Inferring privacy policies for social networking services

  title={Inferring privacy policies for social networking services},
  author={George Danezis},
  booktitle={AISec '09},
  • G. Danezis
  • Published in AISec '09 2009
  • Computer Science
Social networking sites have come under criticism for their poor privacy protection track record. Yet, there is an inherent difficulty in deciding which principals should have access to user's information or actions, without requiring them to constantly manage their privacy settings. We propose to extract automatically such privacy settings, based on the policy that information produced within a social context should remain in that social context, both to ensure privacy as well as maximising… Expand

Figures and Topics from this paper

UPPC: A Flexible User Privacy Policy for Social Networking Services
Social networking services are having a major impact on people’s daily lives. Ordinary users have taken these social networking facilities as basis for their businesses and for keeping track of theirExpand
Privacy Protection in Social Networking Services
As social networking services become increasingly popular, more and more attacks against users’ private information are reported. As a result, privacy protection becomes an important concern amongExpand
Inferring Unknown Privacy Control Policies in a Social Networking System
This paper proposes an approach to infer the enforced privacy control policy by an SNS and consequently the unknown policies to the user given the explicit privacy settings and other policies communicated to the users by the SNS. Expand
Privacy wizards for social networking sites
A template for the design of a social networking privacy wizard based on an active learning paradigm called uncertainty sampling, which is able to recommend high-accuracy privacy settings using less user input than existing policy-specification tools. Expand
Semantics-Enhanced Privacy Recommendation for Social Networking Sites
An intelligent semantics-based privacy configuration system, named SPAC, to automatically recommend privacy settings for SNS users, which learns users' privacy configuration patterns and makes predictions by utilizing machine learning techniques on users' profiles and privacy setting history. Expand
Detecting privacy preferences from online social footprints: a literature review
Providing personalized content can be of great value to both users and vendors. However, effective personalization hinges on collecting large amounts of personal data about users. With theExpand
UPP+: A Flexible User Privacy Policy for Social Networking Services
This paper presents a privacy policy model—UPP+—for enhancing privacy and security for ordinary users and uses the Alloy language to formalize the model and the Alloy Analyzer to check for any inconsistencies. Expand
Prevent user Data in Social Network using Access Control Strategy
As the wide-acceptance of social networks expands, the information users expose to the public has potentially dangerous implications for individual privacy. While social networks allow users toExpand
Empowering Evolving Social Network Users with Privacy Rights
A comprehensive and novel reference conceptual model for privacy in constantly evolving social networks is proposed and its novelty is established by briefly contrasting it with contemporary research. Expand
On the Use of Formal Methods to Enforce Privacy-Aware Social Networking
This chapter discusses the use of formal techniques and formal verification tools to ensure privacy-aware social networking; hence users of social-networking sites can predict what the consequencesExpand


Privacy suites: shared privacy for social networks
A new paradigm is proposed which allows users to easily choose "suites" of privacy settings which have been specified by friends or trusted experts, only modifying them if they wish, which could dramatically increase the privacy protection that most users experience with minimal time investment. Expand
The Privacy Jungle: On the Market for Data Protection in Social Networks
The market for privacy in social networks is dysfunctional in that there is significant variation in sites’ privacy controls, data collection requirements, and legal privacy policies, but this is not effectively conveyed to users. Expand
Prying Data out of a Social Network
This work examines the difficulty of collecting profile and graph information from the popular social networking website Facebook and describes several novel ways in which data can be extracted by third parties, and demonstrates the efficiency of these methods on crawled data. Expand
Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook
It is found that an individual's privacy concerns are only a weak predictor of his membership to the Facebook, and also privacy concerned individuals join the network and reveal great amounts of personal information. Expand
Privacy and contextual integrity: framework and applications
This work formalizes some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. Expand
Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon
  • B. Pfitzmann
  • Computer Science
  • Privacy Enhancing Technologies
  • 2003
An analysis of the Liberty Alliance’s specifications for single signon of users across a federation of enterprises demonstrates that identity-management policies are non-trivial even in a limited context. Expand
Privacy stories: confidence in privacy behaviors through end user programming
This work makes use of analytical usability techniques to discuss the usability challenges of the current Facebook interface and to inform the design of the proposed alternative, which is described as a work in progress. Expand
Trust Negotiation in Identity Management
The authors show how federated identity management systems can better protect users' information when integrated with trust negotiation and serve as the basic context for determining suitable solutions to this issue. Expand
Auditing Compliance with a Hippocratic Database
An auditing framework for determining whether a database system is adhering to its data disclosure policies and the algorithms and data structures used in a DB2-based implementation of this framework are described. Expand
An analysis of security and privacy issues relating to RFID enabled ePassports
An interdisciplinary approach to the key security and privacy issues arising from the use of ePassports is taken and how European data protection legislation must be respected and what additional security measures must be integrated in order to safeguard the privacy of the EU ePassport holder is analyzed. Expand