Privacy violations in online social networks (OSNs) often
arise as a result of users sharing information with unintended
audiences. One reason for this is that although OSN capa-
bilities for creating and managing social groups can make
it easier to be selective about recipients of a given post,
they do not provide enough guidance to the users to make
informed sharing decisions. We present Privacy Dynamics, an adaptive architecture that learns privacy norms for different audience groups based on users' sharing behaviours. Our architecture is underpinned by a formal model inspired by social identity theory, a social psychology framework for analysing group processes and intergroup relations. Our formal model comprises two main concepts, the group membership as a Social Identity (SI) map and privacy norms as a set of conflict rules. In our approach a privacy norm is specified in terms of the information objects that
should be prevented from flowing between two conflicting
social identity groups. We implement our formal model by
using inductive logic programming (ILP), which automatically learns privacy norms. We evaluate the performance of our learning approach using synthesised data representing the sharing behaviour of social network users.
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
Seams2016 presentation calikli_et_al
1. PRIVACY DYNAMICS:
LEARNING PRIVACY NORMS
FOR SOCIAL SOFTWARE
Handan Gül Çalıklı, Mark Law, Arosha K. Bandara,
Alessandra Russo, Luke Dickens, Blaine A. Price, Avelie Stuart,
Mark Levine and Bashar Nuseibeh
4. Social Media Platforms
• As of November 2015
Facebook ranked at the top
with 1.55 billion active users.
• Significant increase in the
number of users of LinkedIn,
Twitter and Instagram since
September 2014.
Increase in the
number of users
Increase in user
engagement
6. Problem for Software Engineers?
• Many app developers are using sharing
functionalities of social media platforms.
• Some numbers to give an idea about the
size of Facebook’s network of developers [4]
• More than 30 million apps and websites
use Facebook’s developer tools.
• Facebook’s users shared 50 billion pieces
of content from apps last year.
[4] Facebook’s annual F8 developer conference, 25th March 2015, San Francisco
Problem: Apps developed by using sharing
functionalities of social media platforms may
violate privacy of many users.
7. Privacy Dynamics (PD) Architecture
• Modeled by using Social
Identity Theory (SIT).
• Core of the architecture
implemented by using
Inductive Logic
Programming (ILP).
9. Actual Audience
David: Alice’s
Boss
Charlie: Alice’s
Colleague
Bob: Alice’s
Friend
John
Shared Item
Alice
Imagined Audience
FriendS
[1] E. Litt. Knock knock. Who’s there? The imagined
audience. Journal of Broadcasting and Electronic
Media, 56(3):330-345, 2012.
[1]
10. Why?
Context collapse[2]:
co-presence of
multiple groups on
OSNs[3]
[2] D. B. Alice E. Marwick. I tweet honestly, I tweet passionately: Twitter users, context collapse and the imagined audience. New
Media and the imagined audience.
[3] A. Lampinen, S. Tamminen, A. Oulsvirta. All my people right here, right now: Management of group co-presence on a social
networking site. In the Proceedings of ACM 2009 International Conference on Supporting Group Work , GROUP’09, pages 281-290,
New York NY, USA, 2009.
13. Privacy Dynamics (PD) Architecture
How it works:
• monitors user’s sharing behavior,
• learns user’s privacy norms,
• when user makes a share request,
based on these norms makes
recommendations to the user.
14. Privacy Dynamics (PD) Architecture
How it works:
• monitors user’s sharing behavior,
• learns user’s privacy norms,
• when user makes a share request,
makes recommendations to the
user based on these norms.
15. Privacy Dynamics (PD) Architecture
How it works:
• monitors user’s sharing behavior,
• learns user’s privacy norms,
• when user makes a share request,
makes recommendations to the
user based on these norms.
16. Privacy Dynamics (PD) Architecture
• Modeled by using social
identity theory.
• Core of the architecture
implemented by using
inductive logic
programming.
How it works:
• monitors user’s sharing behavior,
• learns user’s privacy norms,
• when user makes a share request,
makes recommendations to the
user based on these norms.
17. Social Identity (SI) Theory
• In social psychology literature,
social identity theory is theoretical
analysis of group processes and
intergroup relations.
• Social identity theory
refers to our sense of
ourselves as
members of a group
and the meaning that
group has for us.
18. Social Identity (SI) Theory
• According to Social Identity
Theory:
• people belong to multiple
groups
• social identities are
created through group
memberships.
19. Back to our Example: John’s Facebook
Newsfeed
John
Bob
Alice
David
Charlie
[2] D. B. Alice E. Marwick. I tweet honestly, I tweet passionately: Twitter users, context collapse and the imagined audience. New Media and the
imagined audience.
[3] A. Lampinen, S. Tamminen, A. Oulsvirta. All my people right here, right now: Management of group co-presence on a social networking site.
In the Proceedings of ACM 2009 International Conference on Supporting Group Work , GROUP’09, pages 281-290, New York NY, USA, 2009.
Bob
Alice
Charlie
David
…….
ColleaguesClose
Friends
Charlie
Bob David
Alice
…….
…….Alice’s
Colleague &
Close Friend
Alice’s
Boss
Alice’s
Close
Friend
21. Social Identity Map and Conflicts
• Based on Social Identity Theory, we define two
concepts:
• Social Identity Map (SI Map)
• Conflicts
ColleaguesClose
Friends
Charlie
Bob David
Alice
…….
…….
John’s SI map
For the shared item, “Colleagues”
social identity group conflicts with
“Close Friends” social identity group
given the value of the location
attributes of information object to be
shared is “night club”.
Information object o1
<alice, night_club,night_time,
weekday>
24. Learning Privacy Norms
Inductive Logic
Programming
ShareÈSI ÈObj
Background
Knowledge
Conflict(s)
Conf
Share: Rules of sharing
SI: Social Identity (SI) map
Obj: Values of Object
Attributes
Share History
E+
ÈE-
E+: Positive sharing examples
E-: Negative sharing examples
25. Learning Privacy Norms: An Example
• Rules of Sharing ( )
• Rule1: Sharing an object O with person P, who is
in social identity S1 could cause a conflict if the
subject of the object O is in another social identity
S2 which conflicts with S1 for object O.
• Rule2: All objects O are shared with all people P,
unless there is a conflict.
Share
S1:Colleagues
S2:
Close
Friends
Charlie
Bob
David
Alice
…….
…….
O:party
photo
Alice
CONFLICT!
conflict(O, P):-
subject(O, P2),
in_si(P,S1),in_si(P2,S2),
conflict_si(O,S1,S2).
share(O, P):-
person(P),
object(O),
not conflict(O,P).Back to our Example:
Alice’s boss
26. Learning Privacy Norms: An Example
• Back to our Example:
s1:Colleagues
s2: Close
Friends
Charlie
Bob
David
Alice
…….
…….
John’s SI map
ShareÈSI ÈObj
Background
knowledge
Obj :
in_si(charlie,s1).
in_si(david,s1).
in_si(alice,s2).
in_si(bob,s2).
in_si(charlie,s2).
SI :
subject(o1,alice).
location(o1, night_club).
time(o1’ night_time).
day(o1’ week_day).
Party photo o1
subject(o2,alice).
location(o2, office).
time(o2’day_time).
day(o2’ week_day).
Office photo o2
27. Learning Privacy Norms: An Example
s1:Colleaguess2: Close Friends
Charlie
Bob
David
Alice
…….
…….
Party photo o1 Office photo o2
E+ =
share(o1,alice)
share(o1,bob)
E- =
share(o1,charlie)
share(o1,david)
share(o2,alice)
share(o2,bob)
share(o2,charlie)
share(o2,david)
28. Learning Privacy Norms: An Example
s1:Colleagues
s2: Close
Friends
Charlie
Bob
David
Alice
…….
…….
O:party
photo
CONFLICT!
conflict_si(O,s1,s2):- location(O, night_club)
31. generate SI map & Conflicts
for each p% complete SI map and Conflicts (p = 100, 95, 90, 50)
p%
complete
SI map
32. generate SI map & Conflicts
for each p% complete SI map and Conflicts (p = 100, 95, 90, 50)
p%
complete
SI map
repeat 100 times
33. generate SI map & Conflicts
for each p% complete SI map and Conflicts (p = 100, 95, 90, 50)
p%
complete
SI map
repeat 100 times
repeat for n conflicts, n = 10, 20, 40
34. Synthetic Data Generation
• Number of people in a social network: 150 (Dunbar’s
number)[4]
• Range for total number of social identity (SI) groups:[2,10][5]
• Range for SI group size: [1, 43][5]
• Pattern of the social network2:
• 25% of SI groups are contained in another SI groups
• 50% of SI groups overlap with another SI group
• 25% of SI groups have no members in common with other SI groups
[4] R. I. M. Dunbar. Neocortes size as a constraint on group size in primates. Journal of Human Evolution, 22(6):469-493, June 1993.
[5] J. Mcauley and J. Lescovic. Discovering social circles in ego networks. ACM Transactions on Knowledge Discoveryand Data,*(1):4:1-
4:28Feb. 2014.
38. Discussion
• Current approach depends on providing accurate SI map
• Timeout was set 5 minutes.
Increasing the timeout may give better results.
• Assumption: No noise in user’s sharing behavior.
39. Conclusions & Future Work
• Privacy Dynamics Architecture, drawing on Social Identity
Theory for two key concepts:
• Group membership info (SI maps)
• Privacy norms (conflicts)
• We used ILP to implement the PI engine to learn privacy
norms provides human readable privacy rules.
• Found good results even for 50% incomplete SI maps.
• Experiment using real data rather than synthetic data
• Introduce noise in user’s sharing behavior.
[Lots of people are using social media and the activity of people on social media is also increasing. Social media is a big domain and it is becoming increasingly important to increasing number of people]
For the last couple of years there is a significant increase in the number of social media platform users.
For instance, as of November 2015, Facebook ranked at the top with 1.55 billion active users.
In addition to an increase in the number of users, there is also an increase in the level of user engagement.
About Pew Statistics: According to the surveys conducted by Pew Research Center for years 2012-2014, among >1500 adults in USA aged >18,Facebook is the most popular web site although the growth of Facebook has slowed down it is still the most popular platform by far. Other social media platforms saw significant growth.
[Even with manual sharing there can be privacy violations and they can be damaging]
On the other hand, privacy violations occurred as a result of SHARING with the WRONG AUDIENCE.
Many people lost their jobs: For instance, a kindergarten teacher lost her job at kindergarten, because she posted on Facebook that she hated being with children and her employers saw this post.
Some people lost their health benefits and
Some people experienced serious damages in their relationships with their spouses, family and friends.
[Over and above the privacy violations caused by manual sharing, now people are building apps which reduces the amount of control on who shares what with who]
So far, I have mentioned the problem form the perspective of end-users.
How about the problems from the perspective of software engineering?
We propose “Privacy Dynamics (PD) Architecture” which developers can integrate to their apps that use sharing functionalities of the social media platform.
Privacy Dynamics Architecture stands between the app and the social media platform.
This could be extended so that Privacy Dynamics Architecture can stand between multiple Apps and multiple social media platforms.
PD architecture monitors users’ sharing behavior to learn his/her privacy norms and make recommendations to the user.
The architecture is designed by inheriting theories from “Social Identity Theory” and the core of the architecture is implemented by using inductive machine learning.
So what is the “Problem”?
Let’s explain using a simple example scenario.
John uses various social media platforms.
One day he shares a party photo of his friend Alice on Facebook. While posting Alice’s photo John has an “imagined audience” on his mind.
In media and communication literature, “imagined audience” is defined as the audience with whom the user thinks that (s)he is communicating.
“imagined audience” is an essential feature of social media platforms, since audience is not necessarily co-located with the user at the time the information is shared.
John’s “imagined audience consists of people who are close friends with both Alice and John.
However, in the “actual audience” , besides Bob who is Alice’s close friend, there are also Charlie and David who are Alice’s colleague and boss, respectively.
Alice would not want her party photo being seen by Charlie or Bob. Hence, Alice’s privacy is violated.
Imagined audience not being identical with the actual audience may lead to privacy violations.
Why does this happen?
ONE EXPLANATION FOR WHY THIS HAPPENS IS because of “context collapse”.
Our close friends, colleagues, family members, high school friends, neighbors, who are separated by time and space are all collapsed into a single context on social media platforms.
We propose “Privacy Dynamics (PD) Architecture” which developers can integrate to their apps that use sharing functionalities of the social media platform.
Privacy Dynamics Architecture stands between the app and the social media platform.
PD architecture monitors users’ sharing behavior to learn his/her privacy norms and make recommendations to the user.
Arosha: When the user attempts to share something through the social app, the app will consult the architecture to find out if there are potentially unintended audience in that share request and report that back to the user.
Arosha: The arrows “share decision” and “modifications to the SI map” are not required at this stage of the presentation. You have monitoring at the bottom: the friends list and share history are monitored by the architecture. You have the “share request”
Arosha: Leave the arrows there, and don’t explain them. These details will come later in the presentation. But this is the high level of what the architecture s doing.
It has been empirically shown by Lampinen et al. that multiple groups are co-present on Facebook users’ sites and multiple social identities corresponding to these groups are salient to users.
This empirical study also shows that Facebook users are aware of the presence of multiple groups on their sites and in order to prevent privacy violation they form implicit groups by mentally dividing individuals in to subgroups.
Each implicit group is modeled as a Social Identity Group
John’s mental groups on Facebook are John’s SI map
The privacy norms learnt by the “Privacy Dynamics (PD) architecture” are the conflicts between two social identity groups.
Shared information is defined in terms of its attributes. The conflicts change depending on the attributes being shared.
If social identity group B conflicts with social identity group A for a given set of attribute values of an information object, then that information object should not flow from A to B.
As mentioned previously, our goal is to support developers who develop apps that use sharing functionalities of the social media platform with effective privacy management capabilities that are adaptive to user’s sharing behavior.
Once it receives the share request, Audience Recommendation Engine queries for user’s SI Map, conflicts and object attributes and returns potential receivers in the conflicting social identity groups who are the unintended audience.
Content analysis module takes the object to be shared as input and outputs object attribute types and values.
The background knowledge including user’s SI map, share history, object attributes and conflicts that are learnt by the Privacy inference engine are all stored at the PD repository.
Social Media Platform Monitor periodically fetches user’s friends list and share history from the social media platform.
The core of the Privacy Dynamics architecture is the Privacy Inference engine that uses user’s share history and SI map to learn the “conflicts” which are rules about information objects that should not be shared from one social identity group to another. PI engine uses Inductive Logic Programming (ILP) to learn the conflicts.
One optimal solution would be the single conflict rule