Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Privacy settings in social networking systems: what you cannot control
Masoumzadeh A., Joshi J.  ASIA CCS 2013 (Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China, May 8-10, 2013)149-154.2013.Type:Proceedings
Date Reviewed: Dec 9 2013

Privacy issues in social networking systems (SNSs) can be complex. For example, on Facebook, privacy issues may include whether users should be able to specify who can discover their friends; who can learn which posts they “like”; and who can see their individual posts.

The current privacy settings of SNSs, especially Facebook, are not clearly described to users. Networks sometimes change policies without informing users. Furthermore, the policies typically do not enable users to protect their privacy.

This paper proposes an approach to formally reason about the completeness of privacy control policies. The notion of completeness ensures that every piece of user information can be protected. The authors use OWL, a web ontology language, to model SNS information as a set of users, digital objects, and data values that are related to each other by relationships. The sensitive information that needs to be protected is then represented as properties between two individuals or between an individual and a data value. The owners of each endpoint of each property are eligible to define a privacy policy for that property. Permissions are then defined by a set of protected resources and the corresponding action(s).

The paper describes a model of concepts and properties for Facebook and gives several examples of privacy control permissions for it. System permissions in Facebook are also presented using the notation described. The ideal control properties should be able to control relationships about the user. These include properties that directly relate to the user and properties that relate to some digital objects owned by the user. Facebook clearly does not satisfy this requirement.

Using the model, the authors are able to identify missing permissions in Facebook, including: “Who can see that I have tagged someone?” “Who can see that I have liked something?” “Who can see my comment on someone else’s post?” and “Who can see if I am friends with someone?” These show the importance of formal reasoning about complex privacy situations.
Reviewer:  G. K. Gupta Review #: CR141792 (1402-0175)
Bookmark and Share
 
Privacy (K.4.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Privacy": Date
Handbook of personal data protection
Madsen W., Stockton Press, New York, NY, 1992. Type: Book (9780333569207)		 Nov 1 1993
Privacy and security issues in information systems
Turn R., Ware W., Wadsworth Publ. Co., Belmont, CA, 1985. Type: Book (9780534042578)		 Nov 1 1985
Data bases
Burnham D., Wadsworth Publ. Co., Belmont, CA, 1985. Type: Book (9780534042578)		 Nov 1 1985
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy