Social Media and Privacy

洪宣 庞晓燕 文静

CONTENT

Part 1 Concept of PrivacyPart 2 Cases of Privacy DisclosurePart 3 Privacy Protection

Concept

of Privacy

Privacy• In general, it refers to the right to be free from secret surveillance and

to determine whether, when, how, and to whom, one's personal or organizational information is to be revealed. • Specifically, privacy may be divided into four categories (1) Physical:

restriction on others to experience a person or situation through one or more of the human senses; (2) Informational: restriction on searching for or revealing facts that are unknown or unknowable to others; (3) Decisional: restriction on interfering in decisions that are exclusive to an entity; (4) Dispositional: restriction on attempts to know an individual's state of mind.

http://www.businessdictionary.com/definition/privacy.html

•Web 2.0• Participatory information sharing• Social networking sites (SNSs)• Give personal information out• A growing attention to the issue of privacy

Questions:

1. What is social media privacy?

2. How did data breaches happen?

Social Media PrivacyBasic Information: Name, telephone number, Email address, home address…

Social Networking activity data: browsing behavior, location, what time using which services…

Analyzed data based on existed information: occupation, hobbies, attributes, emotional tendency…

Exploiting Social Media Information for relational user Attribute Inference

— Institute of Automation, the Chinese of Academy Science

Cases ofPrivacy

Disclosure

1. Hacker Attack —historical mega breaches

65 million2013

167 million2012

News on May 2016

user IDs, email addresses, password

￥$150

$2300

Black market

2. Third-party WebsitesMeeting users’ need among different platformsGames 、 News 、 MusicGiven certain permissions, they can even see information that our friends share with us.

In 2014, Gigya conducted a survey which polled 4,000 respondents in the United States and Britain on their thoughts about data privacy

Convenience : 60% users will still log into other websites, even though they fear those companies aren't being careful with their data

2. Third-party Websites

3. Cyber Manhunt

tracking down and exploring one’s private information via internet media

sometimes gained notoriety to the target after blame and shame

4. Users In 2013, A survey interviewed 802 teens that examines teens' privacy management on social media sites92% post their real name to the profile they use most often.84% post their interests, such as movies, music, or books they like82% post their birth date62% post their relationship status24% post videos of themselves

5. Social Networking Sites

Max Schrems wrote term paper on Facebook‘s lack of awareness of European privacy law in 2011Under European “right to access”, he made a request for Facebook’s records on him and received a CD containing over 1,200 pages of dataSensitive personal data: friends he no longer followed, deleted information

Max Schrems

collecting data without valid permission

6. Recommending ads, is that simple?

On Facebook or other social media apps, an advertiser can only send ads to a user if that user has some connection to the brand in question. A connection can include group membership or a "like" of that brand's corporate page.

• An Arkansas lawyer and political blogger, Matt Campbell, has sued Facebook for allegedly using data from private messages to target ads.

• The core of their complaint concerns the access advertisers have the messages. • “Contrary to its representations, 'private' Facebook messages are systematically

intercepted by the Company in an effort to learn the contents of the users' communications... This practice...enables Facebook to mine user data and profit from those data by sharing them with advertisers.”

•

•

Imagining that your conversations with your friends actually have other unknown “audience”, kind of scary?

Hacker News revealed back in Oct. 2012 that a shared link within a private message between Facebook users also counts toward the total. Facebook admitted this to the Wall Street Journal in that publication's follow-up story.

7. They are tracking your locations?• “people around you” in Wechat（附近的人）• Three - point positioning method（三点定位法） a popular saying in the social media a panic concerning safety arises and spread

微信=危信？

• 记下自己和对方的距离，之后两次变换位置，重新测量自己和对方的距离，最后以三次测量地点为圆心 / 三个距离为半径画三个圈，三圆重合的位置就是对方所在的位置。• It is proved that this method is not as accurate as they say.

• 实际上“最精确也只能在 100 米范围内画一个圈”• But we still need to be cautious

about sharing our locations, it might be used by strangers.

8. No location sharing, but you know where I live?• A student took 40 mins to deduce actress's address from pictures

8. No location sharing, but I know where you live?• A student from Tsinghua University said he took four simple steps to deduce

the famous actress (WANG Luodan)'s address through the pictures posted on her Weibo.• Step 1: Get information• The student selected two pictures which contain some clues on her Weibo

• From the photographs, there are at least three square parterres we could see. Then the student used GoogleEarth to intercept the bird's-eye view of Beijing and compared it with the selected pictures of WANG's Weibo.

Step 2: Select the districtThe student used other information on Weibo to narrow his selected regions, like...

• Step 3: Search • As excluding several possible regions, the student intercepted a

bird's-eye view in GoogleEarth and zoomed in a part of picture. He soon found that the picture was extremely similar to WANG's picture selected in step1.

• Step 4: Field testThe student went to the place he deduced in step 3 and finally verified his conclusion.

So a simple picture is more than that.Be careful about the detectivein your daily life, like you Suitors or your Suspicious girlfriend.

9. "People You May Know", but I don't want to be known E1: friends recommending on QQ• QQ’s “recommending friends” feature do not simply show your QQ

name. It shows your real name .• You can find that almost all people you knew are listed here.

“ 腾讯的实名好友推荐翻一遍后，感觉就是自己以前在读年级所有学生的通讯录“

E2: Washington woman found husband's other wife on Facebook• An American named Alan L. O'Neill married a woman in 2001, moved

out in 2009, changed his name and remarried without divorcing her. • The first wife first noticed O'Neill had moved on to another woman

when Facebook suggested the friendship connection to wife No.2 under the "People You May Know" feature.

• Wife No.1 then called the defendant's mother.• “An hour later the defendant arrived at [Wife No.1’s] apartment, and she

asked him several times if they were divorced”, court records show. The defendant said, 'No, we are still married.'"• Neither O'Neill nor his first wife had filed for divorce, according to charging

documents. The name change came in December, and later that month he married his second wife.

From the issue mentioned above...• Obviously, Facebook helps the woman to find out that his husband has

cheated her for several years.• The Prosecutor Lindquist said, "Facebook is now a place where people

discover things about each other ."

• But on the other side, some people are concerned about their privacy of social contacts, because people can easily know what kind of people you are acquainted with.• Athima Chansanchai, a freelance journalist who writes about social

media, said Facebook over the years has played a role in both creating relationships and destroying them.

PrivacyProtectio

n

Privacy Protection•Government and legislature•Service providers•Social media users

Government and legislature

• Lawmakers should enact laws and regulations to protect social media users’ privacy. • Stipulate the responsibility of service providers.• Specify the punishment that online information criminals will face.• Provide some guidance for social media users to raise their awareness

of online security and privacy protection.• Offer necessary help when users are threatened, harassed or

defamed online

USA• 25 states of the US have enacted social media privacy laws (2012.4-

2016.7)• Regulating the use of social media by employers and educational

institutions

USA• United States Congress• Introduce Social Networking Online Protection Act

Australia•Office of the Australian Information Commissioner

Australia• Office of the Children’s eSafety Commissioner

Australia• ThinkUKnow

Australia• StaySmartOnline

Service providers• When designing social networking sites and apps, personal data protection should be

proactive and preventative in nature, and it should cover the entire cycle of personal data flow from collection to erasure.

• Personal information Collection Statement should be declared clearly before users confirm signing up for accounts. Users have the right to know under what circumstances will their personal data be collected, accessed or shared and for what purposes. The purposes must be lawful and directly related to a function or activity of the data users.

• Service providers should remind the users to pay high attention to information storage, privacy settings and online security. For example, when the users turn on the geolocation function of the apps, providers should inform users of the potential risks.

Social media users• Read the Privacy Statement before signing up for any SNS•Manage your privacy settings• Protect your accounts with strong, unique passwords• Think twice before you post any information• Don’t reveal personal information

Social media users• Be selective when accepting a friend• Exercise caution when clicking on links• Turn off the geolocation features in social networking apps• Don’t enable auto login• Close old accounts that you don’t use anymore

THANKS