Abstract
The risk involved when users publish information, which becomes available to an unintentional broad audience via online social networks is evident. It is especially difficult for users of social networks to determine who will get the information before it is shared. Moreover, it is impossible to monitor data flows or to control the access to personal data after sharing the information. In contrast to enterprise identity management systems, in which provider-engineered processes control the access to and flow of data, the users of social networks themselves are responsible for information management. Consequently, privacy requirements have become important so that users can control the flow of their personal data across social networks and beyond. In particular, this kind of user-based information management should provide the capability to control data flows in a proactive manner, as well as reactive components to monitor the proliferation of data. In this conceptual paper, we motivate the necessity of a dedicated user-based information management on the basis of studies that we conducted on information that users share publicly in online social networks. Moreover, we outline the building blocks of user-based information management on the basis of existing approaches, which support users in managing data flows and an investigation that we did on the linkability of social network profiles. Furthermore, we contrast user-based information management with our experiences in developing and operating federated identity management services at the Karlsruhe Institute of Technology (KIT).
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM Conference on Electronic Commerce, EC 2004, pp. 21–29. ACM, New York (2004)
Berg, B., Pötzsch, S., Leenes, R., Borcea-Pfitzmann, K., Beato, F.: Privacy in social software. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 33–60. Springer, Heidelberg (2011)
Bergmann, M., Rost, M., Pettersson, J.S.: Exploring the feasibility of a spatial user interface paradigm for privacy-enhancing technology. In: Proceedings of the Fourteenth International Conference on Information Systems Development (ISD 2005), Karlstad, Sweden, pp. 437–448. Springer, Heidelberg (2005)
Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: A taxonomy and open issues. J. Comput. Secur. 15, 493–527 (2007)
Dunbar, R.: Coevolution of neocortex size, group size and language in humans. Behavioral and Brain Sciences 16(4), 681–735 (1993)
Fischer-Huebner, S., Hedbom, H., Waestlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011)
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, pp. 71–80. ACM, New York (2005)
Hedbom, H., Pulls, T., Hansen, M.: Transparency tools. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 135–143. Springer, Heidelberg (2011)
Höllrigl, T., Kuehner, H., Dinger, J., Hartenstein, H.: User-controlled automated identity delegation. In: Proceedings of the 6th IEEE/IFIP International Conference on Network and Service Management (2010)
Kahl, C., Böttcher, K., Tschersich, M., Heim, S., Rannenberg, K.: How to Enhance Privacy and Identity Management for Mobile Communities: Approach and User Driven Concepts of the PICOS Project. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 277–288. Springer, Heidelberg (2010)
Krishnamurthy, B.: I know what you will do next summer. SIGCOMM Comput. Commun. Rev. 40, 65–70 (2010)
Krishnamurthy, B., Wills, C.: Characterizing privacy in online social networks. In: Proceedings of the First Workshop on Online Social Networks, WOSP 2008, pp. 37–42. ACM, New York (2008)
Krishnamurthy, B., Wills, C.: On the leakage of personally identifiable information via online social networks. SIGCOMM Comput. Commun. Rev. 40, 112–117 (2010)
Labitzke, S., Dinger, J., Hartenstein, H.: How I and others can link my various social network profiles as a basis to reveal my virtual appearance. In: LNI - Proceedings of the 4th DFN Forum Communication Technologies, GI-Edition (June 2011)
Labitzke, S., Taranu, I., Hartenstein, H.: What your friends tell others about you: Low cost linkability of social network profiles. In: Proceedings of the 5th International ACM Workshop on Social Network Mining and Analysis, SNAKDD 2011. ACM, San Diego (2011)
Lampe, C.A.C., Ellison, N., Steinfield, C.: A familiar face(book): profile elements as signals in an online social network. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2007, pp. 435–444. ACM, New York (2007)
Scerri, S., Gimenez, R., Hermann, F., Bourimi, M., Thiel, S.: Digital.me - towards an integrated personal information sphere. In: Workshop on the Federated Social Web Summit, FSW 2011 (2011)
Schell, F., Höllrigl, T., Hartenstein, H.: Federated identity management as a basis for integrated information management. It – Information Technology 51(1), 14–23 (2009)
Schrammel, J., Köffel, C., Tscheligi, M.: How much do you tell? information disclosure behaviour indifferent types of online communities. In: Proceedings of the Fourth International Conference on Communities and Technologies, pp. 275–284. ACM, New York (2009)
Tschersich, M., Kahl, C., Heim, S., Crane, S., Böttcher, K., Krontiris, I., Rannenberg, K.: Towards privacy-enhanced mobile communities – architecture, concepts and user trials. Journal of Systems and Software 84(11), 1947–1960 (2011)
Weiss, S.: Privacy threat model for data portability in social network applications. International Journal of Information Management 29(4), 249–254 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Labitzke, S. (2012). Who Got All of My Personal Data? Enabling Users to Monitor the Proliferation of Shared Personally Identifiable Information. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)