Tagged data breaches in online social networks

Abstract

Tagged information in Online Social Networks (OSNs) is considered to be the basis of the semantic network that connects online resources based on their characteristics, and not only their URLs. The semantic interoperability creates difficulties in enforcing privacy control mechanisms that will solve authorization conflicts when accessing the tagged sharing content. In this paper we investigate whether the visibility levels in tagged content are applied according to the OSN users’ intentions. Based on the visibility choices that are offered by the privacy setting menus in OSNs, we performed all the possible visibility combinations in a two-level social relationship scale for different user profiles and we examined whether these settings provide the requested privacyaware access control mechanisms in social networks or whether there exist security gaps that let users’ Personal Identifiable Information (PII) exposed to unintended audiences. The results indicate that the protection of OSN users’ tagged PII lacks privacy controls that can fully protect the tagged sharing content and that the current mechanisms support access control for selected pieces of resources with selected groups of users.