Enhancing Privacy Management on Social Network Services

  1. Ricard López Fogués
Supervised by:
  1. Agustín Rafael Espinosa Minguet Director
  2. Jose M. Such Director
  3. Ana María García Fornes Director

Defence university: Universitat Politècnica de València

Year of defence: 2017

  1. Paulo Jorge Freitas de Oliveira Novais Chair
  2. Vicente J. Botti Navarro Secretary
  3. Álvaro Herrero Cosío Committee member

Type: Thesis


In the recent years, social network services, such as Facebook or LinkedIn, have experienced an exponential growth. People enjoy their functionalities, such as sharing photos, finding friends, looking for jobs, and in general, they appreciate the social benefits that social networks provide. However, as using social network has become routine for many people, privacy breaches that may occur in social network services have increased users' concerns. For example, it is easy to find news about people being fired because of something they shared on a social network. To enable people define their privacy settings, service providers employ simple access controls which usually rely exclusively on lists or circles of friends. Although these access controls are easy to configure by average users, research literature points out that they are lacking elements, such as tie strength, that play a key role when users decide what to share and with whom. Additionally, despite the simplicity of current access controls, research on privacy on social media reports that people still struggle to effectively control how their information flows on these services. To provide users with a more robust privacy framework, related literature proposes a new paradigm for access controls based on relationships. In contrast to traditional access controls where permissions are granted based on users and their roles, this paradigm employs social elements such as the relationship between the information owner and potential viewers (e.g., only my siblings can see this photo). Access controls that follow this paradigm provide users with mechanisms for disclosure control that represent more naturally how humans reason about privacy. Furthermore, these access controls can deal with specific issues that social network services present. Specifically, users often share information that concerns many people, especially other members of the social network. In such situations, two or more people can have conflicting privacy preferences; thus, an appropriate sharing policy may not be apparent. These situations are usually identified as multiuser privacy scenarios. Since relationship based access controls are complex for the average social network user, service providers have not adopted them. Therefore, to enable the implementation of such access controls in current social networks, tools and mechanisms that facilitate their use must be provided. To that aim, this thesis makes five contributions: (1) a review of related research on privacy management on social networks that identifies pressing challenges in the field, (2) BFF, a tool for eliciting automatically tie strength and user communities, (3) a new access control that employs communities, individual identifiers, tie strength, and content tags, (4) a novel model for representing and reasoning about multiuser privacy scenarios, employing three types of features: contextual factors, user preferences, and user arguments; and, (5) Muppet, a tool that recommends sharing policies in multiuser privacy scenarios.