Vol-3194/paper70
Jump to navigation
Jump to search
Paper
Paper | |
---|---|
edit | |
description | |
id | Vol-3194/paper70 |
wikidataid | Q117344928→Q117344928 |
title | Cross-Social Network Investigation to Highlight Privacy Violations in Data Sharing Activities |
pdfUrl | https://ceur-ws.org/Vol-3194/paper70.pdf |
dblpUrl | https://dblp.org/rec/conf/sebd/CerrutoCDGP22 |
volume | Vol-3194→Vol-3194 |
session | → |
Cross-Social Network Investigation to Highlight Privacy Violations in Data Sharing Activities
Cross-Social Network Investigation to Highlight Privacy Violations in Data Sharing Activities Francesca Cerruto, Stefano Cirillo, Domenico Desiato, Simone Michele Gambardella and Giuseppe Polese University of Salerno, Department of Computer Science, Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy Abstract Social networks represent a vast source of information and have an increasing impact on people’s daily lives. In fact, they permit to exhibit users’ lives, share emotions, passions, and interactions with other users around the world. These data need to be monitored because they could produce privacy violations, especially when they involve sensitive information. In this scenario, the definitions of privacy policies for safeguarding users’ data represent a difficult challenge that social networks have to deal with. In fact, although social network platforms offer privacy settings to protect data, often, users are unable to properly manage them to safeguard their privacy. To this end, in this work, we present a statistical investigation concerning privacy policies offered by social network platforms. In particular, we have defined a tool relying on image-recognition techniques capable of exploring social network platforms and identifying user profiles starting from their pictures. Moreover, we have composed a dataset of 5000 users by retrieving their data available over different social network platforms in order to compare publicly accessible data provided in the registration phases, and those retrieved by our analysis. The proposed work underlines privacy violations over social network platforms when privacy policies are not managed correctly, and is targeted to improve the users’ awareness concerning the spreading and managing of their data. We have highlighted all the statistical evaluations made over the gathered data for putting in evidence the privacy issues. Keywords Privacy, Social Networks, Data Analysis 1. Introduction Plenty of people are registered over several social networks, sharing a vast amount of infor- mation. Moreover, social networks play a fundamental role in human interactions since they permit people to share emotions, ways of thinking, points of view, and so on. In this scenario, preserving users’ privacy is crucial for social network platforms since they cannot permit the jeopardization of users’ data. Users tend to use social networks to share information massively, and in most cases, they do not care about privatizing data and are unaware of the threats they can be exposed to. Moreover, the growing number of users signing up on these platforms yields the necessity of analyzing how they manage their privacy, mainly when using multiple social networks. Several studies have discussed data privacy issues on social networks [1, 2, 3, 4], but only SEBD 2022: The 30th Italian Symposium on Advanced Database Systems, June 19-22, 2022, Tirrenia (PI), Italy $ f.cerruto@studenti.unisa.it (F. Cerruto); scirillo@unisa.it (S. Cirillo); ddesiato@unisa.it (D. Desiato); m.gambardella24@studenti.unisa.it (S. M. Gambardella); gpolese@unisa.it (G. Polese) � 0000-0003-0201-2753 (S. Cirillo); 0000-0002-6327-459X (D. Desiato); 0000-0002-8496-2658 (G. Polese) © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) �some of them have provided tools capable of improving users’ awareness when sharing their data on social networking platforms [5, 6, 7]. In our work, we perform cross social network analysis on five social network platforms to figure out which is the information that is most frequently shared over social networks, and that can jeopardize user’s privacy [8, 9]. In this discussion paper, we describe the tool SOcial Data Analyzer (SODA) proposed in [10], which is able to find and extract available information of users on different platforms considering only their photos. SODA allowed us to perform an accurate analysis for revealing privacy threats linked to incorrect usage of data sharing in social networks. Moreover, the tool allowed us to evaluate the sensitiveness of information shared by users and perform an exhaustive analysis to understand how social networks can reconstruct users’ data even if some of them are protected on other platforms. SODA is independent of the privacy settings offered by social networks since it simulates the search of a real user and retrieves data publicly available in social network profiles. In other words, if a user has privatized specific information over a specific social network, SODA cannot retrieve that information. However, if the user has the same information not privatized over a different social network, the SODA retrieves such information. Thus, we could say that (SODA) tests the users’ skills in managing privacy settings offered by social network platforms. In summary, the main contributions of our study are 𝑖) a new tool capable of finding users and extracting their data from different social network platforms, and 𝑖𝑖) a detailed analysis of users’ data extracted from different social networks aiming to evaluate their privacy and improve their awareness concerning privacy threats in social network platforms. The paper is organized as follows, in Section 2 we present our methodology, whereas Section 3 presents the architecture of SODA tool. In Sections 4 and 5 we describe the results of our analysis. Finally, conclusions and future research directions are discussed in Section 6. 2. Methodology In this section, we describe our methodology by summarising it in two meaningful steps: the single- and the cross-social data extrapolation steps. In the single social data extrapolation step, the picture and the name of the users are exploited as the input of the Social Module. Then, for each social network platform, the module performs specific operations for scraping the content of the pages and extracting photos and names associated with each profile. This information is given as input to a face recognition module that tries to match the discovered photos and the initial user’s picture. If a match is found, the social network module extracts all data available on a user profile. Similar to the single social step, the cross-social data extrapolation step starts by considering the picture and the name of a user for searching a user from multiple platforms. However, the main difference is the exploitation of multiple social network modules for extrapolating several user profile data. In particular, each module extracts user profile data from each social network platform according to its representation of the data. In this way, it is possible to collect several user profile data from different social networks. Obviously, the only limitation is that the target user needs to own a registered profile on each social network. Finally, all the user profile data associated with each social network feed the integration module, which is responsible for aggregating all the collected data. � The differentiation of the single- and cross-social analysis allows us to estimate the minimum amount of user data that is possible to extract from each social network and evaluate the maximum number of data that can be aggregated from different platforms. In the following section, we first provide an overview of the new SODA system, and then we describe the architecture underlying it. 3. Social Data Analyzer Extracting user data from multiple social networks is a complex problem. There are several issues related to extraction yielding specific choices for the components of the SODA tool: 𝑖) the number of users involved in the analysis process can be large, 𝑖𝑖) each social network relies on different implementation technologies, and 𝑖𝑖𝑖) continuous updates of the social network platforms require continuous maintenance of system components. To this end, we have built the tool SODA on top of the existing system Social Mapper1 , extending several of its components aiming to tackle the issues mentioned above. In particular, Social Mapper is capable to search user profiles on multiple social network platforms such as Facebook, Linkedin, Instagram, VKontakte, Twitter, Pinterest, Weibo, and Douban. Because SODA is an extension of Social Mapper, it can search people by only con- sidering an image and at least one information including name, surname, city, email, or the company in which the user works. Starting from these, SODA exploits the Selenium framework for creating a bot capable of automatically browsing web pages, by simulating the behaviors of a real user during a web browsing session. In this way, SODA can exploit the search engines behind each social network platform, by performing searching operations by means of the search bars provided by each platform. With respect to Social Mapper, SODA provides several novel functionalities enabling to perform an in-depth analysis of the data shared by users, and extend the search on a large scale. The first new functionality allows SODA to find people working for a specific company, by exploiting the search mechanism of Linkedin for selecting users that work in a given company. As demonstrated in [11] the amount of fake users registered on Linkedin is very small, which allowed us to create a dataset with a large number of real users. Most of the remaining extensions concern the crawling components. In fact, Social Mapper is limited to only extracting the URLs of the different user profiles. Thus, in SODA, we have re-designed the crawler modules aiming to add several new navigation features capable of adapting to the different structures of the web pages. The combination of these strategies with a powerful recognition algorithm, i.e., Viola-Jones [12], allows SODA to achieve accurate results on multiple platforms. It is important to notice that, the face recognition algorithm return as output a user profile if and only if the image is at least 60% compatible with the input one and if the data correspond with it. This threshold ensures that the number of false positives is minimized. Figure 1 shows the architecture of SODA. The data are acquired by the Parser component, which is responsible for interpreting the system input, trying to understand the execution modes and for sharing information of each user with the Face Recognition module. Moreover, the Parser invokes the Browser Connector module interface, which enables SODA to execute the local web browser. After which, it is necessary to interact with the web pages and extract information. To this 1 https://github.com/Greenwolf/social_mapper �end, SODA exploits the functionalities provided by Selenium. More specifically, to extract specific information on each social, we defined six modules, one for each social network on which we can access user profiles and extract their information. In particular, SODA crawlers search for a user by using the initial information read by the Parser module and extract all the profile pictures of the users that match the search criteria. The list of pictures is sent to the Face Recognition component, which compares the image taken in input with those extracted from the social networks in order to identify the correct subjects to be analyzed. The list of identified subjects is shared with the crawling modules, which acquire all information of each profile, storing them locally. Finally, the Aggregator component receives all the data and groups all the information extracted by the crawlers in a single file. SODA http://localhost:3000/index.html user profile photos Social Mapper user profile photos Selenium User user data Parser Browser Connector Crawler Data link to local Component Module photo link to local photo Facebook Twitter user photo Face Recognition crawler modules User Component crawler crawler Photos user photo Linkedin Pinterest Users Profile Aggregator user profile crawler crawler Data Component data Instagram Vkontakte crawler crawler data layer business layer Figure 1: Architecture of SODA. 4. Evaluation single-social The single social evaluation allowed us to highlight the information that is frequently shared by users over every single social network and analyze how each social network preserves user privacy. To perform this type of analysis, we have created a dataset of 5000 users, by considering people working for a specific company that has been extracted by means of a new feature of SODA enabling search people working for a specific company. Starting from the 5000 users contained in our dataset, we perform a single social network evaluation with the aim to independently analyze the results obtained by each social network, avoiding considering whether a user is present on multiple platforms, which will be discussed in Section 5. It is important to note that the number of people evaluated for each social network corresponds to those who were actually found by SODA after exploring the different platforms. Concerning Linkedin, 1570 user profiles have been evaluated. In particular, Employment and the City are the most frequently shared information on Linkedin. More specifically, the attribute city can refer to the place of residence or the place of birth, but in most cases, these are equal. Results highlight even more that Linkedin is a social network for job finding where users tend to share their employment and city, aiming to find better job opportunities. Concerning Facebook, 1161 user profiles have been evaluated. In particular, the basic infor- mation related to the gender, Education or Work, and the Place where the user lives are the most �frequently shared information on this social network. However, no user has shared his/her details on the date of birth which, combined with the other data, could significantly affect privacy. Facebook permits users to hide their date of birth in order to preserve privacy. Concerning Twitter, 86 user profiles have been evaluated. Despite not many users involved in the analysis, the City, Website, and the Biography of a user are the most shared information on this social network. In particular, through the biography, a user can share additional information, such as his/her telephone number, email, or other information. Twitter is used by many famous people, but it offers less prevention in terms of privacy, mainly due to the fact that users tend to insert data in their biography, not being aware to disclose them. Concerning VKontakte, 251 user profiles have been evaluated. In particular, the Date of birth, the Spoken languages, and the Education information are the most frequently shared data on this social network. More specifically, not many users have shared their Telephone numbers. As Facebook, also VKontakte is a social network that allows users to share a vast amount of information, and it permits users to hide specific details to preserve privacy. Concerning Pinterest and Instagram, 1688 and 2845 user profiles have been evaluated. In particular, these two social networks are massively used for sharing photos, and no other types of data have been found for our analysis. Furthermore, the only textual information on Instagram that seemed helpful in our analysis was the user biography. Yet, a user can write anything in it, so we have decided not to take the biography into account for our analysis. 5. Evaluation cross-social In this section, we describe the statistics derived by performing a cross-social analysis of the publicly accessible information extracted from available social networks, and we investigate the possibility of aggregating them aiming to perform a more detailed analysis. Figure 2 shows the distribution diagram for the users registered over the considered social network platforms. In particular, except for the first bar that highlights the number of users involved in no social networks, it is possible to group the other bars in three blocks, representing the users found in one, two, and three social network platforms, respectively. 103 Number of users 102 101 100 Twitter VKontakte Facebook LinkedIn Pinterest Instagram Figure 2: Distribution diagram of the analyzed users. A cross-social analysis permits the reconstruction of information over different social net- works. For example, a user registered on several social networks can decide to privatize some information on a specific social network, where s/he can choose to unmask the same information �over other social networks. It means that it is possible to obtain more detailed information by analyzing a specific user over different social networks. The most frequently accessed information on Twitter is the city since it can be reconstructed through other social networks. In particular, 4923 users out of 5000 analyzed are not registered on Twitter or have privatized this information on it. However, 31% of 4923 users published their city on Linkedin, while 5% on Facebook, and 1% on VKontakte. The remaining 63% out of 4923 users did not share this information over any considered social network, leading to the impossibility of extracting the information concerning their city. Consequently, only in the last case, it is possible to guarantee the confidentiality of the data (e.g., city), by simply requiring the management of its privatization over just one social network (e.g., Twitter). The information that is most frequently accessible on Facebook is Mobile phone, City, Date of birth, Email, and information concerning Education and Training or Work. For our analysis on Facebook, we have merged the last two attributes. We detail the percentage of information privatized by Facebook users but published on other social networks: • Among the 5000 analyzed users who have privatized their Mobile number on Facebook, no one has allowed the reconstruction of this information from other social networks; • Among the 5000 users analyzed, 4743 have privatized their Hometown or Residence on Facebook or are not registered to this social network. Among them, 31% have published this information on Linkedin, 2% on Twitter, and 1% on VKontakte. Thus, 34% of them allow the reconstruction of this information from other social networks; • Among 5000 analyzed users who have privatized their Date of birth on Facebook or are not registered to this social network, 3% shared it on VKontakte, and 3% on Linkedin. In summary, 94% of analyzed users have privatized this information, since 6% of them shared it on other social networks; • Among the 5000 analyzed users who have privatized the Email on Facebook or are not registered to this social network, only 1% of them shared it on Linkedin, while 1% on VKontakte. In summary, 2% of analyzed users shared the Email on other social networks, so 98% have completely privatized it; • Among the 5000 users analyzed, 4721 users have privatized Education on Facebook or are not registered to this social network. Among them, 31% published this information on Linkedin, and 2% on VKontakte. In summary, 33% of analyzed users have shared the Education on other social networks, so 67% have completely privatized it. Finally, most of the analyzed users who have privatized a given data on Facebook have also privatized it on other social networks. Among all considered social networks, Linkedin has proved to be helpful for the reconstruction of users’ information. The information that are most frequently accessible on Linkedin are Mobile phone, City, Date of birth, Email, and Employment. We detail the percentage of information privatised on Linkedin, but published on other social networks: • Similarly to Facebook, among the 5000 analyzed users who have privatized their mobile phone number on Facebook, or are not registered to this social network, no one published it on other social networks; • Among the 5000 users analyzed, 3450 have privatized their Hometown or Residence on Linkedin, or are not registered to this social network. Among them, 5% have published it � on Facebook, 2% on Twitter, and 1% on VKontakte. In summary, 8% of analysed users shared Hometown or Residence on other platforms, so 92% have completely privatised it; • Among the 5000 users analyzed, 4861 have privatized their Date of birth on Linkedin or are not registered to this social network. Among them, only 3% shared it on VKontakte. In summary, 3% of analyzed users shared the Date of birth on other social networks, while 97% have completely privatized it; • Among the 5000 users analyzed, 4942 have privatized their Email on Linkedin or are not registered to this social network. Among them, only 1% shared it on VKontakte. In summary, 1% of analyzed users shared the Email on other social networks, while 99% have completely privatized it; • Among the 5000 users analyzed, 3445 have privatized their Training/Work on Linkedin or are not registered to this social network. Among them, 6% shared it on Facebook, and 1% on VKontakte In summary, 7% of analyzed users shared the Training/Work on other social networks, so 93% have completely privatized it. Finally, most of the analyzed users who have privatized a given data on Linkedin have also privatized it on other social networks. Furthermore, among all considered social networks, Facebook has proven to be helpful for the reconstruction of users’ information. The information that are most frequently shared on VKontakte are Mobile phone, City, Date of birth, Email, and information concerning Training and Work. We detail the percentage of information privatised on VKontakte, but published on other social networks: • Similarly to the previous analysis, among the 5000 analyzed users who have privatized their Mobile phone on VKontakte, or are not registered to this social network, no one published it on other social networks; • Among the 5000 users analyzed, 4990 have privatized their Hometown or Residence on VKontakte or are not registered to this social network. Among them, 30% of them have published it on Linkedin, 2% on Twitter, and 5% on Facebook. In summary, 37% of analysed users shared the Hometown or Residence on other social networks, so 63% have completely privatised it; • Among the 5000 users analyzed, 4832 have privatized their Date of birth on VKontakte or are not registered to this social network. Among them, only 3% of them have published it on Linkedin. In summary, 3% of analyzed users shared it on other social networks, so 97% have completely privatized it; • Among the 5000 users analyzed, 4975 have privatized their Email on VKontakte or are not registered to this social network. Among them, only 1% of them shared it on Linkedin. In summary, 1% of analyzed users shared it on other social networks, so 99% have completely privatized it; • Among the 5000 users analyzed, 4997 have privatized their Education on VKontakte or are not registered to this social network. Among them, only 6% of them have published it on Facebook. In summary, 6% of analyzed users shared it on other social networks, so 94% have completely privatized it; • Among the 5000 users analyzed, 4998 have privatized their Work on VKontakte or are not registered to this social network. Among them, 25.2% of them have published it on Linkedin, and 6.5% on Facebook. In summary, 31.7% of analyzed users shared it on other social networks, so 68.3% have completely privatized it. � Finally, most of the analyzed users who have privatized a given data on VKontakte have also privatized it on other social networks, except for Employment, City of residence or Date of birth. Among all considered social networks, Linkedin has proven to be helpful for the reconstruction of users’ information. 6. Conclusion and Future directions In our work, we have performed a single-social and a cross-social evaluation concerning users’ data to assess how easily they can be reconstructed from social networks. Our results highlight that it is possible to obtain characterizing user’s information by analyzing his/her profile over multiple platforms. Moreover, through the cross-social analysis, we also reconstructed other significant users’ data by exploiting the combination of several social networks. In the future, we would like to collect more data concerning users by integrating information over other social networks. Finally, we would also like to investigate the possibility of retrieving information contained within users’ images by exploiting text recognition for gathering data. References [1] P. R. M. Rao, S. M. Krishna, A. S. Kumar, Privacy preservation techniques in big data analytics: a survey, Journal of Big Data 5 (2018) 1–12. [2] P. Jain, M. Gyanchandani, N. Khare, Big data privacy: a technological perspective and review, Journal of Big Data 3 (2016) 1–25. [3] M. I. Pramanik, R. Y. Lau, M. S. Hossain, M. M. Rahoman, S. K. Debnath, M. G. Rashed, M. Z. Uddin, Privacy preserving big data analytics: A critical analysis of state-of-the-art, Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 11 (2021) e1387. [4] L. Caruccio, D. Desiato, G. Polese, Fake account identification in social networks, in: 2018 IEEE international conference on big data (big data), IEEE, 2018, pp. 5078–5085. [5] S. Cirillo, D. Desiato, B. Breve, Chravat-chronology awareness visual analytic tool, in: 2019 23rd International Conference Information Visualisation (IV), IEEE, 2019, pp. 255–260. [6] B. Breve, L. Caruccio, S. Cirillo, D. Desiato, V. Deufemia, G. Polese, Enhancing user awareness during internet browsing., in: ITASEC, 2020, pp. 71–81. [7] G. Bonifazi, E. Corradini, D. Ursino, L. Virgili, A social network analysis–based approach to investigate user behaviour during a cryptocurrency speculative bubble, Journal of Information Science (2021) 01655515211047428. [8] D. Desiato, G. Tortora, A methodology for gdpr compliant data processing., in: SEBD, volume 2161, 2018. [9] L. Caruccio, D. Desiato, G. Polese, G. Tortora, Gdpr compliant information confidentiality preservation in big data processing, IEEE Access 8 (2020) 205034–205050. [10] F. Cerruto, S. Cirillo, D. Desiato, S. M. Gambardella, G. Polese, Social network data analysis to highlight privacy threats in sharing data, Journal of Big Data 9 (2022) 1–26. [11] S. Adikari, K. Dutta, Identifying fake profiles in linkedin, arXiv preprint arXiv:2006.01381 (2020). [12] Y.-Q. Wang, An analysis of the viola-jones face detection algorithm, Image Processing On Line 4 (2014) 128–148. �