Michael Beye1 , Arjan Jeckmans2 , Zekeriya Erkin1 , Pieter Hartel2 , Reginald Lagendijk1 and Qiang Tang2 1
Information Security and Privacy Lab, Faculty of EEMCS, Delft University of Technology 2 Distributed and Embedded Security, Faculty of EEMCS, University of Twente
Abstract. In recent years, Online Social Networks (OSNs) have become an important part of daily life for many. Users build explicit networks to represent their social relationships, either existing or new. Users also often upload and share a plethora of information related to their personal lives. The potential privacy risks of such behavior are often underestimated or ignored. For example, users often disclose personal information to a larger audience than intended. Users may even post information about others without their consent. A lack of experience and awareness in users, as well as proper tools and design of the OSNs, perpetuate the situation. This paper aims to provide insight into such privacy issues and looks at OSNs, their associated privacy risks, and existing research into solutions. The ﬁnal goal is to help identify the research directions for the Kindred Spirits project. Keywords: Online Social Networks, privacy
In recent years, Online Social Networks (OSNs) have seen signiﬁcant growth and are receiving much attention in research. Social Networks have always been an important part of daily life, but now that more and more people are connected to the Internet, their online counterparts are fulﬁlling an increasingly important role. Aside from creating an actual network of social links, many OSNs allow their users to upload multimedia content, communicate in various ways and share many aspects of their lives. Because of the public nature of many social networks and the Internet itself, content can easily be disclosed to a wider audience than the user intended. Limited experience and awareness of users, as well as the lack of proper tools and design of the OSNs, do not help the situation. We feel that users are entitled to at least the same level of privacy in OSNs, that they enjoy in real-life interactions. Users should be able to trade some information for functionality without that information becoming available beyond the intended scope. For example, a user of a self-help OSN like PatientsLikeMe, who suﬀers from a given medical condition might not want everyone to know about this, but at the same time the user would like to meet people with the same condition. This is the context of the Kindred Spirits project, and its aim is to provide users the ability to meet and interact with other (similar) people, while preserving their privacy. This paper aims to provide insight into privacy issues and needs faced by users of OSNs and their origins. The insights gained help plot a course for future work. To this
end, we look at OSNs as they currently exist (Section 2), the associated privacy risks (Section 3), and existing research into solutions (Section 4). The ultimate goal is to identify open topics in research through reﬂection on existing proposals (Section 5).
2 Online Social Networks
Let us begin by framing the concept of Online Social Networks, and observe why OSNs are as widely used as they are today. This will help us understand the needs of OSN users, the environments they navigate, and potential threats as discussed in further sections. 2.1 Deﬁnition of OSNs
Boyd and Ellison’s widely used deﬁnition  captures the key elements of any OSN: Deﬁnition 1. An OSN is a web-based service that allows individuals to: 1. construct a public or semi-public proﬁle within the service, 2. articulate a list of other users with whom they share a connection, 3. view and traverse their list of connections and those made by others within the service. The list of other users with whom a connection is shared is not limited to connections like friend (Facebook, MySpace)...