Defining Inspection Techniques for Detecting Privacy Problems in Online Social Networks

Andrey  Rodrigues; Natasha  M. C. Valentim; Eduardo  Feitosa

doi:10.5753/jis.2019.552

Authors

Andrey Rodrigues UFAM
Natasha M. C. Valentim UFPR
Eduardo Feitosa UFAM

DOI:

https://doi.org/10.5753/jis.2019.552

Keywords:

User privacy, Privacy evaluation, Privacy inspection, Social network, Empirical study

Abstract

In the last few years, Online Social Networks (OSN) have experienced growth in the number of users, becoming an increasingly embedded part of people’s daily lives. Privacy expectations of OSNs are higher as more members start realizing potential privacy problems they face by interacting with these systems. Inspection methods can be an effective alternative for addressing privacy problems because they detect possible defects that could be causing the system to behave in an undesirable way. Therefore, we proposed a set of privacy inspection techniques called PIT-OSN (Privacy Inspection Techniques for Online Social Network). This paper presents the description and evolution of PIT-OSN through the results of a preliminary empirical study. We discuss the quantitative and qualitative results and their impact on improving the techniques. Results indicate that our techniques assist non-expert inspectors uncover privacy problems effectively, and are considered easy to use and useful by the study participants. Finally, the qualitative analysis helped us improve some technique steps that might be unclear.

Downloads

Download data is not yet available.

References

D. A. Epstein, B. H. Jacobson, E. Bales, D. W. McDonald, and S. A. Munson, "From nobody cares to way to go!: A design framework for social sharing in personal informatics", in Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing. ACM, 2015, pp. 1622-1636.
M. L. B. Villela and R. O. Prates, "Supporting designers in modeling privacy for social network sites", in Proceedings of the 14th Brazilian Symposium on Human Factors in Computing Systems. ACM, 2015, pp. 113-122.
S. Gurses, R. Rizk, and O. Gunther, "Privacy design in online social networks: Learning from privacy breaches and community feedback", ICIS 2008 Proceedings, p. 90, 2008.
G. Iachello, J. Hong et al., "End-user privacy in human-computer interaction", Foundations and Trends® in Human-Computer Interaction, vol. 1, no. 1, pp. 1-137, 2007.
Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove, "Analyzing facebook privacy settings: user expectations vs. reality", in Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011, pp. 61-70.
P. W. Fong, "Relationship-based access control: Protection model and policy language", in Proceedings of the First ACM Conference on Data and Application Security and Privacy, ser. CODASPY ’11. New York, NY, USA: ACM, 2011, pp. 191-202.
J. Pang and Y. Zhang, "A new access control scheme for facebook-style social networks", Computers & Security, vol. 54, pp. 44-59, 2015.
A. S. Teles, F. J. d. S. e Silva, and M. Endler, "Situation-based privacy autonomous management for mobile social networks", Computer Communications, vol. 107, pp. 75-92, 2017.
G. Travassos, F. Shull, M. Fredericks, and V. R. Basili, "Detecting defects in object-oriented designs: using reading techniques to increase software quality", in ACM Sigplan Notices, vol. 34, no. 10. ACM, 1999, pp. 47-56.
L. He and J. Carver, "Pbr vs. checklist: a replication in the n-fold inspection context", in Proceedings of the 2006 ACM/IEEE international symposium on Empirical software engineering. ACM, 2006, pp. 95-104.
A. Rodrigues, "Um conjunto de técnicas de inspeção orientado à avaliação de privacidade em redes sociais online", Master’s thesis, Federal University of Amazonas, Brazil, Feb. 2019. [Online]. Available: https://tede.ufam.edu.br/handle/tede/7092
I. Altman, "The environment and social behavior: Privacy, personal space, territory, and crowding.” Brooks/Cole Publishing Company, 1975.
H. Nissenbaum, "Privacy as contextual integrity", Wash. L. Rev., vol. 79, p. 119, 2004.
H. Ahrefors, "Supporting software inspections through fault content estimation and effectiveness analysis", Ph.D. dissertation, Lund University, 2002. [Online]. Available: http://lup.lub.lu.se/record/20821
A. Dix, J. E. Finlay, G. D. Abowd, and R. Beale, Human-Computer Interaction (3rd Edition). Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 2003.
T. Y. Chen, P.-L. Poon, S.-F. Tang, T. Tse, and Y.-T. Yu, "Towards a problem-driven approach to perspective-based reading", in 7th IEEE International Symposium on High Assurance Systems Engineering, 2002. Proceedings. IEEE, 2002, pp. 221-229.
O. Laitenberger, K. El Emam, and T. G. Harbich, "An internally replicated quasi-experimental comparison of checklist and perspective based reading of code documents", IEEE Transactions on Software Engineering, vol. 27, no. 5, pp. 387-421, 2001.
F. J. Shull, "Developing techniques for using software documents: a series of empirical studies", Ph.D. dissertation, Dept. of Computer Science, University of Maryland, 1998.
F. Shull, J. Carver, and G. H. Travassos, "An empirical methodology for introducing software processes", in ACM SIGSOFT Software Engineering Notes, vol. 26, no. 5. ACM, 2001, pp. 288-296.
P. Anthonysamy, A. Rashid, J. Walkerdine, P. Greenwood, and G. Larkou, "Collaborative privacy management for third-party applications in online social networks", in Proceedings of the 1st Workshop on Privacy and Security in Online Social Media, ser. PSOSM ’12, 2012, pp. 5:1-5:4.
P. J. Wisniewski, B. P. Knijnenburg, and H. R. Lipford, "Making privacy personal", Int. J. Hum.-Comput. Stud., vol. 98, no. C, pp. 95-108, Feb. 2017. [Online]. Available: https://doi.org/10.1016/j.ijhcs.2016.09.006
D. Christin, P. S. López, A. Reinhardt, M. Hollick, and M. Kauer, "Share with strangers: Privacy bubbles as user-centered privacy control for mobile content sharing applications", Information Security Technical Report, vol. 17, no. 3, pp. 105-116, 2013.
A. A. de O. Rodrigues, F. A. S. Clemente, and A. A. S. dos Santos, "An information window about online privacy aspects perceived by social networks users", in Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems, ser. IHC ’16. New York, NY, USA: ACM, 2016, pp. 18:1-18:10.
B. Ur and Y. Wang, "A cross-cultural framework for protecting user privacy in online social media", in Proceedings of the 22Nd International Conference on World Wide Web, ser. WWW ’13 Companion. New York, NY, USA: ACM, 2013, pp. 755-762.
F. Bélanger and R. E. Crossler, "Privacy in the digital age: a review of information privacy research in information systems", MIS quarterly, vol. 35, no. 4, pp. 1017-1042, 2011.
H. Krasnova, O. Günther, S. Spiekermann, and K. Koroleva, "Privacy concerns and identity in online social networks", Identity in the Information Society, vol. 2, no. 1, pp. 39-63, 2009.
P. Anthonysamy, P. Greenwood, and A. Rashid, "Social networking privacy: Understanding the disconnect from policy to controls", Computer, vol. 46, no. 6, pp. 60-67, 2013.
P. Shi, H. Xu, L. Erickson, and C. Zhang, "See friendship: Interpersonal privacy management in a collective world", in 18th Americas Conference on Information Systems 2012, AMCIS 2012, vol. 4, 12 2012, pp. 2937-2946.
S. K. Nagaraj and A. Bryant, "Factors in building transparent, usable and comprehensive user privacy policy system", in 11th International Conference on Cyber Warfare and Security: ICCWS2016. Academic Conferences and publishing limited, 2016, p. 253.
F. H. S. Pereira and R. O. Prates, "A conceptual framework to design users digital legacy management systems", in Proceedings of the XVI Brazilian Symposium on Human Factors in Computing Systems, ser. IHC 2017. New York, NY, USA: ACM, 2017, pp. 1:1-1:10.
E. A. Yamauchi, P. C. de Souza, and D. P. S. Junior, "Prominent issues for privacy establishment in privacy policies of mobile apps", in Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems, ser. IHC ’16. New York, NY, USA: ACM, 2016, pp. 26:1-26:9.
S. Lichtenstein and P. M. C. Swatman, "Adding value to online privacy for consumers: remedying deficiencies in online privacy policies with an holistic approach", in 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the, 2003, p. 10 pp.
P. Anthonysamy, P. Greenwood, and A. Rashid, "A method for analysing traceability between privacy policies and privacy controls of online social networks", in Privacy Technologies and Policy, B. Preneel and D. Ikonomou, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2014, pp. 187-202.
W. D. Yu, S. Doddapaneni, and S. Murthy, "A privacy assessment approach for serviced oriented architecture application", in Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering. IEEE Computer Society, 2006, pp. 67-75.
F. Lanubile, F. Shull, and V. R. Basili, "Experimenting with error abstraction in requirements documents", in Proceedings Fifth International Software Metrics Symposium. Metrics (Cat. No. 98TB100262). IEEE, 1998, pp. 114-121.
A. A. Porter and L. G. Votta, "An experiment to assess different defect detection methods for software requirements inspections", in Proceedings of 16th International Conference on Software Engineering. IEEE, 1994, pp. 103-112.
V. Venkatesh and H. Bala, "Technology acceptance model 3 and a research agenda on interventions", Decision sciences, vol. 39, no. 2, pp. 273-315, 2008.
F. D. Davis, "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS quarterly, pp. 319-340, 1989.
F. Lanubile, T. Mallardo, and F. Calefato, "Tool support for geographically dispersed inspection teams", Software Process: Improvement and Practice, vol. 8, no. 4, pp. 217-231, 2003.
J. N.-R. L. Mack and J. Nielsen, Usability inspection methods. Wiley John & Sons, New, 1995.