Security Issues on Social Networks

Added on - 12 Oct 2019

  • 42


  • 15288


  • 202


  • 0


Trusted by +2 million users,
assist thousands of students everyday
Showing pages 1 to 8 of 42 pages
IntroductionWhen it comes to privacy and security issues on social networks, "the sites most likely to sufferfrom issues are the most popular ones," Graham Cluley, Chief Technology Officer at UK techsecurity firm Sophos says. But security issues and privacy issues are entirely two differentbeasts. A security issue occurs when a hacker gains unauthorized access to a site's protectedcoding or written language. Privacy issues, those involving the unwarranted access of privateinformation, don't necessarily have to involve security breaches. Someone can gain access toconfidential information by simply watching you type your password. But both types of breachesare often intertwined on social networks, especially since anyone who breaches a site's securitynetwork opens the door to easy access to private information belonging to any user. But thepotential harm to an individual user really boils down to how much a user engages in a socialnetworking site, as well as the amount of information they're willing to share. In other words, theFacebook user with 900 friends and 60 group memberships is a lot more likely to be harmed by abreach than someone who barely uses the site.Security lapses on social networks don't necessarily involve the exploitation of a user's privateinformation. Take, for example, the infamous "Samy" MySpace XSS worm that effectively shutthe site down for a few days in October 2005. The "Samy" virus (named after the virus' creator)was fairly harmless, and the malware snarkily added the words "Samy Is My Hero" to the top ofevery affected user's MySpace profile page. A colossal inconvenience, naturally, but nobody'sidentity was stolen and no private information was leaked. In the end, the problem galvanized theMySpace team to roll up their sleeves and seriously tighten the site's security. Result: no majorbreak-ins since. Unfortunately, these kinds of breaches, purely for sport in "Samy's" case, arerare.The reason social network security and privacy lapses exist results simply from the astronomicalamounts of information the sites process each and every day that end up making it that mucheasier to exploit a single flaw in the system. Features that invite user participation — messages,invitations, photos, open platform applications, etc. — are often the avenues used to gain accessto private information, especially in the case of Facebook. Adrienne Felt, a Ph.D. candidate atBerkeley, made small headlines last year when she exposed a potentially devastating hole in theframework of Facebook's third-party application programming interface (API) which allows foreasy theft of private information. Felt and her co-researchers found that third-party platformapplications for Facebook gave developers access to far more information (addresses, pictures,interests, etc.) than needed to run the app.This potential privacy breach is actually built into the systematic framework of Facebook, andunfortunately the flaw renders the system almost indefensible. "The question for social networksis resolving the difference between mistakes in implementation and what the design of theapplication platform is intended to allow," David Evans, Assistant Professor of ComputerScience at the University of Virginia, says. There's also the question of whom we should holdresponsible for the over-sharing of user data? That resolution isn't likely to come anytime soon,says Evans, because a new, more regulated API would require Facebook "to break a lot of
applications, and a lot of companies are trying to make money off applications now." Felt agrees,noting that now "there are marketing businesses built on top of the idea that third parties can getaccess to data on Facebook."The problems plaguing social network security and privacy issues, for now, can only be resolvedif users take a more careful approach to what they share and how much. With the growth ofsocial networks, it's becoming harder to effectively monitor and protect site users and theiractivity because the tasks of security programmers becomes increasingly spread out. Imagine if aprison whose inmate count jumped froma few dozen to 250 million in less than five years onlyemployed 300 guards (in the case of MySpace). In response to the potential threats that users areexpose to, most of the major networks now enable users to set privacy controls for who has theability to view their information. But, considering the application loophole in Facebook,increased privacy settings don't always guarantee privacy. But even when the flawed API waspublicly exposed, "Facebook changed the wording of the user agreement a little bit, but nothingtechnically to solve the problem," says Evans. That means if a nefarious application developerwanted to sell the personal info of people who used his app to advertising companies, he or shecould.Yet users still post tons of personal data on social networks without batting an eye. It's onlynatural. Anonymity and the fact that you're communicating with a machine instead of an actualperson (or people in the case of social networking) makes sharing a lot easier. "People shouldjust exercise common sense online, but the problem with common sense is that it's not verycommon. If you wouldn't invite these people into your house to see your cat, you certainlywouldn't let them see pictures from holiday," says Cluley.In the end, the only tried and true solution to social network privacy and security issues is tolimit your presence altogether. Don't post anything you wouldn't mind telling a completestranger, because in reality that's the potential for access. Be careful who you add as a "friend,"because there's simply no way of verifying a user's actual identity online. Cluley compares it to arep from your company's IT department calling to ask for your login password — "Most peoplewill give it over" with no proof of the IT rep actually existing. The caller might be your IT rep,or she might not. "This kind of scam happens all the time," says Cluley. Friends on socialnetworks should know thatrealfriends should know personal information already, negating theneed to post it online.Will there ever be a security breach-free social network? Probably not. "Any complex system hasvulnerabilities in it. It's just the nature of building something above a certain level ofcomplexity," says Professor Evans. According to Felt, the best idea is a completely private socialnetwork. "It simply requires that there's no gossip in the circle, by which I mean one person whosets their privacy settings so low that third parties can use them to get to their friends.""Social networks are great fun, and can be advantageous but people really need to understandthat it's complicated world and you need to step wisely," Cluley says.
LITERATURE REVIEWCurrently, in the era of advanced internet technology, Social Network becomes incrediblypopular tool on the internet and becomes widely used around the world. It is powerful tool in anyages of people especially among teenagers and young adults in the propose of communicationand self-expression [1], and it is easy mean of sharing information with other users who has acommon interest such as photos, likes, dislikes, interests, relationship status, job details, currenttown details, political views, religious views etc. [2] [3] [4].Social networking sites andassociated privacy concerns is one of the most debated topic nowadays as participation in suchsites has increased dramatically. A number of journals and articles come up with this issue thathow the increase in the usage of social networking sites is leading to various online crimes.Unfortunately, though this technology most of users are not aware of the privacy risk associatedwhenever they shared sensitive information in the internet [4], so that privacy concern will beraised among those online interactions if their personal information has been shared to otherpeople [3] [5].Definitions of privacyThe word privacy has many subtly different meanings, ranging from personal privacy (whichincludes seclusion and bodily privacy) to information privacy, each with their own definition.Privacy on the Web in general revolves mostly around Information Privacy, as defined below inthe IITF wording that Kang uses: Information Privacy is “an individual’s claim to control theterms under which personal information–information identifiable to the individual–is acquired,disclosed or used.”Palen and Dourish classify three privacy boundaries with which individualsare struggling. 1. The disclosure boundary (managing the tension between private and public), 2.The identity boundary (managing self representation with specific audience, e.g. one will behavedifferently at work than when among friends), 3. The temporal boundary (managing past actionswith future expectations; user behavior may change over time).Online personal information privacyProtecting the privacy of personal information is one of the biggest challenges facing websitedevelopers, especially social network providers. Several researchers have discussed the issue ofprivacy. Bae and Kim (2010) suggested that, in order to achieve a high level of privacy, the usershould be given the authority to control the privacy settings when he/she receives or requests aservice related to his/her personal information. The authors noted the importance of designing aprivacy policy to protect personal information by blocking some people from seeing all or part ofthe user’s personal information. They also designed a privacy model using mobile agents.Dötzer (2006, p.4) stated that “once privacy is lost, it is very hard to re-establish that state ofpersonal rights.” This shows that privacy is essential to the construction of all communicationsystems, particularly mobile systems. The concept of self-representation enables users to interactand introduce themselves based on the data placed on profile pages such as name and pictureswith others. Privacy is an important aspect of self-representation on online social networks sincepeople share certain information with the public and receive information or comments fromothers. The nature and complexity of the Internet cause some threats to web privacy(Bouguettaya&Eltoweissy 2003). According to Wang and Cui (2008), privacy is a state or
condition of limited access to a person. Privacy regulations can be defined as a set of rules orpolicies set by users to achieve a certain level of privacy. In terms of location privacy, privacyregulations restrict access to information on a user’s location. Each privacy rule or policy caninclude some restrictions (Sadeh& Hong 2009). Although there is no policy mandating onlinepersonal information privacy, some types of privacy solutions do exist (Passant et al. 2009).These solutions can be classified into: protective technologies, social awareness and legislativesupport. Protective technologies, such as strong authentication and access control, havedeveloped quickly and have evolved over time. These rely on encryption as a way to solveprivacy concerns. The second type of solution, social awareness, involves educating peopleabout the possible risks of personal information misuse when they provide data such as theirhome address and mobile phone number. Lastly, legislation can be enacted to clarify aspects ofthe agreement with users to protect the collection of personal information under the frameworkof the law (Campisi, Maiorana&Neri 2009).Since the inception of the first social networking site, at 1997 (Boyd andEllison, 2008), the social networking craze has grown beyond all expectations. Data privacy is afundamental problem in today's information era. Enormous amounts of data are collected bygovernment agencies, search engines, social networking systems, hospitals, financial institutions,and other organizations, and are stored in databases. Those stored information is very crucial forindividuals, people might misuse this information. The problems that exist in the real world suchas theft, fraud, vandalism also exists in online Web 2 environments an identity thief.According to consumer security risks survey 2014, is done by B2B International in conjunctionwith Kaspersky Lab shown that even using social networking is worldwide, but however thereare minority of them understanding the risks of using social networking especially in terms ofusing mobile device to access the sites. Correspondingly, more than 78% of correspondents didnot concern their information to be targeted by cyber-attacks or cyber-crime and they though thatno any dangerous with any activities on their social network. The survey also found that one often has ever conversed to anonymous person about personal information, while 15% sendingpersonal information which has not been exposed anywhere before through social network.Furthermore, 12 % of correspondents using public Wi-Fi to fill online account information, butonly 18% of them who concerned that their personal information disclosure is excessive or notand 7% seriously considered their communicating through social networking is one of majorfactor which information will be lose [6]. Every social network sites ask users to accomplish aprofile which contains privacy information including name, address, email and so on. Throughthis information is claim to be danger which can be easily accessed by unexpected person [7] [8],but what is happening today, most of social network users tend to public real identity and postprivate information where privacy will be raised [9]. Accordingly, [3] [4] [7] [8] [10], theydescribed that online social networking data is of great help to the researchers, analysts, and anykind of third party who has opportunity to mine and use data for particular purposes such asspamming, fishing, targeted advertising and so on [4]. This is because sensitive information andtheir interaction are stored in social OSN server are not always honest and transparent due to thenature of OSN allows third parties to collect and analyze easily [9]. Raji and her colleaguesdemonstrated that there are some principle privacy problems in social network like Facebook.
For instance, Users used their real information to create an account profile to the rest of theFacebook users, The default privacy settings are not enough in Facebook, so users expose toomuch information to others users, Users do not change the OSN default privacy settings that areprovided, and Sometime it is unavailable to adjust the privacy setting which is offered byFacebook such as the users can see the whole his or her shared information whenever users addhis or her to be in friend list [9].However, sometime there is a must to users to reveal personal information in particular reason,as demonstrated by [7]. They also illustrated that users have to reveal the personal informationon social network in order to be effective and do this for maturing their identities. In reality,online communication can bring them to be intensive revelation compared to face to facecommunication. Furthermore, in the face of information of behavior of users are able toconceptualize as continuum which describes as information privacy protection behavior. Thismeans information can disclose accurately in one side, but it is not for other sides. By the way,users can participate all and can protecting their personal information at the same time by partlydisclosing of them.A blog in a website DashBurst clearly mentions that “with the rise of social media, privacyconcerns have taken a backseat in recent years (Trenchard, 2013).” It talks about the potentialdangers that a young user may likely face while using the social networking site. Thus itbecomes very important for one to read the privacy policies and measures offered by these sitesin order to have a safe online networking. Further, the blog also states the privacy policy changesbrought out by the popular sites like Facebook and Twitter and how it has affected the users. Oneof the main reasons cited by experts and research studies for such tremendous popularity of thesocial networking sites is the emergence of sites that offer the scope of connectivity in thisvirtual world almost at any time of the day. People get in touch with near and dear ones with theservices like Facebook, Twitter, Orkut, LinkedIn, MySpace, etc (Dutton, 2004). In socialnetworking sites, sharing of private information and giving updates of day to day happening is alatest trend. These sites heavily caters to the young brigade especially the age group between 15to 25 years. Sometimes it has been observed that youngsters use these sites for sharing news orany information rather than sharing it personally. Even if they meet in the morning in college,information is shared mostly through the social media sites. It shows the growing dependency onsuch sites (Kabay, 2010). It is strange enough to note that communication process is hugelygetting affected through the advancement of the internet. With the controversial changes madeby the popular social networking site Facebook in 2009, it had beome quite impossible tomaintain a safe invisible account (Trenchard, 2013). By analysing the personal informationrevelation behaviour of the users, it has been mainly found out that this factor mainly revolvesaround hobbies and interests although it also has other directions. Like for insance, semi-publicinformation may include schooling or employment details, whereas personal information mayinclude drinking or drug habits or sexual orientation, etc (Gross & Acquisti, 2005). The apparentopenness of users of the social networking sites calls for unncessary attention from strangersquite possibly leading to online victimization. It is very easy to join a social networking site. Butwithout proper knowledge of the security measures, one can be a easy trap for the third partieslike the hackers (Gross & Acquisti, 2005).
Most social networks offer privacy settings that are simple to use, but coarse. They often requirethe user to set the visibility for each profile item to either private, friends only, or public.Sometimes a few more options are given. In the end it boils down to a list of items and checkboxes to either opt-in or opt-out of disclosing these items to certain groups, limiting user control.Gross and Acquisti show in a case study that most users do not change the default privacysettings as provided by the OSN. Furthermore these users share a large amount of information ontheir profile. Tufecki [27] concludes in his case study that privacy-aware users are more reluctantto join social networks. However once a privacy aware user joins he is willing to disclose a lot ofinformation and a user’s privacy is regulated mostly through visibility, i.e. the privacy settings ofthe OSN (Online Social Networks). This privacy aware user aims to remain in control.Furthermore users are more pre-occupied with the current visibility of their information and donot look towards future implications. It seems that users implicitly trust social network providersto handle user data in a fair and conscientious way.Ahern, Eckles et al. (2007: 357) analysing the issue and conducting studies on Privacy Patternsand Considerations in online and mobile photo sharing claim: The growing amount of onlinepersonal content exposes users to a new set of privacy concerns. Digital cameras, and lately, anew class of camera phone applications that can upload photos or video content directly to theweb, make publishing of personal content increasingly easy. Privacy concerns are especiallyacute in the case of multimedia collections, as they could reveal much of the user’s personal andsocial environment.[9]Online social network privacyGeorge (2006) cited the case of US college athletes whose pictures, which they posted online,were misused by a website, which publishes stories about scandals in sport. The author pointedout that the issue of privacy has not gone unnoticed by social network providers. Gross andAcquisti (2005) conducted a study on a sample of 4,000 students from Carnegie MellonUniversity who use social network accounts. They found that a large proportion of students didnot care about the privacy risks that might increase the chance of a third party misusing astudent’s personal information. Another study by the same authors claimed that more than 77percent of the respondents did not read privacy policies (Acquisti& Gross 2006). The ability tocontrol privacy options is essential to increasing the users’ confidence in their social networkproviders. Since Internet users represent a range of different cultures and ages, privacy optionsshould be clear, simple and easy to use. Users must have the ability to control their privacyoptions at any time. These privacy options allow users to accept or reject the dissemination oftheir information to others. For example, some users do not want to publish sensitive informationsuch as health or medical information (Samavi&Consens 2010). These users are aware thatpeople with less than honourable intentions can harm adults or children by misusing theirpersonal information. A study conducted by Casarosa (2010) found that minors are interested innew technologies and the Internet, and can be contacted by strangers online asking to form afriendship. When a website publishes the personal information of a minor without giving thechild’s parents (or the child’s guardian) the authority to select privacy options, potentialpredators can use some of the minor’s personal information, such as a mobile phone number, toengage in sexual contact (Casarosa 2010).
The following links highlight some of the privacy issues that have highlighted the need for adecentralised privacy aware social networking tool.• Facebook’s Bewildering Privacy Policy An article by the NY Times, highlighting howconfusing Facebook’s privacy settings are and convoluted their privacy policyactually is.• Facebook’s Opengraph The following blog post http://zestyping.livejournal .com/257224.htmlhighlights the privacy implications of Facebook’s Open Graph Protocol [20]. Illustrated by theweb-service• Application that searches public Facebook wall posts The example webservice call highlights theinformation that is accessible via Facebook’s Graph API [21]. It should be noted that the wallposts shown in the aforementioned web-service call, are not apparently visible to the Web if onesimply visits an exposed user’s public profile page.• The Evolution of Facebook’s Privacy Policy The following visualisation shows howFacebook’s privacy policy has changed over time Thischange in policy, is the main reason why there has been a sudden desire for the development of adecentralised social network, removing the need for a central service that accumulates personalinformation.In order for any decentralised social networking service to be a success, the service’s privacypolicy with respect to the information it holds regarding its users must appeal to the privacyaware masses. A report undertaken by Joseph Bonneau, Sren Preibusch from the CambridgeUniversity entitled “The Privacy Jungle: On the Market for Data Protection in SocialNetworks”[22] details the findings of a study of privacy policies for popular social networkingsites, and presents best practises when it comes to creation of privacy policies [23].Youth and the Concept of PrivacyIn January 2010, Facebook’s Mark Zuckerberg told TechCrunch’s Mike Arrington [24] in a liveinterview that he thought the concept of privacy no longer applies to the modern day [25]. Sincethis claim the below studies have attempted to understand people’s feelings towards privacy: •Pew Report on Online Reputation Pew Research, a US based research firm, recently conducted areport detailing peoples attitudes to privacy, and online reputation. The report entitled“Reputation, Management, and Social Media” [26], found that young adults are more likely thanolder users to try and limit the amount of information available about them online. dannah boydfrom Microsoft research presents an overview of the research on her blog [27]. • Youth do careabout privacy A secondly unrelated piece of research undertaken by academics at University ofCalifornia Berkley, entitled “How Different are Young Adults from Older Adults When it Comesto Information Privacy Attitudes and Policies?” [28] can be summarised in the below bulletpoints: – Young Adults vs Adults The study did not find significant differences between youngor older adults regarding privacy, everyone seemed to be equally concerned and acknowledge itas an issue. – Young American were uneducated towards issues relating to privacy 42 percent of
young Americans answered all of our five online privacy questions *incorrectly*. 88 percentanswered only two or fewer correctly. The problem is even more pronounced when presentedwith offline privacy issues – post hoc analysis showed that young Americans were more likely toanswer no questions correctly than any other age group.An Aspiration for increased Privacy The report concludes that young-adult Americans have “anaspiration for increased privacy” even though they enjoy participating in social online activities.An aspiration for privacy, with a distinct lack of education with regards to the issues surroundingit. From an educational point of view, the previous two chapters present insight into the world ofsocial networking and privacy policies. The creation of a privacy aware decentralised socialnetwork, such as a future POAF system, is presented as a field where the BBC can innovate interms of ownership of data, empowering future generations with the right to hold onto and sharetheir personal data, in an informed manner. A final piece of work, which might motivate thePOAF service is a recent PhD thesis by Elza Dunkels entitled “Bridging the distance: children’sstrategies on the internet”[29] which shows how children develop their own safety strategieswhen it comes to working online. The work presents findings that show how children tend tocreate strategies for circumventing guidelines made by organisations such as Family OnlineSafety Institute (FOSI)[30] which in turn make it near on impossible for children to have anysocial interactions in the digital world. This notion is presented as another motivating factor forthe development of a privacy aware social networking service. It should be noted that FOSI’sapproach is slightly different from that taken by the Child Exploitation and Online ProtectionCentre (CEOP) in the UK, whereby their attempt to introduce the “panic button”[31], a methodof allowing children to get advice, help, and to report incidents to the police if they feelthreatened online, insofar as they produce guidelines about how children should use the Web, asapposed to allowing children to use the Web, but giving them a simple way to report abuse/gethelp. As it stands out of the major social networking sites, only Bebo [32] has chosen to hostCEOP’s panic button [33].Online privacy risksThere are several risks surrounding the posting of personal information details on socialnetworks. These threats can be caused by hackers or spammers who obtain users’ personalinformation details. Identity theft is one of the major risks that users face (Williams et al. 2009).Access to sensitive information may also lead to terrorism risks, financial risks and physical orsexual extortion (Gharibi&Shaabi 2012). Gao et al. (2011) discussed the common privacy breachattacks in online social networks. First, users usually upload their personal information whenthey trust the service provider. However, the provider can use these details for business purposessuch as advertising. In addition, it is not only the service providers who can see the users’personal information. Some online social networks provide users with policies to determine thelist of authorized persons who can see their personal information. These policies vary from oneprovider to another; some providers give users more flexibility than others and some provideencryption for their data. The second privacy breach can be caused by the user’s friends, who canshare the user’s personal information details with others. Friends who have access to the user’spersonal information can copy and publish this information. The third breach is due tospammers. When spammers see the user’s friend list, they can see other users’ personal
You’re reading a preview
Preview Documents

To View Complete Document

Become a Desklib Library Member.
Subscribe to our plans

Download This Document