1 / 19

Search Engines and Social Networks

Analyzing discrepancies between P3P and human-readable policies, errors made, and limitations of P3P. Critique of MySpace and Facebook privacy policies, privacy scandals, and introduction of new privacy features. Risks and mitigation strategies in social networks and search engines.

josecooper
Download Presentation

Search Engines and Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Search Engines and Social Networks October 18, 2007

  2. Homework 4 Discussion • http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw4.html • P3P policies and human-readable privacy policies • What discrepancies did you find? • What parts of human-readable policy are not captured in P3P policy? • What types of errors did sites make? • What are limitations of P3P? • Search engine and social networking privacy policies • Critique of privacy policies - protections and presentation

  3. Homework 5 • http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw5.html • Option: Attend Privacy MindSwap session instead of doing optional reading

  4. Online Social Networks http://services.alphaworks.ibm.com/manyeyes/view/S0yoPHsOtha6O6-7UKyQH2-

  5. MySpace • Profiles available to the public • No login required to view information • Used for “Social Browsing” • Finding new friends

  6. Privacy Settings • MySpace Settings

  7. Facebook • Perceived as a “closed community” or “for college students only” • Login required to access profiles • User for “Social Searching” • Finding existing friends, or people met in person

  8. Privacy Scandals • Facebook Mini-Feed/Feed Uproar • Introduced in Fall 2006 • Aggregates all “Friend” profile updates • Aggregates all actions taken on Facebook • Generated Uproar and User Backlash • User base opened to everyone • Added geographical networks • No longer limits to .edu email addresses

  9. Pimp My Privacy • New Privacy Features introduced • Enhanced Settings • Specific Mini-Feed information can be removed • Access control granularity increased to the Network Level • Limited Profile introduced

  10. Privacy In Facebook • People are more privacy-protective than default setting

  11. Search engines • Search engine query logs can be very revealing • Provide insights into what people are doing, interested in, thinking about • Can be connected to form longitudinal profile • Difficult to anonymize completely • 2006 AOL search log release • http://aolstalker.com • http://aolpycho.com • DEMO

  12. Why share query logs? • Academia has difficulty contributing to web search • Untold insights into human behavior exist within logs Source: Andrew Tomkins

  13. Why not share query logs? Source: Andrew Tomkins

  14. “Person” attack versus “Trace” attack • Trace attack: given a trace, identify the person • Person attack: the dual • Adversaries in person attack: • “Neighborly” knowledge • Query knowledge • Browser compromise Source: Andrew Tomkins

  15. Person attack (750K users) Source: Andrew Tomkins

  16. Discussion • What are the privacy risks associated with social networks and search engines? • What are the web sites doing to mitigate these risks? • Is it enough? • Is opting in to having your data collected and/or shared sufficient?

More Related