. Data Priv. Law 4(4), 250–261 (2014)CrossRefGoogle Scholar
  2. 2.
    Featherman, M., Pavlou, P.: Predicting e-services adoption: a perceived risk facets perspective. Int. J. Hum. Comput. Stud. 59(4), 451–474 (2003)CrossRefGoogle Scholar
  3. 3.
    ISO 31000:2009 Risk management - Principles and guidelines, ISO (2009)Google Scholar
  4. 4.
    Betterley, R.S.: Cyber/Privacy Insurance Market Survey –2014: “Maybe Next Year” Turns Into “I Need It Now”. International Risk Management Institute, Inc. (IRMI) (2014)Google Scholar
  5. 5.
    Most popular activities of Facebook users worldwide as of 1st quarter 2016. The Statista Portal (2016). Accessed 7 July 2017
  6. 6.
    Schneier, B.: A taxonomy of social networking data. IEEE Secur. Priv. 8(4), 88 (2010)CrossRefGoogle Scholar
  7. 7.
    Beye, M., Jeckmans, A., Erkin, Z., Hartel, P., Lagendijk, R., Tang, Q.: Privacy in online social networks. In: Abraham, A. (ed.) Computational Social Networks: Security and Privacy. Springer, London (2012). Google Scholar
  8. 8.
    Ho, A., Maiga, A., Aimeur, E.: Privacy protection issues in social networking sites. In: ACS/IEEE International Conference on Computer Systems and Applications (AICCSA), Los Alamitos (2009)Google Scholar
  9. 9.
    Richthammer, C., Netter, M., Riesner, M., Sänger, J., Pernul, G.: Taxonomy of social network data types. EURASIP J. Inf. Secur. 11, 1–17 (2014)Google Scholar
  10. 10.
    Årnes, A., Skorstad, J., Michelsen, L.: Social Network Services and Privacy. Datatilsynet, Oslo (2011)Google Scholar
  11. 11.
    Racz, N., Weippl, E., Seufert, A.: A frame of reference for research of integrated governance, risk and compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 106–117. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  12. 12.
    Liu, K., Terzi, E.: A framework for computing the privacy scores of users in online social networks. ACM Trans. Knowl. Discov. Data 5(1), 1–30 (2010)CrossRefGoogle Scholar
  13. 13.
    Cutillo, L., Molva, R., Onen, M.: Analysis of privacy in online social networks from the graph theory perspective. In: 2011 IEEE Global Telecommunications Conference (GLOBECOM 2011), Kathmandu, Nepal (2011)Google Scholar
  14. 14.
    Symeonids, I., Beato, F., Tsormpatzoudi, P., Preneel, B.: Collateral damage of Facebook apps: an enhanced privacy scoring model. In: IACR Cryptology ePrint Archive, IACR (2015)Google Scholar
  15. 15.
    Becker, J., Chen, H.: Measuring privacy risk in online social networks (2009). Accessed 11 July 2017
  16. 16.
    Ananthula, S., Abuzaghleh, O., Alla, N., Prabha, S.: Measuring privacy in online social networks. Int. J. Secur. Priv. Trust Manage. (IJSPTM) 4(2), 1–9 (2015)CrossRefGoogle Scholar
  17. 17.
    Wang, Y., Nepali, R.: Privacy impact assessment for online social networks. In: International Conference on Collaboration Technologies and Systems (CTS), Atlanta, Georgia, USA (2015)Google Scholar
  18. 18.
    Ghazinour, K., Majedi, M., Barker, K.: A model for privacy policy visualization. In: 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC 2009), Seattle, WA, USA (2009)Google Scholar
  19. 19.
    Birge, C.: Enhancing research into usable privacy and security. In: 27th ACM International Conference on Design of Communication, Bloomington, Indiana, USA (2009)Google Scholar
  20. 20.
    Becker, J., Heddier, M., Öksuz, A.: The Effect of providing visualizations in privacy policies on trust in data privacy and security. In: 47th Hawaii International Conference on System Sciences (HICSS), Waikoloa, HI, USA (2014)Google Scholar
  21. 21.
    Kang, J., Kim, H., Cheong, Y.G., Huh, J.H.: Visualizing privacy risks of mobile applications through a privacy meter. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 548–558. Springer, Cham (2015). CrossRefGoogle Scholar
  22. 22.
    Michota, A.K., Katsikas, S.K.: Tagged data breaches in online social networks. In: Katsikas, S.K., Sideridis, A.B. (eds.) e-Democracy 2015. CCIS, vol. 570, pp. 95–106. Springer, Cham (2015). CrossRefGoogle Scholar
  23. 23.
    Wüest, S.: The Risks of Social Networking. Symantec (2006)Google Scholar
  24. 24.
    Facebook Data Policy (2017). Accessed 11 July 2017
  25. 25.
    Open Web Application Security Project (OWASP) (2017). Accessed 11 July 2017
  26. 26.
    Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., Nadeau, E.: An introduction to privacy engineering and risk management in federal systems. National Institute of Standards and Technology, Gaithersburg, MD, USA (2017)Google Scholar
  27. 27.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Brussels: European Commission (1995)Google Scholar
  28. 28.
    Michota, A., Katsikas, S.: The evolution of privacy-by-default in social networks. In: 18th Panhellenic Conference in Informatics (PCI 2014), Athens, Greece (2014)Google Scholar
  29. 29.
    Facebook. What’s the Privacy Checkup and how can I find it? (2015). Retrieved May 2015.
  30. 30.
    NIST SP 800-63-1. Electronic authentication guidelines. From National Institute of Standards and Technology (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Systems Security Laboratory, Department of Digital Systems, School of Information and Communication TechnologiesUniversity of PiraeusPiraeusGreece
  2. 2.Center for Cyber and Information SecurityNorwegian University of Science and TechnologyGjøvikNorway

Personalised recommendations