Privacy issues in social media

Written by Davide Andreoletti, SUPSI

In this post we discuss some of the main privacy issues that characterize the use of social media. Since the topic is really broad, the aim is just to give an overview of the possible risks and make the reader aware of the fact that privacy and social network usability are two conflicting objectives.

A distinctive trait of the last decade is represented by the advent and widespread diffusion of social media platforms, being Facebook, Twitter and Instagram some of the most successful examples. The benefits that such platforms bring to the Internet community are countless, ranging from business-oriented ones (e.g., targeted advertisements) to the social-related ones. The latter, in particular, are the main novelty brought about by the use of social networks, which are commonly based on a friend/follower paradigm. Users have the possibility to join communities where they are expected to virtually meet people with similar interests, and they are invited to explicitly share what they like and desire.  

The smartphone revolution came with the proliferation of cheap and portable devices equipped with sensors (e.g., GPS and camera) that make the gathering of sensitive data much easier than in the past. The sharing of personal information is rooted in the general tendency that people have of talking about themselves, and it is exploited by social media providers. In fact, data have an incredible value in the information era, as already discussed in our post Information sharing and data breaches, and can be used to perform extensive market analysis. Moreover, users have the possibility to share even more sensitive information, such as their phone number and home address. A study[1] shows that the percentage of people providing detailed information is more than one may think. This phenomenon is a direct effect of the lack of awareness of the negative consequences of such behaviour. 

In light of the fact that personal data play a crucial role in the new economy, it is intuitive how many social media platforms explicitly encourage the sharing of pictures, videos and thoughts under the pretext of contributing to the development of the community. In fact, the invitation to online intimacy is presented as something positive, for example by proposing the question “What’s on your mind?” (Facebook) in the home page. This increases the feeling of users that someone is taking care of them[2], and might consequently be linked to persuasion techniques (for more details, see our post “What persuasion techniques are generally employed in phishing e-mails?”).

However, the other side of the coin is a general decrease of users’ privacy, as the sharing of personal data makes people more prone to effective profiling processes, either performed by the social media provider or by a malicious attacker who find potential victims on social media. For example, it has been shown in [3] that machine learning solutions can be effective in correctly recognizing a person from pictures, even when clothing, context and illumination have changed. This raises strong privacy concerns, as people are often tagged (and geo-tagged) by other users, and have few chances to intervene on contents owned by others. Thus, awareness methods might not suffice in such situation. 

Therefore, it seems that the effectiveness of social media platforms is based on the acceptance of a limited privacy. This is a particular application of a general theory about data usability and privacy[4]. In few words, the higher is the knowledge that can be extracted by the analysis of data, the higher will also be the benefits for who performs the analysis and the privacy leakage for who generates such data. Some social media sites (e.g., Facebook) allows to restrict the access to private contents to only some friends[5]. While being a desirable option, in practice it has been shown in a research[6] that adults users have more difficulties in understating privacy settings than young users, and its application is consequently limited.  The collection of private data on social networks can be very easy. It is possible, for example, to buy up to 1 million real Facebook identities for as few as 5$[7]. Such data include name, surname and Facebook URLs, and can be used as a first step to conduct more dangerous identity theft, with passwords, credit card numbers and more information that risk to be disclosed.   

As the use of social media is expected to further grow in the future, it is desirable that their providers adopt privacy settings that are more intuitive and easy to tune. A special role is played by users, who are invited to limit as much as possible the sharing of personal information (e.g., plans of trips and pictures with geo-localization data). DOGANA especially focuses on education of employees, with an extensive study of new awareness methodologies aimed at efficiently training the final users.

 

[1] Fogel, Joshua, and Elham Nehmad. "Internet social network communities: Risk taking, trust, and privacy concerns." Computers in human behavior 25.1 (2009): 153-160.

[2] http://blogs.lse.ac.uk/parenting4digitalfuture/2016/05/05/elisabeth-staksrud-privacy-issues-in-social-networking-please-share-because-we-care/

[3] Oh, Seong Joon, et al. "Faceless person recognition: Privacy implications in social media." European Conference on Computer Vision. Springer International Publishing, 2016.

[4] Sankar, Lalitha, S. Raj Rajagopalan, and H. Vincent Poor. "A theory of utility and privacy of data sources." Information Theory Proceedings (ISIT), 2010 IEEE International Symposium on. IEEE, 2010.

[5] http://www.huffingtonpost.com/sam-cohen/privacy-risk-with-social-_b_13006700.html

[6] P. B. Brandtzg, M. Lders, and J. H. Skjetne, “Too many facebook friends? content sharing and sociability versus the need for privacy

in social network sites,” International Journal of HumanComputer Interaction, vol. 26, no. 11-12, pp. 1006–1030, 2010. [Online]. Available: http://dx.doi.org/10.1080/10447318.2010.516719

[7] http://talkweb.eu/i-just-bought-more-than-1-million-facebook-data-entries-omg/

 

by Davide Andreoletti (SUPSI)

 




This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618

 

      

 

PHISHING WARS
The DOGANA phishing videogame

Want to try it?
Read more here and contact us

 

DOGANA CARDS GAME
Phishing: awareness through play

Want to try it?
Read more here and contact us

 

Contraband pixels and texts
Read all about our liteary-graphic competition on phishing and social engineering

All the pictures and novels