Privacy Risks and Solutions in the Ever-Increasing Web of Online Social Networks

Abstract

President Obama once said to a student hoping to become president, “Be careful about what you post on Facebook, because in the YouTube age, whatever you do will be pulled up again later somewhere in your life” (Raad and Chbeir, 2013, p. 48). This statement has expanded far beyond potential presidential candidates. There are currently 2.078 billion active social media accounts (Kemp, 2015). 684,478 pieces of content shared on Facebook per minute (Tepper, 2012). Over 100,000 tweets per minute (Tepper, 2012). 400 million snaps sent per day (Blodget, 2013). With the enormous gravitation towards online social networks, the issue of data privacy has become a forefront of research. Privacy can be defined as the “right of people to control what details about their lives stay inside their own houses and what leaks to the outside” (Garfinkel, 2000, p.4). The term “inside their own houses” has become almost obsolete when evaluated in the context of privacy in online social networks. Mobile devices, public databases, and other technological advances have expanded the borders of a private house to include an individual’s personal information, regardless of the physical location. That personal information can include the actual identity of a person and simple profile data, as well as inferences drawn from observations of online actions (Pfitzman and Hansen, 2010). In order to achieve this geographically infinite, yet private domain, users strive for anonymity, unlinkability, and unobservability – a way to restrict what details others can access from online profiles. An online action (e.g., transmission or receipt of a message) is anonymous if a user’s identity cannot be revealed with a larger group of users. Two such actions are unlinkable if an attacker is unable to find a relationship between a user’s interests. More strongly, an action is unobservable if a third party cannot reliably tell whether it has even occurred – if it is indistinguishable from background noise (Raad and Chbeir, 2013). All of these attributes 4 would allow the details of users’ identities and actions to be concealed “inside their own [figurative] houses,” instead of remaining accessible to the public.