Information about http://seclab.cs.rice.edu/w2sp/2008/papers/sp5.pdf
Towards Privacy Propagation in the Social Web …
Tags: almaden research center, artifacts, business users, case web, force users, google, grandison, hubs, ibm almaden research center, information policies, maximilien, networking applications, privacy settings, programmable web, san jose ca, social networking, social networks, social web, web application, web applications,Pages: 2
Language: english
Created: Tue Apr 29 15:16:52 2008
Display cached document
Page 1
Page 2
Towards Privacy Propagation in the Social Web
Tyrone Grandison, E. Michael Maximilien
IBM Almaden Research Center, San Jose, CA 95120, USA
The Social Web is one of the dominant aspects in a their usage, it also means that these artifacts are
broader movement towards a programmable Web. A becoming more difficult for the regular user to grasp
consequence of using the Web as a social substrate and carefully consider. The success of social
is that increasingly Web applications elicit and expose applications has created an opportunity to reconsider
information that have various levels of sensitivity. how privacy settings and data should be configured,
Social data allows the creation of applications that are propagated, as well as potentially shared and reused.
increasingly becoming vital to business users as well
as individuals wanting to maintain connections with 2. Background
the social networks that they form. However, while
social networking applications are increasingly Privacy settings have appeared in various forms in
becoming key hubs for our day to day interactions Web applications [1, 2]. We can broadly categorize
with the Web and colleagues, they are also them as mandatory or discretionary. In the
increasingly creating a nightmare in terms of mandatory case, Web applications force users to
management of the privacy settings to protect the accept the terms of service specified in their privacy
ever increasing mountain of social information. policies. Google's search engine is an example of a
Web application that employs this approach. End
1. Introduction users have no control over privacy settings; they
either can accept the policy, and its associated
The Web has transformed into a programmable privacy provisions, or decide not to use the service.
platform. One of the main classes of applications that
has resulted from this shift are social applications. In newer Web applications and services, due to the
These applications allow people to create connections increased amount of personal data exposed, more
to others, thereby creating a graph of human control over the disclosure and usage of information is
relationships. Nowadays, Web applications given to the user. That is, end-users have greater
increasingly expose data and functions as application- flexibility in configuring their privacy settings. This
programming interfaces (APIs), which allow the gives the end-users choices as to how much
creation of new applications made up of combinations information they are willing to share.
of the data, functions, and user interfaces (aka While the discretionary approach seems to be the
mashups). preferred one, it leads to a combinatorial explosion of
Indeed, mashups have accelerated the move towards possible policies and therefore to end-user confusion
a programmable Web and are increasingly showing and frustration. The Facebook application platform is
up as components of a multitude of Web applications. an example of a more discretionary approach and
This is leading to the creation of platforms for hosting OpenSocial is an hybrid (or open) approach, since it
Web applications components as mashups or widgets requires privacy features, but leaves the details of the
or gadgets. The Facebook application platform is an privacy approach to the social application
exemplar of such a platform. It already counts development team or OpenSocial container provider.
hundreds of millions of users and thousands of
applications. Another example of this trend is 3. Problems
OpenSocial (http://code.google.com/apis/opensocial/),
We broadly categorize the current problems in the
which promises to enable social features and portable
Social Web privacy space into three general
social graphs and social applications into any Web
categories:
site.
1. Data partitioning - how should the user's data be
While it is an exciting time to be a Web user or Web
partitioned into exchangeable granular pieces?
developer, it is also a scary proposition. Not only is
This needs to reflect aspects of the data that are
Web data increasingly sensitive, it also represents a
used by end-users as well as applications. For
clearer mirror of real life data. Additionally, this
instance, what are the grouping of profile data
sensitive data is also becoming sharable and
which would correspond to the data that a user
reusable as part of APIs, mashups, and social
would like her friend to see as opposed to
platforms. An important implication of this side effect
members of her network.
is that users should pay careful attention to privacy
capabilities and settings of Web applications.
However, due to the plethora of sensitive data and
2. Privacy settings - what level of granularity is techniques, e.g. a Facebook user stipulating that
required for privacy settings? The settings must "Person X can find me in searches as ALIAS".
allow:
4.2 Intra-Social-Network versus Inter-Social-
a. partitioning - grouping of the settings to Network
minimize user decisions
For a specific social network, assuming a standard
b. elicitation - facilitate user decisions privacy model and propagation mechanism is a
c. communication - exchanging the settings in an perfectly reasonable assumption. This means that
manner that is not ambiguous. This is within that space (intra-social-network), propagation
especially important for communication of of privacy settings can proceed unfettered. However,
settings amongst applications. as society moves to social application platforms like
OpenSocial, then either all the participants in the
3. Management - how are privacy settings and data
initiative must agree upon the notion of privacy and its
managed? This involves: propagation or each application can implement its
a. monitoring - data and settings changes own mechanism and the platform has to evolve to
handle interaction between the different systems, i.e.,
b. enforcement - how are settings decisions
privacy model integration.
enforced across application containers?
c. sharing - how are settings shared amongst 4.3 Selective Bootstrapping
users of a group, networks, or friends? One may want to be selective, as your trust in the
Our categorization of problems is preliminary. judgment of everyone in the network may not be
However, we believe they are broad enough to cover equal, with respect to all things. You may want to
the new issues specific to social applications. segment who you trust to influence your privacy
settings. This could be done based on the network
4 The Model they are in (e.g., you may only want your Silicon
Valley friends' input when joining the San Jose
As mentioned before, the explosion of applications Entrepreneurs' Group), your level of trust in them
and features and the commoditization and (e.g., you may only require help from highly-trusted
standardization of social application functionality friends) or some other criteria.
means that there will be a lot more privacy questions
that the end-user must answer. As with all things that 5 Related Work
require human interaction, if the complexity of the task
exceeds a certain threshold, then the task will be While the literature on privacy for the Web has grown
mostly ignored or eliminated (in this case, turned off over the years, there are very few related works
or set to the default setting). around the propagation of privacy settings and
elections in social networks or social graphs.
In an effort to prevent privacy controls in social
applications becoming irrelevant, either because they 6 Call to Action
are too difficult to manage or too intricate to grasp, we
believe that a model that enables the propagation of We believe that the time is ripe for the privacy
privacy settings based on the settings in ones research community to start addressing privacy
personal network(s) should be defined. This model is support in social networks and graphs. Traditional
a decision-support tool that allows a user to define privacy research never looked at how a user's privacy
base privacy settings. However, the user may settings and elections are affected or can take
customize her settings in whatever way she desires. advantage of the groups that the user belongs to. In
real life, a lot of a person's decisions for privacy is
Our examination of the privacy capabilities in made based on the relationships that the user has
Facebook highlighted several features that the model with organizations, as well as other individuals. We
should accommodate. believe that on the Social Web the same will be true
4.1 Rich Core Constructs and privacy propagation approaches will help
untangle the privacy settings overload that we are
An assertion such as "I want person X, who is not a increasingly creating.
friend and who I have messaged or poked, to only
see the Basic info section of my profile" highlights the References
need for entity qualification. Secondly, given the
event-driven nature of social networks, performance [1] W3C, Platform for Privacy Preferences,
of particular actions may be dependent upon the prior http://www.w3c.org/P3P
execution of some task or may invoke another action [2] W3C, Enterprise Privacy Authorization Language
upon successful execution. Finally, the need to offer (EPAL 1.2)
limited (and possibly transformed) functionality may http://www.w3.org/Submission/2003/SUBM-EPAL-
necessitate the inclusion of pseudonymization 20031110/