Online social networks support a vibrant ecosystem of third-party apps that get access to personal information of a large number of users. Despite several recent high-profile incidents, methods to systematically detect data misuse by third-party apps on online social networks are lacking. We propose CanaryTrap to detect misuse of data shared with third-party apps. CanaryTrap associates a honeytoken to a user account and then monitors its unrecognized use via different channels after sharing it with the third-party app. We design and implement CanaryTrap to investigate misuse of data shared with third-party apps on Facebook. Specifically, we share the email address associated with a Facebook account as a honeytoken by installing a third-party app. We then monitor the received emails and use Facebook’s ad transparency tool to detect any unrecognized use of the shared honeytoken. Our deployment of CanaryTrap to monitor 1,024 Facebook apps has uncovered multiple cases of misuse of data shared with third-party apps on Facebook including ransomware, spam, and targeted advertising.
Reddit has found its communities playing a prominent role in originating and propagating problematic sociopolitical discourse. Reddit administrators have generally struggled to prevent or contain such discourse for several reasons including: (1) the inability for a handful of human administrators to track and react to millions of posts and comments per day and (2) fear of backlash as a consequence of administrative decisions to ban or quarantine hateful communities. Consequently, administrative actions (community bans and quarantines) are often taken only when problematic discourse within a community spills over into the real world with serious consequences. In this paper, we investigate the feasibility of deploying tools to proactively identify problematic communities on Reddit. Proactive identification strategies show promise for three reasons: (1) they have potential to reduce the manual efforts required to track communities for problematic content, (2) they give administrators a scientific rationale to back their decisions and interventions, and (3) they facilitate early and more nuanced interventions (than banning or quarantining) to mitigate problematic discourse.
Data sharing between online trackers and advertisers is a key component in online behavioral advertising. This sharing can be facilitated through a variety of processes, including those not observable to the user’s browser. The unobservability of these processes limits the ability of researchers and auditors seeking to verify compliance with recent regulations (e.g., CCPA and CDPA) which require complete disclosure of data sharing partners. Unfortunately, the applicability of existing techniques to make inferences about unobservable data sharing relationships is limited due to their dependence on protocol- or case-specific artifacts of the online behavioral advertising ecosystem (e.g., they work only when client-side header bidding is used for ad delivery or when advertisers perform ad retargeting). As behavioral advertising technologies continue to evolve rapidly, the availability of these artifacts and the effectiveness of transparency solutions dependent on them remain ephemeral. In this paper, we propose a generalizable technique, called ATOM, to infer data sharing relationships between online trackers and advertisers. ATOM is different from prior approaches in that it is universally applicable — i.e., independent of ad delivery protocols or availability of artifacts. ATOM leverages the insight that by the very nature of behavioral advertising, ad creatives themselves can be used to infer data sharing between trackers and advertisers — after all, the topics and brands showcased in an ad are dependent on the data available to the advertiser. Therefore, by selectively blocking trackers and monitoring changes in the characteristics of ad creatives delivered by advertisers, ATOM is able to identify data sharing relationships between trackers and advertisers. The relationships discovered by our implementation of ATOM include those not found using prior approaches and are validated by external sources.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.