IPAM: Information Privacy Assessment Metric in Microblogging Online Social Networks - IEEE Journals & Magazine

Information Privacy Assessment Metric in Microblogging Online Social Networks. The IPAM Framework.

online Social Networks (OSNs) offer a free channel for users to express themselves, to share their thoughts and activities, and to communicate with others. OSNs are not limited to a specific demographic or age group, but they encourage people of all ages and demographics worldwide to participate by sharing their thoughts and interests or by advertising their products. Currently, it is estimated that around 2.77 billion users are actively using OSNs platforms [1]. Furthermore, active participation in OSNs is shaping the way people communicate. It is quite remarkable how news spread so fast on social networks. For example, OSNs have played a crucial role in the recent events of the ‘Arab Spring’ [2] or the ‘London riots’ [3].

On the other side, OSNs users provide a variety of personal information that may disclose more sensitive information about the users or their entourage and cause potential privacy risks. For example, the website Please Rob Me [4] was created to raise the awareness of the dangers of location-based services on Twitter. It scans tweets and shows when the users tweet from places other than their home.

As a solution, OSNs provide privacy policies and privacy settings to control and adjust who can access users’ profiles and posts [5], [6]. However, privacy policies offered by the systems are confusing and expressed in legal jargon that is difficult to understand [7]. Furthermore, privacy settings are complex, time-consuming, and still insufficient to fully protect users’ privacy [8]. Besides, OSNs providers mostly store, process and analyze users’ data and sometimes sell them to third-parties for advertising and marketing purposes [9], [10].

As the monetary value of data increases, more voices demand protection and control over their privacy. The year 2018 saw a trend to enact new laws that regulate data collection and enhance privacy protection. For example, the European Parliament approved the General Data Protection Regulation (GDPR) on 14 April 2016 and to be applied by 25 May 2018 [11]. The new regulation aims to give control to online users over their personal data, to harmonize data privacy laws across Europe, and to protect the privacy of the users [12]. However, GDPR is not the miraculous solution to protect the users’ privacy. The end-users have to accept the terms and conditions as provided by the system, they are not in a position to negotiate a separate agreement. Therefore, the users are obliged to accept to release their data as a necessity to use the services [13]. Moreover, the regulation was criticized for the lingering uncertainty around some undefined terms (e.g. “disproportionate effort” or “undue delay”) which require more clarity by the courts and regulators. Furthermore, GDPR does not offer a proper definition of what constitutes a “reasonable” level of protection for personal data, offering flexibility in the assessment of fines for data breaches and non-compliance [14].

The public interest in privacy protection has increased due to the growing amount of data breaches of common and extended use services. Privacy-oriented service providers and researchers have introduced new systems that offer online social functionalities and at the same time advocate for privacy protection. Some systems add a privacy layer while others are built using privacy by design methodologies.

With a multitude of privacy controls and techniques implemented in these new microblogging OSNs, the necessity of tools to evaluate the privacy protection techniques in OSNs has appeared. Therefore, there is a need for a formal framework that quantifies privacy and evaluates the performance and the efficiency of the privacy-preserving techniques implemented in OSNs. The scores obtained from using the framework can provide users with a means to compare different OSNs and to choose the most adequate for them depending on their risk appetite. In this paper, the focus is on OSNs that offer microblogging service. Privacy evaluation can establish credibility and trust in social network services and incite platforms’ providers to address privacy concerns.

The remaining proceeds as follows: section II presents the current state of the art of OSNs and privacy; section III discusses the existing privacy-specific measurement models in OSNs, while section IV presents the gap between the surveyed models, and explains the contributions of this paper; section V presents the methodology of the proposed framework and section VI presents the algorithmic model for calculating privacy score in microblogging OSNs, and an evaluation and assessment of the framework based on real social networks are discussed in section VII, while Section VIII presents a comparison between our framework and related work. Section IX presents the conclusion of the paper, including future work.

A. Online Social Networks

An Online Social Network (OSN) is a translation of physical connections and relationships to the virtual world. In general, it is defined as user-generated content services that facilitate social interactions through the internet. OSN allows (i) to create public or semi-public profiles, (ii) to build social relationships with other users, and (iii) to post their activities and interests and view those made by others [15]. Microblogging network (MOSN) is a popular form of OSNs. It is a weblog where users can send snippets of a small number of characters (between 140 and 310 characters) [16].

An OSN can be modeled as a graph where nodes are users and edges are the relationships between the users. The edges can be either unidirectional (e.g. Twitter social model of following) or bidirectional (e.g. Facebook social model of friendship) [17], [18].

When studying MOSNs, there are two major aspects that characterize them: the targeted stakeholders involved in the usage of the microblogging services and the data collected and used in the system [19], [20].

MOSNs stakeholders are defined as entities that can access user-data directly or indirectly. They can be categorized into users, service operators, third-parties, and the general public.

User: is any entity (an individual or an organization) that subscribes to a MOSN to benefit from the services offered [19]. A user is represented by a profile, her relationships, and her generated contents.
System operator (also known as the service provider): provides the underlying services and infrastructure needed to use the system and interact with each other [19]. They play the role of data protectors, and they can have direct or indirect access to the user data.
Third-parties: are entities that connect to either system operators or users for different objectives other than social networking [19]. They can be developers of applications, providers of add-ons, data analysts, marketers, advertisement agencies, etc.
General public: are unregistered users that can access (if they are allowed) to the services of the OSNs to visualize, monitor, or extract information.

When using microblogging services, users release personal information either willingly or unintentionally. User data are either provided in the user’s profile, generated by the user, shared in groups, collected from patterns, or derived from all other types of data. Kumari, in [19], classifies user data into two:

Traffic data: All data generated from users’ activities, such as IP address, OS specifications, search terms, etc.