Who Got All of My Personal Data? Enabling Users to Monitor the Proliferation of Shared Personally Identifiable Information

  • Sebastian Labitzke
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 375)


The risk involved when users publish information, which becomes available to an unintentional broad audience via online social networks is evident. It is especially difficult for users of social networks to determine who will get the information before it is shared. Moreover, it is impossible to monitor data flows or to control the access to personal data after sharing the information. In contrast to enterprise identity management systems, in which provider-engineered processes control the access to and flow of data, the users of social networks themselves are responsible for information management. Consequently, privacy requirements have become important so that users can control the flow of their personal data across social networks and beyond. In particular, this kind of user-based information management should provide the capability to control data flows in a proactive manner, as well as reactive components to monitor the proliferation of data. In this conceptual paper, we motivate the necessity of a dedicated user-based information management on the basis of studies that we conducted on information that users share publicly in online social networks. Moreover, we outline the building blocks of user-based information management on the basis of existing approaches, which support users in managing data flows and an investigation that we did on the linkability of social network profiles. Furthermore, we contrast user-based information management with our experiences in developing and operating federated identity management services at the Karlsruhe Institute of Technology (KIT).


Information Management Personal Data Identity Management Reactive Component Online Social Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM Conference on Electronic Commerce, EC 2004, pp. 21–29. ACM, New York (2004)CrossRefGoogle Scholar
  2. 2.
    Berg, B., Pötzsch, S., Leenes, R., Borcea-Pfitzmann, K., Beato, F.: Privacy in social software. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 33–60. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Bergmann, M., Rost, M., Pettersson, J.S.: Exploring the feasibility of a spatial user interface paradigm for privacy-enhancing technology. In: Proceedings of the Fourteenth International Conference on Information Systems Development (ISD 2005), Karlstad, Sweden, pp. 437–448. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: A taxonomy and open issues. J. Comput. Secur. 15, 493–527 (2007)Google Scholar
  5. 5.
    Dunbar, R.: Coevolution of neocortex size, group size and language in humans. Behavioral and Brain Sciences 16(4), 681–735 (1993)CrossRefGoogle Scholar
  6. 6.
    Fischer-Huebner, S., Hedbom, H., Waestlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, pp. 71–80. ACM, New York (2005)CrossRefGoogle Scholar
  8. 8.
    Hedbom, H., Pulls, T., Hansen, M.: Transparency tools. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 135–143. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Höllrigl, T., Kuehner, H., Dinger, J., Hartenstein, H.: User-controlled automated identity delegation. In: Proceedings of the 6th IEEE/IFIP International Conference on Network and Service Management (2010)Google Scholar
  10. 10.
    Kahl, C., Böttcher, K., Tschersich, M., Heim, S., Rannenberg, K.: How to Enhance Privacy and Identity Management for Mobile Communities: Approach and User Driven Concepts of the PICOS Project. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 277–288. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Krishnamurthy, B.: I know what you will do next summer. SIGCOMM Comput. Commun. Rev. 40, 65–70 (2010)CrossRefGoogle Scholar
  12. 12.
    Krishnamurthy, B., Wills, C.: Characterizing privacy in online social networks. In: Proceedings of the First Workshop on Online Social Networks, WOSP 2008, pp. 37–42. ACM, New York (2008)CrossRefGoogle Scholar
  13. 13.
    Krishnamurthy, B., Wills, C.: On the leakage of personally identifiable information via online social networks. SIGCOMM Comput. Commun. Rev. 40, 112–117 (2010)CrossRefGoogle Scholar
  14. 14.
    Labitzke, S., Dinger, J., Hartenstein, H.: How I and others can link my various social network profiles as a basis to reveal my virtual appearance. In: LNI - Proceedings of the 4th DFN Forum Communication Technologies, GI-Edition (June 2011)Google Scholar
  15. 15.
    Labitzke, S., Taranu, I., Hartenstein, H.: What your friends tell others about you: Low cost linkability of social network profiles. In: Proceedings of the 5th International ACM Workshop on Social Network Mining and Analysis, SNAKDD 2011. ACM, San Diego (2011)Google Scholar
  16. 16.
    Lampe, C.A.C., Ellison, N., Steinfield, C.: A familiar face(book): profile elements as signals in an online social network. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2007, pp. 435–444. ACM, New York (2007)CrossRefGoogle Scholar
  17. 17.
    Scerri, S., Gimenez, R., Hermann, F., Bourimi, M., Thiel, S.: - towards an integrated personal information sphere. In: Workshop on the Federated Social Web Summit, FSW 2011 (2011)Google Scholar
  18. 18.
    Schell, F., Höllrigl, T., Hartenstein, H.: Federated identity management as a basis for integrated information management. It – Information Technology 51(1), 14–23 (2009)CrossRefGoogle Scholar
  19. 19.
    Schrammel, J., Köffel, C., Tscheligi, M.: How much do you tell? information disclosure behaviour indifferent types of online communities. In: Proceedings of the Fourth International Conference on Communities and Technologies, pp. 275–284. ACM, New York (2009)CrossRefGoogle Scholar
  20. 20.
    Tschersich, M., Kahl, C., Heim, S., Crane, S., Böttcher, K., Krontiris, I., Rannenberg, K.: Towards privacy-enhanced mobile communities – architecture, concepts and user trials. Journal of Systems and Software 84(11), 1947–1960 (2011)CrossRefGoogle Scholar
  21. 21.
    Weiss, S.: Privacy threat model for data portability in social network applications. International Journal of Information Management 29(4), 249–254 (2009)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Sebastian Labitzke
    • 1
  1. 1.Steinbuch Centre for Computing (SCC) & Institute of TelematicsKarlsruhe Institute of Technology (KIT)KarlsruheGermany

Personalised recommendations