DIRECTIONS FOR RAISING PRIVACY AWARENESS IN SNS PLATFORMS

Konstantina Vemou, Maria Karyda, Spyros Kokolakis

18th Panhellenic Conference on Informatics Athens, 2-4 October 2014.

Department of Information and Communication Systems Engineering, University of the Aegean

Introduction – Privacy Paradox

Contents

Privacy Awareness Goals

Research Question– Method of Research

Analyzing Current Awareness Practices

Directions for Raising Privacy Awareness

Further Research

Questions

Introduction – Privacy Paradox (1/2)

Privacy risks

Privacy concerns

Illusion of privacy

Exposure toprivacy risks

Introduction – Privacy Paradox (2/2)

Privacy risks

Privacy concerns

Illusion of privacy

PRIVACY AWARENESS

X

Privacy Awareness Goals

PROBLEM: Limited use of awareness tools and practices

Show privacy risks

Show sources of privacy risks

Propose actions the user can take to protect their privacy

Several tools have been proposed (privacy mirrors, privacy wizards, personal containers, privacy signaling, etc)

Research Question – Method of Research

How can embedded

SNS awareness practices be improved ?

Literature review

Identify and analyze currently employed privacy practices

Evaluate effectiveness

Provide Guidance

1

2

3

4

Analyzing Current Awareness Practices (1/6)

Links at the end of the sign up form and the footer of the webpage

Terms of use and privacy policies

Links under the sign-up button, preselected, optional

Rare notifications on terms of use changes

Offer clear notifications on any changes in TOS

Analyzing Current Awareness Practices (2/6)

Functionality to create groups of friends/ Audience Segregation

Audience management and visualization

Some still offer Private (all friends) vs Public view

“View As” mirroring tool

Statistics, report visitors-viewed info, visualization of networks

Analyzing Current Awareness Practices (3/6)

Application permissions presented prior to installation

Third-Parties Access

List of installed applications in no predefined place

Transitive access controls

List of other parties granted access and purpose,

Block transitive access controls in applications,Application center in the privacy settings,

Report of accessed data by each application

Analyzing Current Awareness Practices (4/6)

Log of profile owner activities

Activity Logs

No presentation of activities’ relation to privacy risks

No predefined place in the user interface

Organization of activity logs under privacy settings,

Logs of accessed pieces of information

Analyzing Current Awareness Practices (5/6)

Functionality to notify via e-mail or SMS on certain activities, e.g. tags, mentions

Notifications

Notifications only to some changes of T.O.S..

Notifications via e-mail selected by default,Notification when a user accesses the profile

Analyzing Current Awareness Practices (6/6)

Download files of collected data

Access to recorded data

Vague Description of types of collected data in the privacy policy

Process to access all collected data,Process to request correction or deletion of

data

Diversity of awareness methods (no standards for embedded practices)

Need for organization in the user interface (simple menu in privacy settings)

Need to provide a list of entities accessing information

Poor presentation for risk-risk sources combination

Unexploited new technologies (e.g. privacy signaling)

Directions for Raising Privacy Awareness

Further Research

Analyze the actual use of privacy awareness tools

Evaluate the effectiveness of privacy awareness tools

Use as input to design of privacy awareness practices for SNS

Analyze

Evaluate

Use

Questions