Upload
jason-hong
View
216
Download
2
Embed Size (px)
Citation preview
The Social Web and Privacy
Examples of Privacy in the News
Examples of Privacy in the News
Why Care about Privacy?
• Your thoughts?
“You have zero privacy. Get over it.”-- Scott McNealy
• Protection from spam, identity theft, mugging• Discomfort over surveillance
– Lack of trust in work environments
– Might affect performance, mental health
– May contribute to feeling of lack of control over life
• Starting over– Something stupid you did as a kid
• Creativity and freedom to experiment– Protection from total societies
– Room for each person to develop individually
• Lack of adoption of tech
Why Care About Privacy?End-User Perspective
Everyday Risks Extreme Risks
Strangers_________________________________
StalkingPersonal safety
Employers_________________________________
Over-monitoringDiscrimination
Reputation
Friends, Family_________________________________
Over-protectionSocial obligationsEmbarrassment
Government__________________________
Civil liberties
The Fundamental Tension
• More information can be used for good and for bad• Example: Facebook
– Socializing and keeping in touch with friends
– Finding old family and friends
– Organizing people for action (Arab spring)
– But embarrassing photos or breakups recorded for all time
– But getting fired (or not being hired) for certain usage
– But new vector for spam and attacks
– But behavioral advertising
Behavioral Advertising
• “the practice of tracking an individual’s online activities in order to deliver advertising tailored to the individual’s interests” - FTC
• Take into account more information for ads– browsing habits
– search queries
– web site history
– Like’s
– Profile
– Sometimes tracking across multiple sites
• Goal is to increase relevancy and get higher conversion rate
The Fundamental Tension
• Most apps today have this same tension
• Example: Locaccino (People Finder)
– Okayness checking and coordination
– But also stalking, monitoring at work, embarrassment, revealing home
• Example: Amazon (ecommerce)
– Improved search results, personalized content, recs
– Price discrimination, selling your info to others, not keeping your info safe from hackers
• “Privacy” conflates many different issues– Protection from spam / intrusions (telemarketers)– Protection from hackers (security)– Undesired social obligations (with friends and family)– Embarrassment (friends, family, colleagues)– Unwarranted monitoring (government, employers)– Separation of different spheres of life
Why is Privacy Hard?Definition problem
Different Spheres of Life Collapsed
Other Examples (based on real examples)
• Bill posts 30 pics from college and tags friends. One friend is Steve, who is shown drunk and vomiting in the picture that shows up on Steve's "Photos" page. Mom, dad and grandma all acquire a new perspective on the financial help they gave Steve for college.
• Janet, a high school senior, posts a generic comment: "feeling bla today." Margaret, a friend of Janet's parents, comments, "what's wrong, honey?" After that, several of Janet's high school friends post a series of profane, obscene or objectionable comments that humorously suggest causes or cures. Because Margaret commented, all subsequent comments flow into Margaret's Facebook News Feed.
How Well Do You Think Google+ Circles Solves the Problem?
• Expectations and levels of comfort change with time and/or experience– Both individual and societal– Many people objected to having phones in
their homes because it “permitted intrusion… by solicitors, purveyors of inferior music, eavesdropping operators, and even wire-transmitted germs”
Why is Privacy Hard?Social Perspective
Why is Privacy Hard?Social Perspective
The appearance of Eastman’s cameras was so sudden and so pervasive that the reaction in some quarters was fear. A figure called the “camera fiend” began to appear at beach resorts, prowling the premises until he could catch female bathers unawares.
One resort felt the trend so heavily that it posted a notice: “PEOPLE ARE FORBIDDEN TO USE THEIR KODAKS ON THE BEACH.” Other locations were no safer. For a time, Kodak cameras were banned from the Washington Monument. The “Hartford Courant” sounded the alarm as well, declaring the “the sedate citizen can’t indulge in any hilariousness without the risk of being caught in the act and having his photograph passed around among his Sunday School children.”
Example: Facebook News Feed
• News Feed introduced in 2006– All the information was already on individual profiles
– News feed aggregated it all in one place
• Original reaction to it?
Why Did People Have This Reaction?
• And why did Facebook have it on by default?
• Easier to capture data– Video cameras, camera phones, microphones, sensors
– Break “natural” boundaries of physics
• Easier to store and retrieve data– LifeLog technologies
– Googling a potential date
Why is Privacy Hard?Technical Perspective
• Data getting easier to store and retrieve– LifeLog technologies– Googling a potential date
Why is Privacy Hard?Technical Perspective
• Easier to capture data– Video cameras, camera phones, microphones, sensors– Break “natural” boundaries of physics
• Easier to store and retrieve data– LifeLog technologies– Googling a potential date
• Easier to share data– Ubiquitous wireless networking– Blogs, wikis, YouTube, Flickr, FaceBook
• Better ways of inferencing
Why is Privacy Hard?Technical Perspective
Example of Inferencing
• “If we wanted to figure out if a customer is pregnant, even if she didn’t want us to know, can you do that?”– Because birth records are usually public, the moment a
couple have a new baby, they are almost instantaneously barraged with offers and incentives and advertisements from all sorts of companies… the key is to reach them earlier, before any other retailers know a baby is on the way.
– [A study in the 1980s] found that when someone marries, he or she is more likely to start buying a new type of coffee. When a couple move into a new house, they’re more apt to purchase a different kind of cereal. When they divorce, there’s an increased chance they’ll start buying different brands of beer.
Example of Inferencing
– Many shoppers purchase soap and cotton balls, but when someone suddenly starts buying lots of scent-free soap and extra-big bags of cotton balls, in addition to hand sanitizers and washcloths, it signals they could be getting close to their delivery date.
– [Target] was able to identify about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score.
– [S]ome women react badly…we started mixing in all these ads for things we knew pregnant women would never buy, so the baby ads looked random. We’d put an ad for a lawn mower next to diapers. We’d put a coupon for wineglasses next to infant clothes. That way, it looked like all the products were chosen by chance.
• Bad data can be hard to fix– Sen. Ted Kennedy on TSA no-fly list
• Market incentives not aligned well– More info can market better– Can sell your info
• Many activities are hidden– Why does Facebook and Path want your contacts list?
Why is Privacy Hard?Organizational Perspective
Shares location, gender, unique phone ID,
phone# with advertisers
Uploads yourcontact list
to FB servers
What is Privacy?
• No standard definition, many different perspectives• Different kinds of privacy
– Bodily, Territorial, Communication, Information
• Many different philosophical views on info privacy– Different views -> different values -> different designs
– Note: next few slides not mutually exclusive
Privacy as Solitude / Isolation
• “The right to be let alone”• People tend to devise strategies “to restrict their own
accessibility to others while simultaneously seeking to maximize their ability to reach people” (Darrah et al 2001)
– Protection from interruptions and undesired social obligations
• Examples: – Spam protection
– Do-not call list, not answering mobile phone
– Invisible mode, ignoring an IM
– IPod cocooning on public transit
Privacy as Anonymity
• Hidden among a crowd
• Examples: – Web proxy to hide web traffic
– K-anonymity• “An asian male in this room who is over 30 and once
broke his right arm” vs “a female”
Privacy as Anonymity
• Work by Latanya Sweeney on re-identification of data– Massachusetts insurance company wanted to release data
of state employees to medical researchers
– Took their database, removed obvious identifiers• Deleted name, SSN, street address
– “Governor Weld resided in Cambridge, Massachusetts, a city of 54,000 residents and seven ZIP codes. For twenty dollars, [Sweeney] purchased the complete voter rolls from the city of Cambridge, a database containing, among other things, the name, address, ZIP code, birth date, and sex of every voter. By combining this data with the GIC records, Sweeney found Governor Weld with ease. Only six people in Cambridge shared his birth date, only three of them men, and of them, only he lived in his ZIP code.”
Privacy as Anonymity
• More work by Latanya Sweeney– Showed that 87% of Americans could be uniquely
identified by ZIP code, birth date, gender
• Netflix linkage attack by Narayanan and Shmatikov– Netflix offered $1m to the team who could improve their
recommender system by 10%
– Offered an anonymized set of 500k users• UserID, ratings of movies, date of ratings
– Demonstrated how to (weakly) re-identify some people
Privacy as Projecting a Desired Persona
• People see you the way you want them to see you (impression management)
• Examples:– Cleaning up your place before visitors
– Putting the right books and CDs out
– Having “desirable” Facebook groups,hobbies, politics, etc on your profile
Privacy as Projecting a Desired Persona
• Facebook and projecting a persona– Let’s consider what’s involved
– People create a profile with an expectation to be seen by certain people
• Think friends
– But can be seen by many others• Think family, employers, parents
– Controls are hard to manage here
– Also asynchronous, don’t get feedback as in real life
Online Social Networks vs Real Life
Some Incidents
• Prospective Employers– New York Times article describes how one hiring officer lost
interest in a promising applicant when he discovered through Web chat that the applicant was interested in “smoking blunts, shooting people, and obsessive sex.”
• Microsoft commissioned research in Canada, Germany, Ireland, Spain, and the United States– 91 percent of people have done something to manage
their online profile
– only 44 percent of adults actively think about the long-term consequences their activities have on their online reputation.
A
A
A
B
B
C
Privacy as a Process
• Controlled, rationalistic process– Bank and web site privacy policies
– Many rules governing how personal information gathered and used
• Organic and fluid process– Adjusting window blinds
– Opening or closing my office door
– Choosing what I do or don’t disclose during a conversation
Privacy as Protection of Self vs Others
• Protecting Self• Protecting Others?
– Mandatory privacy, wearing clothes
– Cell phones going off in theaters
Overview of Privacy
• Why care?• Why is it hard?• Thinking about and Designing for Privacy
– Specific design issues
• Specific Issues with Social Networks
Lessig’s Framework
• Lawrence Lessig is a academic lawyer best known for copyright issues
• Presents a framework for how to influence behavior, has been adapted by others for privacy
Exercise
• How to manage privacy on social networks?
• Split into 4 teams
Privacy Policies
• Evidence strongly suggests people don’t read privacy policies– Carlos Jensen et al, CHI 2004
– Also found that far more people say they read privacy policies than logs indicate
• Problems with privacy policies?
Multi-Level Privacy Policies
• http://www.pg.com/privacy/english/privacy_notice.html
Multi-Level Privacy Policies
• Idea from EU Working group on privacy– Short - Few sentences, for mobile phone
– Condensed - Half page summary
– Full - Details
Privacy Labels
Segmenting Users
• Westin and others have been running surveys over the past few years looking at individuals wrt orgs
• Responses can be “strongly disagree,” “somewhat disagree,” “somewhat agree,” “strongly agree.”
• Sample three questions from 2001 study:1. Consumers have lost all control over how personal
information is collected and used by companies
2. Most businesses handle the personal information they collect about consumers in a proper and confidential way
3. Existing laws and organizational practices provide a reasonable level of protection for consumer privacy today
Segmenting Users
• Rough order of magnitude results over the years• Don’t care (~10%)
– I’ve got nothing to hide
– We’ve always adapted
– "You have zero privacy anyway. Get over it."
• Fundamentalist (~25%)– Don’t understand the tech
– Don’t trust others to do the right thing
• Pragmatist (~65%)– Clear cost-benefit
– Some research has suggested distinction between identity-concerned vs profile-concerned (~evenly split)
Specific Design Issues with Privacy
• Awareness• Social Phishing
Awareness
• Should social networking sites provide awareness of who has recently seen your profile?
• Examples of sites that do offer awareness:– Friendster, LinkedIn (somewhat)
– Orkut, OKCupid (opt-in)
• Sites that do not:– Facebook, MySpace
• Pros and Cons?
Phishing
Phishing Attacks
• A form of social engineering– Estimated $350m-$2b direct losses a year
– Spear-phishing and whaling attacks escalating
– Steal sensitive corporate or military information
Phishing Attacks
• A form of social engineering– Estimated $350m-$2b direct losses a year– Spear-phishing and whaling attacks escalating– Steal sensitive corporate or military information– bankofthevvest.com
• From the CACM article, citing Gartner report:– 19% surveyed said clicked on link– 3% gave up personal information
• Other stats: – Microsoft: ~0.4% of IE beta users entered information
(Florencio and Hurley, WWW2007)
Phishing Attacks
• Social networks can be used to facilitate phishing– Study by Indiana University
– Crawled social networking data for students
– Experimental condition: Get fake email from a friend• Alice would get fake email from friend “Bob”
– Control condition: Get fake email from stranger at university
– Asked people to log into the university site• Passwords verified but not stored anywhere
Social Phishing Attacks
• Social phishing 4.5x more effective• Similar results to other studies
– West Point cadets asked to login by fictitious colonel
Ethics of this study?
• What were people’s reactions, and why?
• Other ways to do this (or similar) studies?
What other kinds of Social Phishing Scams can you think of?
What other kinds of Social Phishing Scams can you think of?
What other kinds of Social Phishing Scams can you think of?
What other kinds of Social Phishing Scams can you think of?
• Video of the party you were at– Scammer took person’s own photo, blurred it,
put a play button on top, and linked to malware