Collateral Damage of Online Social Network Applications

Iraklis Symeonidis, Pagona Tsormpatzoudi, Bart Preneel

Abstract

Third party application providers in Online Social Networks can collect personal data of users through their friends without the user’s awareness. In some cases, one or more application providers may own several applications and thus the same provider may collect an excessive amount of personal data, which creates a serious privacy risk. Previous research has developed methods to quantify privacy risks in Online Social Networks. However, most of the existing work does not focus on the issues of personal data disclosure via the user’s friends applications and application providers. The aim of this paper is to investigate the need for solutions that can compute privacy risk related to applications and application providers. In this work we perform a legal and technical analysis of the privacy threats stemming from the collection of personal data by third parties when applications are installed by the user’s friends. Particularly, we examine the case of Facebook as it is the most popular Online Social Network nowadays.

References

  1. 95/46/EC (Accessed April 15, 2015). Directive 95/46/ec of the european parliament and of the council. http://ec.europa.eu/justice/policies/privacy/docs/95- 46-ce/dir1995-46 part1 en.pdf.
  2. Bicz ók, G. and Chia, P. H. (2013). Interdependent privacy: Let me share your data. In Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers, pages 338-353.
  3. Boyd, D. and Ellison, N. (2008). Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication, 13(1).
  4. Chaabane, A., Ding, Y., Dey, R., Ali Kaafar, M., and Ross, K. (2014). A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information? In Passive and Active Measurement conference (2014), Los Angeles, Ótats-Unis. Springer.
  5. Chaabane, A., Kaafar, M. A., and Boreli, R. (2012). Big friend is watching you: Analyzing online social networks tracking capabilities. WOSN 7812, pages 7-12, New York, NY, USA. ACM.
  6. Chia, P. H., Yamamoto, Y., and Asokan, N. (2012). Is this app safe? A large scale study on application permissions and risk signals. In WWW, Lyon, France. ACM.
  7. Consumerreports (Accessed on Sept. 6, 2012). Facebook and your privacy: Who sees the data you share on the biggest social network? http://bit.ly/1lWhqWt.
  8. Diaz, C. and G ürses, S. (2012). Understanding the landscape of privacy technologies. Proc. of the Information Security Summit, pages 58-63.
  9. Enck, W., Gilbert, P., Chun, B., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. (2014). Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM, 57(3):99-106.
  10. Facebook (Accessed February 08, 2015). book privacy settings and 3rd https://developers.facebook.com/docs/graphapi/reference/user/.
  11. Frank, M., Dong, B., Felt, A., and Song, D. (2012). Mining permission request patterns from android and facebook applications. In ICDM, pages 870-875.
  12. FTC (Accessed February 08, 2015). FTC and Facebook agreement for 3rd parties wrt privacy settings. http://www.ftc.gov/sites/default/files/ documents/cases/2011/11/111129facebookagree.pdf.
  13. Huber, M., Mulazzani, M., Schrittwieser, S., and Weippl, E. R. (2013). Appinspect: large-scale evaluation of social networking apps. In Conference on Online Social Networks, COSN'13, Boston, MA, USA, October 7-8, 2013, pages 143-154.
  14. Krishnamurthy, B. and Wills, C. E. (2008). Characterizing privacy in online social networks. WOSN 7808, pages 37-42, New York, NY, USA. ACM.
  15. Liu, K. and Terzi, E. (2010). A framework for computing the privacy scores of users in online social networks. TKDD, 5(1):6.
  16. Maximilien, E. M., Grandison, T., Liu, K., Sun, T., Richardson, D., and Guo, S. (2009). Enabling privacy as a fundamental construct for social networks. In Proceedings IEEE CSE'09, 12th IEEE International Conference on Computational Science and Engineering, August 29-31, 2009, Vancouver, BC, Canada, pages 1015-1020.
  17. McCarthy, C. (Accessed Apr. 9, 2014). Understanding what Facebook apps really know (FAQ). http://cnet.co/1k85Fys.
  18. Minkus, T. and Memon, N. (2014). On a scale from 1 to 10, how private are you? Scoring Facebook privacy settings. In Proceedings of the Workshop on Usable Security (USEC 2014). Internet Society.
  19. Nebel, M., Buchmann, J., Ronagel, A., Shirazi, F., Simo, H., and Waidner, M. (2013). Personal information dashboard: Putting the individual back in control. Digital Enlightenment.
  20. Nepali, R. K. and Wang, Y. (2013). SONET: A social network model for privacy monitoring and ranking. In 33rd International Conference on Distributed Computing Systems Workshops (ICDCS 2013 Workshops), Philadelphia, PA, USA, 8-11 July, 2013, pages 162- 166.
  21. Ngoc, T. H., Echizen, I., Komei, K., and Yoshiura, H. (2010). New approach to quantification of privacy on social network sites. In Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on, pages 556-564. IEEE.
  22. Nicolás, N. M., Carmela, T., Pagona, T., Fanny, C., and Daniel, L. M. (Accessed May 04, 2015). “Deliverable 5.1 : State-of-play: Current practices and solutions.” FP7 PRIPARE project. http://pripareproject.eu/wpcontent/uploads/2013/11/D5.1.pdf.
  23. Parliament, E. (Accessed May 04, 2015). European parliament legislative resolution of 12 march 2014 on the proposal for a regulation. http://www.europarl.europa.eu/sides/getDoc.do? pbRef=-//EP//TEXT+TA+P7-TA-2014- 0212+0+DOC+XML+V0//EN.
  24. Pu, Y. and Grossklags, J. (2014). An economic model and simulation results of app adoption decisions on networks with interdependent privacy consequences. In Decision and Game Theory for Security - 5th International Conference, GameSec 2014, Los Angeles, CA, USA, November 6-7, 2014. Proceedings, pages 246- 265.
  25. Sánchez, D. and Viejo, A. (2015). Privacy risk assessment of textual publications in social networks. In Loiseau, S., Filipe, J., Duval, B., and van den Herik, H. J., editors, ICAART (1), pages 236-241. SciTePress.
  26. SBA-Research (Accessed Sept 09, 2015). Appinspect: A framework for automated security and privacy analysis of osn application ecosystems. http://ai.sbaresearch.org/.
  27. Statista (Accessed Sept 09, 2015). Leading social networks worldwide as of august 2015, ranked by number of active users (in millions). http://www.statista.com/statistics/272014/globalsocial-networks-ranked-by-number-of-users/.
  28. Sweeney, L. (2000). Simple demographics often identify people uniquely. Health (San Francisco), 671:1-34.
  29. Viejo, A. and Sánchez, D. (2015). Enforcing transparent access to private content in social networks by means of automatic sanitization. Expert Syst. Appl., 42(23):9366-9378.
  30. Wang, Y., Komanduri, S., Leon, P., Norcie, G., Acquisti, A., and Cranor, L. (2011). I regretted the minute I pressed share: A qualitative study of regrets on Facebook. In SOUPS.
Download


Paper Citation


in Harvard Style

Symeonidis I., Tsormpatzoudi P. and Preneel B. (2016). Collateral Damage of Online Social Network Applications . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 536-541. DOI: 10.5220/0005806705360541


in Bibtex Style

@conference{icissp16,
author={Iraklis Symeonidis and Pagona Tsormpatzoudi and Bart Preneel},
title={Collateral Damage of Online Social Network Applications},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={536-541},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005806705360541},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Collateral Damage of Online Social Network Applications
SN - 978-989-758-167-0
AU - Symeonidis I.
AU - Tsormpatzoudi P.
AU - Preneel B.
PY - 2016
SP - 536
EP - 541
DO - 10.5220/0005806705360541