190 likes | 193 Views
Search Engines and Social Networks. October 18, 2007. Homework 4 Discussion. http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw4.html P3P policies and human-readable privacy policies What discrepancies did you find? What parts of human-readable policy are not captured in P3P policy?
E N D
Search Engines and Social Networks October 18, 2007
Homework 4 Discussion • http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw4.html • P3P policies and human-readable privacy policies • What discrepancies did you find? • What parts of human-readable policy are not captured in P3P policy? • What types of errors did sites make? • What are limitations of P3P? • Search engine and social networking privacy policies • Critique of privacy policies - protections and presentation
Homework 5 • http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw5.html • Option: Attend Privacy MindSwap session instead of doing optional reading
Online Social Networks http://services.alphaworks.ibm.com/manyeyes/view/S0yoPHsOtha6O6-7UKyQH2-
MySpace • Profiles available to the public • No login required to view information • Used for “Social Browsing” • Finding new friends
Privacy Settings • MySpace Settings
Facebook • Perceived as a “closed community” or “for college students only” • Login required to access profiles • User for “Social Searching” • Finding existing friends, or people met in person
Privacy Scandals • Facebook Mini-Feed/Feed Uproar • Introduced in Fall 2006 • Aggregates all “Friend” profile updates • Aggregates all actions taken on Facebook • Generated Uproar and User Backlash • User base opened to everyone • Added geographical networks • No longer limits to .edu email addresses
Pimp My Privacy • New Privacy Features introduced • Enhanced Settings • Specific Mini-Feed information can be removed • Access control granularity increased to the Network Level • Limited Profile introduced
Privacy In Facebook • People are more privacy-protective than default setting
Search engines • Search engine query logs can be very revealing • Provide insights into what people are doing, interested in, thinking about • Can be connected to form longitudinal profile • Difficult to anonymize completely • 2006 AOL search log release • http://aolstalker.com • http://aolpycho.com • DEMO
Why share query logs? • Academia has difficulty contributing to web search • Untold insights into human behavior exist within logs Source: Andrew Tomkins
Why not share query logs? Source: Andrew Tomkins
“Person” attack versus “Trace” attack • Trace attack: given a trace, identify the person • Person attack: the dual • Adversaries in person attack: • “Neighborly” knowledge • Query knowledge • Browser compromise Source: Andrew Tomkins
Person attack (750K users) Source: Andrew Tomkins
Discussion • What are the privacy risks associated with social networks and search engines? • What are the web sites doing to mitigate these risks? • Is it enough? • Is opting in to having your data collected and/or shared sufficient?