Mar./Apr. 2014 (18, 02) pp. 7-9
1089-7801/14/$31.00 © 2014 IEEE
Published by the IEEE Computer Society
Published by the IEEE Computer Society
Identity, Privacy, and Deception in Social Networks
|In This Issue|
PDFs Require Adobe Acrobat
This special issue focuses on new risks and growing concerns centered around identity, privacy, and deception in the context of Internet-enabled social networks. The four articles in this issue address a range of issues in social networks and can serve as a reference point for this exciting area. Topics include privacy pattern discovery across different social networks, privacy guarantees of decentralized social network architectures, trust pattern discovery, and minimization of offensive content.
Social networks have fundamentally transformed Internet communication and collaboration, and with this change, have paved the way for incredible new opportunities. We've seen a rapid shift in how people connect to each other both personally (as on Facebook) and professionally (with sites such as LinkedIn). Moreover, these social networks have encouraged new modes of socially driven information discovery and organization for change.
Social networks have provided the backbone for a revolution in content generation and rapid sharing through massive user-generated communities on YouTube, Flickr, and Instagram. Similar upheavals have affected information sharing (on sites such as Reddit and Yahoo Answers), economic models of funding (Kickstarter or IndieGoGo), and Web-scale crowdsourcing systems (Amazon Mechanical Turk, Crowdflower, and so on).
Although Internet-enabled social networks offer tremendous opportunities, widespread interest in and growth of these systems raises new risks and growing concerns centered around identity, privacy, and deception. For instance, social network users can be bullied, have their pictures stolen, or end up with their status posts reaching unwanted audiences. Even when profiles don't list any sensitive information, interested parties can analyze social graphs to infer personal data. Risks are also related to identity management, given that, in these social scenarios, an individual's online identity — which is strictly related to reputation and trust — is becoming less virtual and is affecting real, offline life. A battle is thus under way between individuals’ right to privacy and the interests of the system at large.
In This Issue
This special issue brings together new research results from a variety of backgrounds that address these common core challenges. The articles that we've selected highlight a rapidly changing landscape that threatens to disrupt social networks, and point toward ways to effectively mitigate these challenges.
The four articles we present address a spectrum of issues in social networks and can serve as a reference point for this exciting area. Topics include privacy pattern discovery across different social networks, privacy guarantees of decentralized social network architectures, trust pattern discovery, and minimization of offensive content.
“A Tale of Three Social Networks: User Activity Comparisons across Facebook, Twitter, and Foursquare,” by Pinghui Wang, Wenbo He, and Junzhou Zhao, provides a compelling, data-driven investigation of users’ network activities and privacy settings across three social networks. Interestingly, the authors find that cross-site patterns can leak ostensibly private information unbeknownst to users.
In their article, “Privacy Preservation in Decentralized Online Social Networks,” Lorenz Schwittmann, Matthäus Wander, Christopher Boelmann, and Torben Weis survey the challenges and some potential approaches for preserving privacy in social networks. Their investigation highlights important issues across three architectures for decentralization — server federations, encrypted data storage, and peer-to-peer approaches.
Fei Hao, Stephen S. Yau, Geyong Min, and Laurence T. Yang tackle an interesting flavor of community detection in signed social networks, in which links between users can be either positive (expressing trust) or negative (expressing distrust). Their article, “Detecting k-Balanced Trusted Cliques in Signed Social Networks,” examines trusted cliques in both an online setting (via Slashdot) and in a Correlations of War network that captures linkages among countries.
Finally, “Reporting Offensive Content in Social Networks: Toward a Reputation-Based Assessment Approach,” by Félix Gómez Mármol, Manuel Gil Pérez, and Gregorio Martínez Pérez, points the way toward building new crowd-based reputation systems to minimize the spread and impact of offensive content. By dynamically adjusting a trust threshold based both on how many users have “consumed” the content and how long it has been in the network, they illustrate the potential for community self-regulation.
The articles in this special issue report on significant advances in making social networks secure, privacy-aware, and trustworthy. However, achieving such goals requires much wider research efforts. Social networking's business model is still based primarily on the ability to leverage large warehouses of personal information that is primarily under providers’ control. Security- and privacy-enhancing technologies from these providers are based on a centralized view of information management.
Decentralization could be a promising solution to enhance user privacy, but it raises several issues. For instance, one important concern in this area is how to trade between the privacy and security guarantees that social networks can offer users and the performance overhead that any distributed solution brings. Identity management in such decentralized settings is also an interesting research challenge, as is the development of suitable trust models and trust computation algorithms.
Addressing the trustworthiness of information posted in social networks requires combining different techniques, such as predictive analytic techniques, reputation and information credibility techniques, information provenance, and lineage. Privacy is also relevant in this context because assessing information trustworthiness should not come at the expense of privacy.
Another open research area is related to the fact that the complexity of interactions happening in social networks has made obsolete the traditional representation of a social network as a graph composed of symmetric user-to-user relationships. Most current privacy and security solutions have been based on this graph. However, major online social networks such as Facebook, Google+, and, in a different way, Twitter — as well as e-commerce sites such as Amazon — have developed infrastructures that let us represent users and their resources on so-called augmented/multilevel social graphs, which connect different entities with multiple kinds of relationships. Moreover, most users today hold accounts on many different social networks because each network offers different features or lets users manage different contact types. Graphs can therefore span different social networks, thus merging the various relationships that a user has (for instance, a user x can be a “friend” of user y on a specific social network but a simple “follower” of y on another one). Security, identity management, and privacy-preserving solutions should therefore be redesigned to fit in this model.
We believe that in today's big data era, techniques that preserve individual privacy while making it possible to extract useful information and knowledge from social network data will be of greater significance and be incorporated into many different systems and applications. The articles in this special issue provide an initial sample of research, and we definitely will see more research in the near future that focuses on exciting topics in this space.
We thank all those who contributed to this special issue: Michael Rabinovich, the editor in chief, for his cooperation; Andy Morton, the peer-review administrator; the reviewers for their thorough comments that helped enhance the quality of the articles; and the authors for submitting their articles to this special issue.
Elisa Bertino is a professor in the Department of Computer Science at Purdue University, director of the Purdue Cyber Center, and research director of CERIAS. Her main research interests are data security and privacy, digital identity management, and data management for scientific applications. Bertino received a PhD in computer science from the University of Pisa, Italy. She's a fellow of IEEE and ACM. Contact her at email@example.com.
James Caverlee is an associate professor in the Department of Computer Science and Engineering at Texas A&M University. His research focuses on Web-scale information management, distributed data-intensive systems, and social computing. Caverlee received a PhD in computer science from the Georgia Institute of Technology. He's a member of IEEE and ACM. Contact him at firstname.lastname@example.org.
Elena Ferrari is a full professor of computer science at the University of Insubria, Italy, and the scientific director of the K&SM Research Center. Her main research activities are related to data and application security, privacy, trust, and social networks. Ferrari received a PhD in computer science from the University of Milano, Italy. She's a fellow of IEEE and a distinguished member of ACM. Contact her at email@example.com.