Inhaltsangabe:Abstract: In the last years the web underwent a drastic shift from a static, centralised information system to a dynamic, user-generated, distributed and open platform, and users changed from passive consumers to active participants, interacting, creating and sharing content. This 'new' web is called Web 2.0. In the era of this movement new Social Web applications emerged creating an environment for people to publish, share and discuss content, plus enabling people to create descriptive profiles of themselves for self-expression and build social networks consisting of relationships with others with the purpose of interaction and communication. With the increasing popularity of such social networking applications the number of users has scaled up and is still growing. Not only the number of users but also the web traffic is an indicator to the growing importance of social networking platforms which are now among the most visited websites. With over 100 million unique visitors worldwide, Facebook is one of the most popular networking sites on the web, moreover the site ranks third in the top visited sites on the web only being surpassed by Google and Yahoo! according to Alexa. YouTube (with over 80 million unique visitors), MySpace (with about 60 million unique visitors) and Flickr (about 30 million unique visitors) are other examples of prominent social networking platforms. However, the availability of such a huge amount of information within the social networking sites and the open nature of the services and their usage also attracts the attention of parties with marketing purposes or malicious intent. Users are thereby put at risk of online stalking, phishing, identity theft, spamming, passing on data to third parties and privacy issues which are related to personal data exposure due to insufficient access control. By maintaining social networks and actively participating in Social Web activities like interacting with others, users unwittingly expose sensitive and personal or inappropriate, even reputation-damaging data not only to friends but to an audience that mostly remains invisible and consists of strangers or acquaintances that potentially are not supposed to see such information. Thus the revealed information can lead to major consequences if read out of context or read by parties, like authorities or job recruiters, for whom this information was not intended. The reputation of social networking sites has been slightly diminished by several incidents that often reach the attention of the media. Seeing that social networking users become more aware of such privacy risks and do not stop from expressing their concerns, the privacy settings need to be acknowledged as an important part of Social Web applications and extensive research needs to be done in the area of improving the privacy preferences and giving the users control over who can see what of their social data. Although social networking sites have already realised the need for privacy protection and some Social Web applications like Facebook have even installed more complex access restrictions, the privacy preferences are still not fine-grained and flexible enough and far from being satisfying. Further on, such privacy settings confine themselves to the properties of the own website without making use of data created beyond the boundaries of the own application. Policy-based access control is an approach to protect privacy in open systems like the Social Web applications and can further help to control the information overload which users are facing on the Social Web. With policies being formal, well-defined statements the process of defining who can get access to what content based on user preferences can be realized in a flexible and dynamic way. Nevertheless, the current policy-based control of the behaviour of complex systems does not offer solutions for the movement towards Social Web where information about users, their content and their relationships is not confined to one application only but is spread out across the whole Social Web. This is also the problem of privacy settings of the current Social Web applications which offer preferences only according to the established relationships and other attributes within the own website. The contribution of this thesis is therefore to enhance the privacy policies in terms of integrating data from various information sources such as Social Web applications into the policy specification and reasoning process. Such policies can save people the trouble to create the same social data on each Social Web application they are members of. These privacy policies can be proved to be beneficial seeing as there are numerous social networking sites emerging and offering people various functionalities and side-specific features and people spend an increasing amount of time in maintaining all this distributed data throughout the many services. Social Web applications provide their information in proprietary formats via their own site-specific application programming interfaces. In this thesis the presented approach collects this arbitrary, heterogeneous data and provides it in a homogeneous format so that it can be integrated into policies and exploited for policy reasoning. Furthermore, in addition to Social Web data, Semantic Web data can be included in policy decisions as well to extend the variety of policy specification. Such semantic information is available in non-application-specific standard formats which can be easily transported and reused. Additionally, information provided by Social Web applications can be retrieved as Social Semantic data, allowing to convert Social data into a unique format using Semantic Web technologies. In this thesis the process of retrieving all these information types, transforming the extracted data into a format appropriate for the policy-based access control and combining them to create fine-grained privacy policies will be explained and demonstrated using selected information sources from the Web. To implement this presented solution the policy framework Protune is used to automate the evaluation and decision process based on the conclusion drawn from privacy policies. The remainder of the thesis is organised as follows. Section 2 presents a scenario showing how privacy policies can be integrated into a web application and enhance the user experience on such sites. Further on the problem statement is identified and described. Section 3 is intended to provide the background information, necessary for understanding this thesis. Section 4 analyses privacy problems of current Social Web applications and compares the privacy preferences such applications offer. The extension of policy-based access control to accommodate policies to the requirements of the Social Web is presented in Section 5 and the motivating scenario is revisited. Subsequently, Section 6 describes how the Social and Semantic Web data can be retrieved in order to include this data into Protune, describing the actual implementation of the Protune extension for Social Semantic Web data. A prototype implementation called SPoX is also presented, which demonstrates the usage of policy-based behaviour control on the Social application Skype. After a presentation of related work in Section 7, Section 8 concludes this thesis also providing an outlook for future research. Inhaltsverzeichnis:Table of Contents: 1.Introduction1 2.Motivating Scenario and Problem Statement4 2.1Motivating Scenario.4 2.2Problem Statement5 3.Background8 3.1The Social Web.8 3.1.1Social Networking Sites8 3.2The Semantic Web9 3.2.1The Resource Description Framework (RDF)10 3.2.2The SPARQL Protocol And Query Language.10 3.2.3SPARQL Endpoints11 3.2.4The Social Semantic Web.11 3.3Privacy Policies12 3.3.1Policy Languages13 3.3.2Policy Frameworks.13 3.3.3The Protune Framework14 4.The Social Web from a Privacy Perspective16 4.1Data Disclosure - Why Better Control is Needed16 4.1.1Privacy Issues16 4.1.2Information Overload18 4.2Privacy Protection on the Social Web - a State of Art19 4.2.1Twitter and its Privacy Options19 4.2.2Facebook and its Privacy Options20 4.2.3Flickr and its Privacy Options.27 4.3Comparing Privacy Preferences on Social Platforms.30 4.3.1Levels of Trust for Data Disclosure.30 4.3.2Network Features and their Protection33 4.4Summary35 5.Policy Reasoning Based on Social and Semantic Web Data36 5.1Requirements for Policies on the Social Web36 5.2Social and Semantic Web Data for Policy Specifcation and Evaluation37 5.2.1Types of Social Data and their Availability37 5.2.2Using Social Data to Define New Concepts39 5.2.3Enforcing Policies upon an Application40 5.3Taking up the Motivating Scenario41 6.Implementation45 6.1Retrieving Heterogeneous Information45 6.1.1Retrieving Social Web data45 6.1.2Retrieving Social Semantic Web Data48 6.2Wrappers for External Information Sources49 6.2.1IN-Predicate51 6.2.2SPARQL Endpoint Wrapper52 6.2.3DBpedia Wrapper52 6.2.4DBLP Wrapper53 6.2.5RDF Wrapper53 6.2.6Flickr Wrapper54 6.2.7Twitter Wrapper54 6.3SPoX- A Use Case55 7.Related Work58 8.Conclusions and Outlook60 Textprobe:Text Sample: Chapter 4, The Social Web from a Privacy Perspective: The following section deals with uncontrolled information disclosure and consequences people have to live with due to major shortcomings in nowadays Social Web applications. The privacy preferences of three selected applications are presented afterwards followed by an analysis of the shortcoming on Social Web applications with a specific focus on the prior presented applications together with propositions to what additional functionalities would be beneficial. Data Disclosure - Why Better Control is Needed: Because of the open nature of nowadays Social Web applications users are willing to expose a lot of private and sensitive information, which otherwise only a limited number of people would know, for an invisible audience. Once the information is online, it is difficult to oversee the data flow and usage, as information is often broadcast to other users, linked to other content, indexed by search engines or collected by third-party applications. Furthermore the new possibilities to communicate and share information not only raise privacy issues but also the amount of undesired messages and updates of others leads to information overload. All things considered especially noteworthy are two categories were a fine-grained control of information disclosure can be of benefit: - Security/ privacy protection and access control. - Information overload. Whereas the second category needs to be differentiated between information consumers who actively seek out information and consumers who passively receive information. Privacy Issues: The first category about access control is the more important one, because a weak protection can lead to severe consequences not only online but also in the real-world. Just like the Social Web being very multifaceted so are the types of privacy threats arising on the Social Web applications. Some of the most common threats are listed below: Social Network Spam Automated friend invitations, if accepted, lead to the spammers getting access to private data like email addresses which are then used to send personalised marketing activities and advertising products tailored according to profile information. Viruses and Worms Similar to the problems with e-mails worms are now also targeting Social Web applications as it was the case with MySpace and Facebook. Worms use the friends list of a victim to send clones of themselves to the other profiles, using the established trust between friends on such platforms. Identity Theft An identity theft is launched by cloning a profile of a user and sending friend requests to the contacts extracted from the original profile. Being friends with the contacts gives the attacker access to any personal information, which then can also lead to spamming or other misuse of the information. Stalking, Bullying Stalking on the web means that a victim is not persecuted physically but by using communication techniques such as instant messaging, posting on the profile etc. Whereas Bullying is used to harass the victim by means of the same communication techniques. All the above mentioned threats are based on easily accessible private data and the easy way of befriending someone, as the tendency to accept any friend requests in Social Web applications is very high regardless of whether the 'new' friend is known or trusted by the user accepting the request. Nevertheless a more dominant privacy issue concerning personal data is caused by authorities and people belonging to the social environment of a user. The former primarily consist of job recruiters, employers, police or members of educational establishments among other authorities. The latter includes colleagues, friends and family. Context of Data and Privacy Issues Privacy issues arise by both above stated groups based on the vast amount of content provided by the users as well as their personal but open social networks with links to other people on the platform. In addition to the personal data, information which is read or seen out of context or data revealed through linkage like tagging photos to a profile, as well as any other activities on a Social Web application such as doing surveys, entering groups etc. creates information that reflects the image of the user and can be wrongly interpreted. Say, a student publishes a photo of him drinking on his birthday, any other people who attended the party know that this is not a regular occurrence for the student, but when the family or even worse (future) employers see the photo without knowing the context, they might wonder whether this is normal behaviour of the student in question. Such problems are increasing as the separation of the different areas of life (family, friends, colleagues) dissolves in the online social space although offline they are mostly kept separate. Network Relationships and Privacy Issues Social network relations can cause problems insofar as by befriending a person, a link to the person's profile is added to the friends list of the user, which is in the most cases public. Say Bob added Tom as a friend, thus Tom's profile becomes part of Bob's web presence. So any embarrassing photos, inappropriate statements and comments about sensitive topics which Tom can write on Bob's profile space can cause Bob problems without him actually doing anything. A possible situation could be, if Bob is looking for a job and gets a post on his profile from Tom, telling him to be punctual on their next meeting, as he knows about Bob's tendency to always coming too late. Such comment would not go down well with job recruiters, who would want to check Bob's profile before inviting him to a job interview. Further on hiring decisions of prospective employees can be based on photos the user uploads or the photos he is tagged on, information he provides about himself like political view, religious affiliation, sexual orientation, desire to have children in case of women and any other information which can lead to discriminations. Information Overload: When speaking of information overload a differentiation needs to be made: Avoid social software annoyance; people passively receiving information from others and personalisation of information supply; information consumers who actively seek out information by visiting the profile of someone. Social Software Annoyance encompasses all the amount of information which a person receives via various techniques which are meanwhile used by most of the Social Web users. These techniques involve chat messages, profile space comments like Wall posts on Facebook, blogging posts, private messages, posts within a group among many others. On top of that considering the vast amount of friends on the Social Web networks leads to information overload, which makes it harder for a user to find the information he is actually interested in. Additionally, messages often arrive at an inappropriate time. Say Bob is chatting with his colleague about a project they are working on and he gets chat requests from friends all the time distracting him from the actual topic. Another example would be the News Feed22 feature of Facebook; by having many active Facebook friends, who are mostly only acquaintances, it is difficult to find the updates of your close friends and family in the flood of information on one's main profile page.An Access Token does not expire and can be used as long as the user does not revoke the permission to use his pro le which he can ... URL of their own RDF le for Flickr, so that one can go through the social network of a user like it is also possible on Flickr itself. ... Figure 8: UML diagram of the Wrappers for external data.
|Title||:||Using Social Semantic Web Data for Privacy Policies|
|Publisher||:||diplom.de - 2010-03-25|