2020
DOI: 10.2478/popets-2020-0076
|View full text |Cite
|
Sign up to set email alerts
|

CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks

Abstract: Online social networks support a vibrant ecosystem of third-party apps that get access to personal information of a large number of users. Despite several recent high-profile incidents, methods to systematically detect data misuse by third-party apps on online social networks are lacking. We propose CanaryTrap to detect misuse of data shared with third-party apps. CanaryTrap associates a honeytoken to a user account and then monitors its unrecognized use via different channels after sharing it with the third-p… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
11
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 9 publications
(13 citation statements)
references
References 29 publications
0
11
0
Order By: Relevance
“…Researchers consistently demonstrate privacy eroding techniques deployed in the wild [15][16][17][18][19] motivated by online advertising business models [32]. Personal data is leaked via social networks [33], third-party web scripts [34], apps [35], software development kits [36], and organizational breaches [37]. The scale of tracking motivate re-designing systems to provide privacy guarantees.…”
Section: Privacy Practicesmentioning
confidence: 99%
“…Researchers consistently demonstrate privacy eroding techniques deployed in the wild [15][16][17][18][19] motivated by online advertising business models [32]. Personal data is leaked via social networks [33], third-party web scripts [34], apps [35], software development kits [36], and organizational breaches [37]. The scale of tracking motivate re-designing systems to provide privacy guarantees.…”
Section: Privacy Practicesmentioning
confidence: 99%
“…unused-apps (44), new-apps-with-access (22), what-datais-accessible ( 16), do-not-remember-authorizing (12), permissions (10), how-much-access-allowed (8), accidentallyadded (7), necessary-permissions-only (7), unfamiliar-apps (6), account-login (4), privacy (4), permissions-changed (4), how-long-access (3), suspicious-apps (3), unauthorizedapps (2), most-used (2), all (1), unauthorized-permissions (1), unnecessary-access (1), specific-app (1), full-accountaccess (1)…”
Section: Qualitative Codebookmentioning
confidence: 99%
“…• unknowns (92) information-access (35), use-of-information (15), howdata-used (10), no-unwanted-email (7), what-permissionallows ( 6), do-they-keep-information (3), email-access (3), why-access-needed (3), why-permissions-necessary (2), why-information-needed (2), who-can-access-data (2), associated-with-personal-info (2), payments (1), can-idelete-my-data (1), google-guideline-enforcement (1), willit-notify-on-data-delete (1), how-long-data-stored (1)…”
Section: Qualitative Codebookmentioning
confidence: 99%
See 1 more Smart Citation
“…If sharing personal data can be of benefit in principle, it can also become a problem when the transferred data is used for purposes that go against its owners, a situation that appears when some data consumers perform activities with information from unwilling individuals, in what is known as personal data misuse. This is a huge problem even today, despite previous attention -research conducted in 2020 shows that data misuse, such as by ransomware or spam, still exists in Facebook even after the Cambridge Analytica scandal [12].…”
Section: Gentrification Of Personal Datamentioning
confidence: 99%