Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal data shared online. Privacy control mechanisms have been deployed in popular OSNs for users to determine who can view their personal information. However, user's sensitive information could still be leaked even when privacy rules are properly configured. We investigate the effectiveness of privacy control mechanisms against privacy leakage from the perspective of information flow. Our analysis reveals that the existing privacy control mechanisms do not protect the flow of personal information effectively. By examining representative OSNs including Facebook, Google+, and Twitter, we discover a series of privacy exploits. We find that most of these exploits are inherent due to the conflicts between privacy control and OSN functionalities. The conflicts reveal that the effectiveness of privacy control may not be guaranteed as most OSN users expect. We provide remedies for OSN users to mitigate the risk of involuntary information leakage in OSNs. Finally, we discuss the costs and implications of resolving the privacy exploits.
Information flow, Inherent exploit, Online social network, Privacy control, Private information leakage
Computers and Security
LI, Yan; Yingjiu LI; YAN, Qiang; and DENG, Robert H..
Privacy leakage analysis in online social networks. (2015). Computers and Security. 49, 239-254. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/2806
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.