D IRECTIONS FOR R AISING P RIVACY A WARENESS IN SNS P LATFORMS Konstantina Vemou, Maria Karyda,...
-
Upload
merilyn-cameron -
Category
Documents
-
view
215 -
download
0
Transcript of D IRECTIONS FOR R AISING P RIVACY A WARENESS IN SNS P LATFORMS Konstantina Vemou, Maria Karyda,...
DIRECTIONS FOR RAISING PRIVACY AWARENESS IN SNS PLATFORMS
Konstantina Vemou, Maria Karyda, Spyros Kokolakis
18th Panhellenic Conference on Informatics Athens, 2-4 October 2014.
Department of Information and Communication Systems Engineering, University of the Aegean
Introduction – Privacy Paradox
Contents
Privacy Awareness Goals
Research Question– Method of Research
Analyzing Current Awareness Practices
Directions for Raising Privacy Awareness
Further Research
Questions
Introduction – Privacy Paradox (1/2)
Privacy risks
Privacy concerns
Illusion of privacy
Exposure toprivacy risks
Introduction – Privacy Paradox (2/2)
Privacy risks
Privacy concerns
Illusion of privacy
PRIVACY AWARENESS
X
Privacy Awareness Goals
PROBLEM: Limited use of awareness tools and practices
Show privacy risks
Show sources of privacy risks
Propose actions the user can take to protect their privacy
Several tools have been proposed (privacy mirrors, privacy wizards, personal containers, privacy signaling, etc)
Research Question – Method of Research
How can embedded
SNS awareness practices be improved ?
Literature review
Identify and analyze currently employed privacy practices
Evaluate effectiveness
Provide Guidance
1
2
3
4
Analyzing Current Awareness Practices (1/6)
Links at the end of the sign up form and the footer of the webpage
Terms of use and privacy policies
Links under the sign-up button, preselected, optional
Rare notifications on terms of use changes
Offer clear notifications on any changes in TOS
Analyzing Current Awareness Practices (2/6)
Functionality to create groups of friends/ Audience Segregation
Audience management and visualization
Some still offer Private (all friends) vs Public view
“View As” mirroring tool
Statistics, report visitors-viewed info, visualization of networks
Analyzing Current Awareness Practices (3/6)
Application permissions presented prior to installation
Third-Parties Access
List of installed applications in no predefined place
Transitive access controls
List of other parties granted access and purpose,
Block transitive access controls in applications,Application center in the privacy settings,
Report of accessed data by each application
Analyzing Current Awareness Practices (4/6)
Log of profile owner activities
Activity Logs
No presentation of activities’ relation to privacy risks
No predefined place in the user interface
Organization of activity logs under privacy settings,
Logs of accessed pieces of information
Analyzing Current Awareness Practices (5/6)
Functionality to notify via e-mail or SMS on certain activities, e.g. tags, mentions
Notifications
Notifications only to some changes of T.O.S..
Notifications via e-mail selected by default,Notification when a user accesses the profile
Analyzing Current Awareness Practices (6/6)
Download files of collected data
Access to recorded data
Vague Description of types of collected data in the privacy policy
Process to access all collected data,Process to request correction or deletion of
data
Diversity of awareness methods (no standards for embedded practices)
Need for organization in the user interface (simple menu in privacy settings)
Need to provide a list of entities accessing information
Poor presentation for risk-risk sources combination
Unexploited new technologies (e.g. privacy signaling)
Directions for Raising Privacy Awareness
Further Research
Analyze the actual use of privacy awareness tools
Evaluate the effectiveness of privacy awareness tools
Use as input to design of privacy awareness practices for SNS
Analyze
Evaluate
Use
Questions