The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2013 vol.11)
pp: 14-20
ABSTRACT
One definition of privacy is the selective revelation of information about oneself. With billions of people using social media, it's increasingly difficult for users to control what they're disclosing and to whom. Current privacy protection measures block leakages via privacy settings that are syntactic in nature, but existing solutions don't attempt to cover all the entities who might end up receiving the data, ensure the need for or use of the data collected, determine the duration of data retention, or reveal if the data is merged with external information to reveal the user's full identity. The title of the article is from linguist Noam Chomsky, who used it to distinguish between syntax and semantics. Virtually all privacy solutions thus far handle issues relating only to the first hop of the personal data flow from a user. The gap can only be filled by examining the semantics behind the multihop flow of user data over time. This article surveys the state of the art and presents some potential directions in moving from a syntactic approach to a more holistic semantics-based approach.
INDEX TERMS
Social network services, Computer crime, Data prviacy, Semantics, Internet, semantics, Social network services, Computer crime, Data prviacy, Semantics, Internet, syntax, Social network services, Computer crime, Data prviacy, Semantics, Internet, aggregators, privacy, online social networks, leakage
CITATION
Balachander Krishnamurthy, "Privacy and online social networks: can colorless green ideas sleep furiously?", IEEE Security & Privacy, vol.11, no. 3, pp. 14-20, May-June 2013, doi:10.1109/MSP.2013.66
REFERENCES
1. US Department of Health Education and Welfare, "Records, Computers and the Rights of Citizens," Report of the Secretary's Advisory Committee on Automated Personal Data Systems, DHEW no. (OS) 73-94, Government Printing Office, July 1973.
2. B. Krishnamurthy and C. Wills, "Characterizing Privacy in Online Social Networks," Workshop on Online Social Networks, ACM, 2008; www.research.att.com/~bala/papersposn.pdf.
3. B. Krishnamurthy and C. Wills, "On the Leakage of Personally Identifiable Information via Online Social Networks," Workshop on Online Social Networks, ACM, 2009; www.research.att.com/~bala/paperswosn09.pdf.
4. W. Enck et al., "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," Proc. Usenix Symp. Operating System Design and Implementation, Usenix, 2010; http://static.usenix.org/event/osdi10/tech/ full_papersEnck.pdf.
5. B. Krishnamurthy and C.E. Wills, "Privacy Leakage in Mobile Online Social Networks," Workshop on Online Social Networks, 2010; www.research.att.com/~bala/paperspmob.pdf.
6. A. Mislove et al., "You Are Who You Know: Inferring User Profiles in Online Social Networks," Proc. 3rd ACM Int'l Conf. Web Search and Data Mining (WSDM), ACM, 2010.
7. M. Balduzzi et al., "Abusing Social Networks for Automated User Profiling," RAID Int'l Symp. on Research in Attacks, Intrusions, and Defenses, Springer, 2010; www.iseclab.org/papersraid2010.pdf.
8. D. Perito et al., "How Unique and Traceable Are Usernames?," Privacy Enhancement Technologies Symp. (PETS), Springer, 2011; http://planete.inrialpes.fr/people/kaafar high_entropy.pdf.
9. B. Krishnamurthy, K. Naryshkin, and C. Wills, "Privacy Leakage vs. Protection Measures: The Growing Disconnect," Proc. Web 2.0 Workshop Security and Privacy, IEEE CS, 2011; www.research.att.com/~bala/papers w2sp11.pdf.
10. A. Shakimov et al., "Vis-à-vis: Privacy-Preserving Online Social Networks via Virtual Individual Servers," Proc. IEEE Conf. Communication Systems and Networks, IEEE, 2011; www.kiskeya.com/ramon/work/pubscomsnets11.pdf.
11. L.A. Cutillo, R. Molva, and T. Strufe, "Safebook: A Privacy-Preserving Online Social Network Leveraging on Real-Life Trust," IEEE Communications Magazine, vol. 47, no. 12, 2009, pp. 94–101.
12. E. De Cristofaro et al., "Hummingbird: Privacy at the Time of Twitter," Proc. IEEE Symp. Security and Privacy, IEEE, 2012; http://eprint.iacr.org/2011640.pdf.
13. C. Ardagna et al., "Exploiting Cryptography for Privacy-Enhanced Access Control: A Result of the Prime Project," J. Computer Security, vol. 18, no. 1, 2010, pp. 123–160.
14. S. Teja Peddinti, A. Dsouza, and N. Saxena, "Cover Locations: Availing Location-Based Services without Revealing the Location," Proc. ACM Workshop Privacy in the Electronic Society (WPES), ACM, 2011; www.cis.uab.edu/saxena/docsps-wpes11.pdf.
15. d. boyd and E. Hargittai, "Facebook Privacy Settings: Who Cares?," First Monday, vol. 15, no. 8, 2010; www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/ fm/article/view/30862589.
16. A. Felt et al., "Android Permissions: User Attention, Comprehension, and Behavior," Symp. on Usable Privacy and Security (SOUPS), 2012; www.cs.berkeley.edu/~afeltfelt-androidpermissions-soups.pdf.
17. H. Nissenbaum, "A Contextual Approach to Privacy Online," Daedalus J. Am Academy of Arts & Sciences, vol. 140, no. 4, 2011, pp. 32–48; www.amacad.org/publications/daedalus11_fall_nissenbaum.pdf.
18. A. Datta et al., "Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms," LNCS 7093, Springer, 2011, pp. 1–27.
19. O. Seneviratne and L. Kagal, "Addressing Data Reuse Issues at the Protocol Level," Proc. IEEE Symp. Policies for Distributed Systems and Networks, IEEE, 2011, pp. 141–144.
20. T. Kang and L. Kagal, "Enabling Privacy-awareness in Social Networks," Proc. Intelligent Information Privacy Management Symp., AAAI, 2010; http://dig.csail.mit.edu/2010/Papers/Privacy2010/ tkang-rmppaper.pdf.
12 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool