Privacy Requirements of Social Networking Service Muhammad Farrukh Anwar

Privacy Requirements of Social Networking Service Muhammad Farrukh Anwar

Privacy requirements of social networking service Muhammad Farrukh Anwar University of Tampere School of Information Sciences Computer Science / Int. Technology M.Sc. thesis Supervisor: Zheying Zhang June 2016 1 University of Tampere School of Information Sciences Computer Science / Software Development Forename Surname: Muhammad Farrukh Anwar M.Sc. thesis, 62 pages, 56 index and appendix pages June 2016 Users’ privacy in the setting of an open internet environment, combined with a social networking environment has increased privacy related vulnerabilities. Privacy vulnerability represents the flaws in an environment or the lack of security from service providers to prevent privacy problems beforehand. Failure to protect user privacy could increase the chances that users’ data would be transferred without consent, duplicated, shared or used in an inappropriate context. Social networking services (SNS) mostly rely on user data to operate properly, user data can be provided by user, can be collected from alternate sources, or could be requested by SNS themselves. Data shared by the user may contain personal information, and inappropriate use of that personally identified information (PII) is the main concern in this study. This study aims at analyzing privacy vulnerabilities in a social media context. The study explores vulnerabilities and privacy policies, and falls in the category of qualitative research. A method to analyze risk imposed by each vulnerability is also discussed at the end of this study. These heuristics are outcome of analysis of various privacy related concepts and privacy taxonomy proposed by Anton (2004). Individual interviews were also carried out to validate findings of this research where developers were asked questions related to privacy vulnerabilities extracted from Facebook privacy policies and other available documents. The outcome of this research highlights the use of goal based requirement analysis method to evaluate requirements and to determine amount of vulnerabilities related to Facebook and also how the vulnerabilities can be narrowed down. Considering the original study by Anton (2004) was designed for e-commerce websites, some elements had to be modified to suit social networking services where data sharing and data transfer are the core features of the service. Keywords: Social media, privacy, privacy requirements, privacy vulnerabilities, privacy protection. 2 Acknowledgements First of all, I would like to express by deepest gratitude to my supervisor Zheying Zhang, who worked tirelessly to ensure I was on the right path, I would also like to thank her for the continuous support of my masters’ thesis, for her patience and immense knowledge in the subject. Your advice on the subject and continuous insight on the progress of my thesis have been priceless. A special thanks to my family as well, for providing continuous support and motivation throughout the course of my thesis. Muhammad Farrukh Anwar June 2016, Tampere 3 Table of Contents 1. Introduction ....................................................................................................... 7 1.1 Research Questions ................................................................................................. 7 1.2 Research methodology ............................................................................................ 8 1.3 Thesis outline ........................................................................................................ 10 2. Social networking services ............................................................................. 11 2.1 Different types of data in social networking services ........................................... 13 2.1.1 Data collected on Facebook ......................................................................... 13 2.2 Read, write, edit and delete ................................................................................... 14 2.2.1 Data collection .............................................................................................. 18 2.2.2 Data generation ............................................................................................. 19 2.3 Data use and data transfer ..................................................................................... 20 2.4 Data control ........................................................................................................... 20 3. Privacy and privacy threats in social networking services ............................. 22 3.1 Privacy and concepts related to privacy ................................................................ 22 3.1.1 Privacy paradigms ........................................................................................ 24 3.1.2 Right to be forgotten ..................................................................................... 25 3.2 Privacy threats in Facebook .................................................................................. 26 3.3 Privacy goal taxonomy .......................................................................................... 30 3.4 Privacy protection classifications .......................................................................... 30 3.4.1 Notice and awareness ................................................................................... 31 3.4.2 Choice and consent ....................................................................................... 32 3.4.3 Access and participation ............................................................................... 32 3.4.4 Integrity and security .................................................................................... 33 3.4.5 Enforcement and redress .............................................................................. 33 3.5 Privacy vulnerability classifications ..................................................................... 33 3.5.1 Information monitoring ................................................................................ 34 3.5.2 Information aggregation ............................................................................... 35 3.5.3 Information storage ...................................................................................... 35 3.5.4 Information transfer ...................................................................................... 36 3.5.5 Information collection .................................................................................. 36 3.5.6 Information personalization ......................................................................... 36 3.5.7 Contact .......................................................................................................... 37 3.6 Summary ............................................................................................................... 37 4. Goal based requirement analysis method ....................................................... 38 4.1 Goal based requirement analysis model: Elements ............................................... 39 4.2 GBRAM process ................................................................................................... 40 4 4.2.1 Goal identification ........................................................................................ 41 4.2.2 Goal organization ......................................................................................... 42 4.2.3 Goal refinement ............................................................................................ 44 4.2.4 Goal operationalization ................................................................................ 46 4.3 Summary ............................................................................................................... 51 5. Privacy vulnerability analysis ......................................................................... 53 5.1 Vulnerability classification ................................................................................... 56 5.1.1 Data collection and interviews ..................................................................... 56 5.1.2 Vulnerability assessment process models .................................................... 59 5.2 Vulnerability analysis ........................................................................................... 62 5.2.1 Information monitoring goals ....................................................................... 62 5.2.2 Information aggregation goals ...................................................................... 64 5.2.3 Information storage goals ............................................................................. 64 5.2.4 Information transfer goals ............................................................................ 65 5.2.5 Information collection goals ......................................................................... 66 5.2.6 Information personalization goals ................................................................ 66 5.3 Results ................................................................................................................... 67 6. Conclusion, limitations and future work ......................................................... 69 7. References ....................................................................................................... 70 5 List of figures Figure 1. Facebook data operations ................................................................................ 15 Figure 2. Haystack structure [Beaver et al, 2010] .........................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    126 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us