TY - GEN
T1 - UnFriendly
T2 - 10th International Symposium on Privacy Enhancing Technologies, PETS 2010
AU - Thomas, Kurt
AU - Grier, Chris
AU - Nicol, David M.
PY - 2010/8/16
Y1 - 2010/8/16
N2 - As the popularity of social networks expands, the information users expose to the public has potentially dangerous implications for individual privacy. While social networks allow users to restrict access to their personal data, there is currently no mechanism to enforce privacy concerns over content uploaded by other users. As group photos and stories are shared by friends and family, personal privacy goes beyond the discretion of what a user uploads about himself and becomes an issue of what every network participant reveals. In this paper, we examine how the lack of joint privacy controls over content can inadvertently reveal sensitive information about a user including preferences, relationships, conversations, and photos. Specifically, we analyze Facebook to identify scenarios where conflicting privacy settings between friends will reveal information that at least one user intended remain private. By aggregating the information exposed in this manner, we demonstrate how a user's private attributes can be inferred from simply being listed as a friend or mentioned in a story. To mitigate this threat, we show how Facebook's privacy model can be adapted to enforce multi-party privacy. We present a proof of concept application built into Facebook that automatically ensures mutually acceptable privacy restrictions are enforced on group content.
AB - As the popularity of social networks expands, the information users expose to the public has potentially dangerous implications for individual privacy. While social networks allow users to restrict access to their personal data, there is currently no mechanism to enforce privacy concerns over content uploaded by other users. As group photos and stories are shared by friends and family, personal privacy goes beyond the discretion of what a user uploads about himself and becomes an issue of what every network participant reveals. In this paper, we examine how the lack of joint privacy controls over content can inadvertently reveal sensitive information about a user including preferences, relationships, conversations, and photos. Specifically, we analyze Facebook to identify scenarios where conflicting privacy settings between friends will reveal information that at least one user intended remain private. By aggregating the information exposed in this manner, we demonstrate how a user's private attributes can be inferred from simply being listed as a friend or mentioned in a story. To mitigate this threat, we show how Facebook's privacy model can be adapted to enforce multi-party privacy. We present a proof of concept application built into Facebook that automatically ensures mutually acceptable privacy restrictions are enforced on group content.
UR - http://www.scopus.com/inward/record.url?scp=77955453680&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77955453680&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-14527-8_14
DO - 10.1007/978-3-642-14527-8_14
M3 - Conference contribution
AN - SCOPUS:77955453680
SN - 3642145264
SN - 9783642145261
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 236
EP - 252
BT - Privacy Enhancing Technologies - 10th International Symposium, PETS 2010, Proceedings
Y2 - 21 July 2010 through 23 July 2010
ER -