For millions of Internet users today, controlling information access on Online Social Networks (OSNs) such as Facebook and LinkedIn is a difficult challenge. Privacy controls in current systems do not provide the necessary level of flexibility and usability to their users. Some systems like MySpace and LinkedIn allow users to grant all-or-nothing access control to their profiles. While simple to use, these controls are imprecise and can easily leak data to unintended recipients or prevent the legitimate sharing of data. In contrast, OSNs like Facebook provide extremely powerful controls that are unfortunately too complex for most users to configure. This proposal addresses the need for privacy control policies that are both powerful and simple to use. The proposed work provides simple and powerful privacy policies by using machine learning techniques to automatically infer user preferences from observed user behavior. The work also proposes "privacy lenses," a generalized mechanism to debug privacy policies by viewing user information through the access controls of any specified user. These technical solutions will be implemented on the Facebook social network as a third-party application. In addition, the data gathered from the deployed application will provide evidence to either validate or refute the perplexing phenomenon known as the "privacy paradox," where users take little action to protect their privacy despite expressing strong concerns about online privacy.
The proposed project addresses a significant problem fundamental to protecting online information. By allowing the social network to "learn" what users want based on their actions, the PIs remove the complexity of managing privacy policies, thereby giving non-technical Internet users a simple and intuitive way to customize their preferences. The work is novel in its use of machine learning techniques to infer user preferences, and can change the way privacy policies are constructed for a wide variety of Internet applications. By gathering user data from a large-scale social network, the project will also provide significant support to improve understanding of the motivations behind users actions concerning online privacy. Finally, the proposed work will integrate sophisticated experimental networking research techniques with detailed human studies, adding an additional dimension to traditional experiments performed by social scientists.
The major goals of this project were to study the status of privacy and security mechanisms in today's online social networks, and to design privacy protection mechanisms to improve the state of the art. Part of this included performing user studies to understand how users view privacy settings today, and how privacy mechanisms can take these views into account in their design and usage policies. As part of our results, we studied users' views towards privacy and security on online social networks through user surveys, and explored the issue of the Privacy Paradox in the social networking context. We also performed multiple research studies to empirically measure, analyze, model, and detect the prevalence of spam and fake users through a variety of contexts and techniques. Finally, we also extended the study to include malicious crowdsourcing attacks that are on the rise in today's Internet. Our results have produced significant impact on industry, academia and popular press. The PIs have given numerous talks to industry, including Zynga, LinkedIn, Renren and others. Several projects have produced technical output (software, models and algorithms) which have been integrated and deployed by social networks such as Renren and LinkedIn. In terms of academic research, the project has produced close to 20 publications at top conferences and journals in both computer science (IMC, NDSS, Usenix Security, WWW) and social science. Finally, work from this project has been featured in articled by popular press, including MIT Technology Review, Boston Globe, Slashdot, Sydney Morning Herald, InfoWorld, and Consumerist.
