A user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that third parties can potentially infer personally identifiable information (PII) based on information shared by users' OSN friends if sufficient information is accessible. However, when considering how privacy settings have been adjusted since then, it is unclear which attributes can still be predicted this way. In this paper, we present an empirical study on PII of Facebook users and their friends. We show that certain pieces of PII can easily be inferred. In contrast, other attributes are rarely made publicly available and/or correlate too little so that not enough information is revealed for intruding user privacy. For this study, we analyzed more than 1.2 million OSN profiles in a compliant manner to investigate the privacy risk due to attribute prediction by third parties. The data shown in this paper provides the basis for acting in a risk aware fashion in OSNs.
Abstract.The risk involved when users publish information, which becomes available to an unintentional broad audience via online social networks is evident. It is especially difficult for users of social networks to determine who will get the information before it is shared. Moreover, it is impossible to monitor data flows or to control the access to personal data after sharing the information. In contrast to enterprise identity management systems, in which provider-engineered processes control the access to and flow of data, the users of social networks themselves are responsible for information management. Consequently, privacy requirements have become important so that users can control the flow of their personal data across social networks and beyond. In particular, this kind of userbased information management should provide the capability to control data flows in a proactive manner, as well as reactive components to monitor the proliferation of data. In this conceptual paper, we motivate the necessity of a dedicated user-based information management on the basis of studies that we conducted on information that users share publicly in online social networks. Moreover, we outline the building blocks of user-based information management on the basis of existing approaches, which support users in managing data flows and an investigation that we did on the linkability of social network profiles. Furthermore, we contrast user-based information management with our experiences in developing and operating federated identity management services at the Karlsruhe Institute of Technology (KIT).
MotivationToday's users of online social networks (OSNs) are often unduly generous in sharing personally identifiable information (PII) via their OSN profiles. This fact is confirmed by the results of recent studies that we carried out [15], [14], as well as by many other previous investigations (e.g., [7], [16], [13]).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.