MultiParty Privacy Risks in Social Networks Kurt Thomas Chris Grier David M Nicol Problem Social networks propelled by personal content Upload stories photos disclose relationships Access control limited to owners ID: 432091
Download Presentation The PPT/PDF document "unFriendly" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
unFriendly: Multi-Party Privacy Risks in Social Networks
Kurt Thomas, Chris Grier,
David M.
NicolSlide2
Problem
Social networks propelled by personal content
Upload stories, photos; disclose relationships
Access control limited to ownersContent can reference multiple partiesDistinct privacy requirements for each partyCurrently, only one policy enforcedFriends, family inadvertently leak sensitive information
2Slide3
Consequences
One photo or message leaked may be harmless..
Aggregate stories, friends, photos form a composite
Can infer personal data from these public referencesWeighted by perceived importance of relationshipsIn practice, can predict personal attributes with up to 83% accuracyDirectly tied to amount, richness of exposed dataI
ndependent of existing privacy controls
3Slide4
Solution
Adapt privacy controls:
Grant users control over all personal references, regardless where it appears
Includes tags, mentions, linksAllow users to specify global privacy settingsPrototype solution as a Facebook applicationSatisfies privacy requirements of all users referenced
Determines mutually acceptable audience; restricts access to everyone else
4Slide5
Overview
Existing privacy controls
Sources of conflicting requirements
Inferring personal details from leaksInference performanceDevising a solutionConclusion5Slide6
Existing Controls
Everyone
Friends of Friends
Only Friends
Friend
List
Wall Posts
Personal Details
Photos, Videos
6Slide7
Privacy Conflict
Social networks recognize only one owner
But data can pertain to multiple users
Each user has potentially distinct privacy requirementPrivacy Conflict:When two or more users disagree on data’s audienceResults in data exposed against a user’s will7Slide8
Privacy Conflict – Friendships
Privacy
Requirement:
Hide sensitive relationshipsPrivacy Conflict: Alice reveals her friendsLink between Alice-Bob revealed by Alice
8Slide9
Privacy Conflict – Wall Posts
Privacy Requirement:
Control audience of post
Privacy Conflict: Anything posted to Alice’s wall is publicContent written by Bob exposed by Alice
9
Bob > Alice:
Just broke
up with
Carol..Slide10
Privacy Conflict – Tagging
Privacy Requirement:
Hide sensitive posts
Privacy Conflict: Alice shares her postsDetails about Bob exposed by Alice
10
Alice:
Skipping work with
@
Bob
!Slide11
Aggregating Leaked Data
Threat model:
Adversary crawls entire social network
Collects all public references to a user; messages, friendships, tagged contentFeasible for search engines, marketers, political groupsExposure SetAll public information in conflict with a user’s privacy requirement
11Slide12
Inferring Personal Details
Given exposure set, analyze whether leaks create an accurate composite of user
A
ttempt to predict 8 values from exposure set:Personal: Gender, religion, political view, relation statusMedia: Favorite books, TV shows, movies, musicCompare predictions to scenario where no privacy conflict exists
12Slide13
Inference Approaches
Friendships:
Base predictions on attributes of friends
Users with liberal, Catholic friends who like Twilight tend to be…Weight relationships on perceived importance; distinguish strong friends from acquaintancesFrequency of communicationMutual friends; communityFeed vector of attributes, weights into multinomial logistic regression
13Slide14
Inference Approaches
Wall Content:
Base prediction on content written by private user, posted to public walls
A user who talks about sports, girlfriends, and cars tends to be …Treat content as bag of words, weight terms based on TF-IDFFeed vector of words into multinomial logistic regression
14Slide15
Experiment Setup
Analyze inference accuracy on 80,000
Facebook
profiles40,000 profiles from 2 distinct networksCollect all references to a user appearing in public profiles, walls, friend listsSimulate private profilesUsed values reported in public profile as ground truthCompare prediction against ground truth
15Slide16
Frequency Data is Exposed
16
Statistic
Network A
Network B
Profiles in data set
42,796
40,544
Fraction of profiles public
44%
35%
Avg.
# relationships per profile
in exposure set
42
23Avg. # wall posts per profilein exposure set5343Slide17
Prediction Accuracy
17Slide18
More Conflicts, Better Accuracy
18Slide19
Improving Privacy
Privacy must extend beyond single-owner model
Tags, links, mentions can reference multiple users
Rely on these existing features to distinguish who is at riskAllow each user to specify global privacy policyEnforce policy on all personal content, regardless page it appears19Slide20
Enforcing Multi-Party Privacy
20
Alice:
Looks like
@Bob
and
@Carol
are done for!
Individual Policies
U1
U2
U3
U4
U5
U6Alice
Bob
Carol
Mutual Policy
Slide21
Limitations
In absence of mutual friends, safe set of viewers
tends towards empty set
Assume friends will consent to not sharing with wider audienceContent must be tagged; no other way to distinguish privacy-affected partiesCensorship; prevents negative speech
21Slide22
Conclusion
Privacy goes beyond one person’s expectations
All parties affected must have a say
Existing model lacks multi-party supportReferences to other users are commonOutside their controlAggregate exposed data contains sensitive featuresPredictions will only get betterBy adopting multi-party privacy, can return control back to users
22Slide23
Questions?
23Slide24
Correlated Features Among Friends
24Slide25
Importance of Mutual Friends
25Slide26
Importance of Frequent Communication
26