Publication Type

Journal Article

Version

publishedVersion

Publication Date

3-2015

Abstract

Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal data shared online. Privacy control mechanisms have been deployed in popular OSNs for users to determine who can view their personal information. However, user's sensitive information could still be leaked even when privacy rules are properly configured. We investigate the effectiveness of privacy control mechanisms against privacy leakage from the perspective of information flow. Our analysis reveals that the existing privacy control mechanisms do not protect the flow of personal information effectively. By examining representative OSNs including Facebook, Google+, and Twitter, we discover a series of privacy exploits. We find that most of these exploits are inherent due to the conflicts between privacy control and OSN functionalities. The conflicts reveal that the effectiveness of privacy control may not be guaranteed as most OSN users expect. We provide remedies for OSN users to mitigate the risk of involuntary information leakage in OSNs. Finally, we discuss the costs and implications of resolving the privacy exploits.

Keywords

Information flow, Inherent exploit, Online social network, Privacy control, Private information leakage

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computers and Security

Volume

49

First Page

239

Last Page

254

ISSN

0167-4048

Identifier

10.1016/j.cose.2014.10.012

Publisher

Elsevier

Additional URL

http://doi.org/10.1016/j.cose.2014.10.012

Download

Share

COinS