The goal of this research is to evaluate the privacy risks associated with information sharing in online social networks and to propose efficient mitigation strategies that may enhance privacy while preserving valuable online interaction. Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. These networks are successful examples of computer-mediated social interaction. However, they also raise novel privacy concerns. This research will quantify the risks associated with information sharing in online social networks, increase awareness about those risks and ways to mitigate them, and therefore help increase the usability and value of those networks.

This project will carry out three main activities. First, it will evaluate the risks that information publicly provided on a social networking site may be used to gather additional and potentially more sensitive data about an individual. Specifically, it will evaluate the risks that an individual's social security number may be estimated from ordinary social network data - with the ensuing threat of identity theft. Second, it will evaluate the risks that information publicly provided on a social networking site may be used to re-identify an individual in the context of pseudo-anonymous data. Specifically, it will evaluate the risk that an individual who posts images of him/herself in otherwise pseudo-anonymous sites may be personally identified using standard face recognition technologies and publicly available social network data. Third, it will design and evaluate appropriate tools to mitigate the level of risk detected through the previous studies, in order to enhance privacy in online social networks without disrupting information sharing.

Online social networks are no longer a niche phenomenon; millions use them for communicating, networking, or dating. Security and privacy risks associated with online social networks therefore become significant. Hence, it is crucial to provide tools for privacy-awareness to users and directions for policy to public agencies as well as social network providers. However, the implications of this study are broader. Online social networks are just one way through which individuals today share personal information online. Computer-mediated communication makes it easy to share information and interact, but also to mine, store, and analyze that data. The wider goal of the research is to evaluate and, if necessary, raise awareness about the novel trade-offs associated with information sharing in computer-mediated social systems. The results will provide insight on how computer-mediated communication is creating new opportunities and threats. Such insight will be of use to government agencies for policy making; to individuals for self-awareness and control; and to private sector entities to inform them about potential vulnerabilities in their architectures.

Agency
National Science Foundation (NSF)
Institute
Division of Information and Intelligent Systems (IIS)
Type
Standard Grant (Standard)
Application #
0713361
Program Officer
William Bainbridge
Project Start
Project End
Budget Start
2007-08-01
Budget End
2011-07-31
Support Year
Fiscal Year
2007
Total Cost
$386,927
Indirect Cost
Name
Carnegie-Mellon University
Department
Type
DUNS #
City
Pittsburgh
State
PA
Country
United States
Zip Code
15213