The security of private information of users online is a critical topic, particularly since social networking applications became popular. According to Cutillo et al. , beyond the usual vulnerabilities that threaten any distributed application over the Internet, online social networks raise specific privacy concerns due to their inherent handling of personal data.
The definition of a social network site given in Boyd and Ellison  was a web-based service that creates connections between users and their profiles in a bounded system. As Gross and Acquisti  proposed, social networking sites (SNS) can be separated into the following types: business, common interests, dating, face-to-face facilitation, friends, pets, and photos. According to this classification, social network sites include online shopping sites and e-government sites. Facebook spans several types: common interests, friends, and photos. Overall, it can be classified as a “friends”-oriented social network site. QQ, the number 1 ranking chat software in China, can be classified as “face-to-face facilitation.” Using QQ, people can communicate by typing, by audio, and using video.
Most SNS ask users to create a profile so that contacts can be made for additional purposes. As some private information is used to create a profile, the security of private information on SNS has become an increasingly important topic.
The development of the Internet saw changes to the definition of privacy. The definition of privacy by Warren and Brandeis , “the right to be let alone” was traditionally cited as a synonym for privacy until the rise of the online environment when its shortcomings became apparent. As a well-accepted definition of privacy, Westin  held the opinion that privacy is the right to keep the disclosure of personal information safe from others.
The boom of the Internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be left in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove  has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin  also asserts: “[w]e do need to sharpen and deepen our understanding of traditional concerns regarding privacy in order to respond to these new situations.”
The relationship between privacy and the use of SNS is subtle. Generally, people would like personal information to be known by a small circle of close friends and family, and not by total strangers. In some instances, people choose to reveal particular personal information to strangers, but choose not to share it with people who know them well , . In either case, users' information disclosure can be helpful to other users, companies, and third parties. Private information is particularly valuable when the information of many people in a group is gathered on SNS  and aggregated.
There are two main methods of information gathering: a) an information leak based on privacy disclosure, and b) an information leak based on attack techniques. Privacy disclosure refers to those information users who voluntarily publish their personal information online. This data may be contained in profiles and information exchanged between one or more people. Attack techniques steal private information that users wish to keep secret. Figs. 1 and 2 show the two categories of privacy invasion.
Information Leak Caused by Privacy Disclosure
Privacy disclosure refers to any personal information a user may willingly provide to a website. Websites employ a variety of online collection techniques, including collecting e-mail addresses from list servers, chat rooms, and forming news groups to induce users to disclose personal information.
The topic of harvesting and selling user data has been debated since the establishment of business-to-consumer (B2C) bricks-and-click and click-only companies. Some companies have been criticized for using information collected from consumers in the online purchase industry for marketing purposes. Some of these companies include America Online for attempting to sell subscribers' telephone numbers and Intel for developing the new Pentium chip that identifies users .
Even more controversial is harvesting users' personal information requested on SNS that can be deemed highly sensitive given the nature of making online “friends.” According to Caudill and Murphy , personal information exposed online encompasses both public information such as a driver's license, mortgage information and private information such as income. The demarcation between what is considered private information and what is considered public information is shifting. This has allowed some personal information to find its way onto the public domain. With development of the Internet, the public portion of private information is growing and consumer information is being gathered and disseminated more easily.
Ways to Acquire Private Information
Collect registration information. Clients have to enter information to register for an online service. There are some optional field entries, but some fields are required. Though this data collection is commonly claimed to be for improving service delivery, often the data is used for other purposes .
Trace user's IP. According to TCP/IP protocol, data packets transferred between PCs contain an IP. By checking the IP, the host computer can infer a client's position and denote whether they are online.
Search track recording cookies. A cookie is a profile created in a Client PC by a Server, which conserves page views, the access time and network settings of clients. Searching clients' information in cookies, hosts can explore Internet use patterns of clients.
Improper use of Disclosed Privacy Information
There are two main uses of user information: a) business and b) marketing.
Doing business with users' information. Businesses profit from user information. A well-known example of doing business with users' information is the alleged selling of email addresses by the network operating company Gratis Internet.
Doing marketing with users' information. Online merchants can also increase business by doing marketing research and advertising based on the availability of information about users . If consumers disclose an email address or telephone number in their “public” profile, they will likely receive annoying commercial emails and phone calls. This invades the privacy of the consumer and causes unfair competition to sellers who do not abuse consumers' personal information.
Achieving Privacy Protection Against Information Leaks Based on Privacy Disclosure
Generally, people would like personal information to be known by a small circle of close friends and family, and not by total strangers.
Most online service organizations ask for registration with some personal information, and users seemingly have no choice but to provide sensitive information. But users are not entirely helpless. Various ways do exist for users to safeguard their privacy from online organizations that insist on the collection of personal details for access to a given service.
Various approaches for protecting privacy are recommended, such as market regulation, self-regulation and mandatory government rules .
Market regulation. According to Swire and Litan  media stories play an important role in broadcasting privacy practices of different companies. As users become more aware, they can affect privacy behavior. Sheehan and Hoy  point out that as “…privacy concern increased, respondents reported that they were more likely to provide incomplete information to websites, to notify Internet Service Providers… about unsolicited email, to request removal from mailing lists, and to send a flame to online entities sending unsolicited email. Additionally, as privacy concern increased, respondents reported that they were less likely to register for websites requesting information.” Companies who are serious about maintaining user privacy have begun to promote their practices as a means to encourage, attract and retain customers. Yet there are well-known companies that have questionable privacy practices who will experience sizeable loss of business.
Self-regulation. Self-regulation is based on the three traditional components of government–legislation, enforcement, and adjudication – but in self-regulation these functions are carried out by the private sector. Legislation refers to the question of defining the appropriate rules, enforcement refers to the initiation of an enforceable action when the rules are broken, and adjudication to whether or not a company has violated the privacy rules .
Mandatory government rules. In the European Union, there is an emerging trend toward the use of legal action by government to keep organizations in check. Four features of the laws about privacy and data protection in the EU are discussed by Cate . He said: “[t]ypically they apply to both public and private sectors; they apply to a wide range of activities, including data collection, storage, use, and dissemination; they impose affirmative obligations (often including registration with national authorities) of anyone wishing to engage in any of these activities; and they have few, if any, sectoral limitations–they apply without regard to the subject of the data.” Data collection by companies in the EU must meet four constraints. According to Caudill and Murphy : “[f]irst, a company should have a legitimate and clearly defined purpose to collect information. Second, that purpose must be disclosed to the person from whom the company is collecting information. Third, permission to use information is specific to the original purpose. Fourth, the company can keep the data only to satisfy that reason; if the company wants to use the information for another purpose, it needs to initiate a new information collection and use process.”
Despite the success of some government regulations, some writers contend that government should not stand in the way of market regulation, and government intervention may disturb the invisible hand of market forces . But every approach has advantages and disadvantages. Through market and self-regulation, companies can be selected naturally by users. But when it comes to monopolistic companies, such as Amazon and iTunes, users do not have much choice. These companies were first movers providing users with new online services, and maintain a high level of market share. They offer value to consumers that some consumers feel they cannot forgo, despite the obvious privacy risks.
Mandatory government rules are necessary given that in some instances neither market regulation nor self-regulation will work.
Information Leaks Caused by Attack Techniques
It is not enough to rely on disclosure by information users to cause an information leak. Attack techniques can also be used to get information that may otherwise be considered private.
Security company iDefense tracks down those who attack these sites, to find out what they are after. “It is client information,” says Rick Howard, the company's Director of Intelligence, “[w]e're seeing a lot of user ID and passwords for Facebook and other sites. They're doing data mining on those credentials” .
To obtain an abundance of information for data mining, it is not enough to rely on users' careless attitudes toward disclosing personal information, so various techniques employed to attack social network sites are developed to catch easy prey.
Data Mining Techniques Used on SNS
Data mining is the process of extracting hidden patterns from data.
Through the process of data mining, fragments of users' information can be brought together and integrated. It is possible to build a complete personal file of a user, including their individual social security number or credit card numbers. The status of data mining in social networks has been addressed by scholars such as Chakrabarti  and Getoor .
Businesses profit from user information.
There are also some improved data mining techniques that are an ideal fit in the social networking context –. Alist and Song  uncovered interaction patterns in business processes from event logs by combining concepts from workflow management and social network analysis. Mika  identified Flink (created by Flink Labs), which employs semantic technology for reasoning with personal information extracted from a number of electronic information sources including web pages, emails, publication archives and “friends of a friend” (FOAF) profiles.
It is meaningless to some extent to discuss whether or not it is legal to conduct data mining of personal information if a business has made customers aware of the collection of personal data in their disclosure statement. The illegality of attack techniques is much clearer.
As Roy Hills, technical director at NTA Monitor said, “[a]ttackers are creating websites in which they embed malicious code to track a visitor's searches, user names and passwords. The code can affect a visitor's PC without their knowledge and can quickly spread to other visitors' machines” . Users of social network sites could be attacked in two ways: a) an attack directly on the websites or PC systems of users, or b) certain malicious applications that users are deceived into downloading.
Direct Attack Techniques
The most common attack techniques referred to in the literature include a Distributed Denial of Service (DDOS) – and the Sybil Attack . There are also articles about the feasibility of performing such attacks –.
The DDOS attempts to make a web resource unavailable to other applicants by delivering huge amounts of application requests simultaneously.
The Sybil attack was widely used in peer-to-peer networks, making a node illegitimately claim multiple identities (the identity either completely fabricated or stolen). One of the purposes of performing a Sybil attack is to disarrange the reputation system in the SNS. By creating a large number of Sybil nodes that collude, the attacker artificially increases his rating.
While direct attacks depend mainly on complicated techniques, malicious applications partly depend on the carelessness of users. Mansfield-Devine  cited a well-known infringement called the “Secret Crush” worm on Facebook, in which each victim received a message saying that someone online had a secret crush on them. In order to find out the alleged identity of the individual, the user needed to pass on the invitation to five of their friends and install an application-software named “Crush Calculator” that was in fact a Zango application, in this instance spyware.
Mostly, users are deceived into downloading malicious applications. The two best ways to achieve that are:
Various ways do exist for users to safeguard their privacy from online organizations.
The well-known deception of phishing online, where a phisher pretends to be some trusted organization that is familiar to the user . SNS are the perfect organization that phishers want to pretend to be. The situation is worse when SNS increasingly provide tools and content so that the user cannot distinguish between a trusted application and one that is malicious. It is easy for applications made by phishers to be concealed within an SNS .
Defense Mechanisms Against Direct Attack Techniques
Chen et al.,  proposed a classification of distributed denial of service defenses. They classified DDOS defense mechanisms into three categories: congestion-based, anomaly-based and source-based. Congestion-based defense mechanisms only react when congestion occurs. “False positives occur when the attack detection algorithm cannot single out the legitimate traffic that contributes to congestion and false negatives occur when attack traffic does not result in congestion” . Anomaly-based defense mechanisms work when an anomaly is detected. As the monitors are not responsive to all kinds of attacks, anomaly-based defense mechanisms mainly focus on resisting Transmission Control Protocol (TCP) and Synchronize (SYN) attacks. Source-based defense mechanisms are used to detect empty or false source addresses that send out IP packets.
Cheng and Friedman , Lai et al. , and Feldman et al.  proposed defenses against Sybil attacks in reputation systems. They aimed to prevent the Sybil nodes from boosting a malicious user's rating, not to control the number or size of Sybil groups . Yu et al.  present a novel protocol called SybilGuard to restrict Sybil attacks. Users can create lots of identities but not trust relationships. SybilGuard uses this to identify those suspect malicious identities and filter them.
Defense Mechanisms Against Malicious Applications
If the website is not privacy friendly enough for the user, the user might turn away from it and not make any transactions there .
Privacy policies are too complex for most users to manipulate.
User privacy preferences that users should import are often too complex and nuanced, and thus using it would be more of a burden.
Users tend to have little experience articulating their privacy preferences.
Users are generally unfamiliar with much of the terminology used by privacy experts.
Users often do not understand the privacy-related consequences of their behaviors.
Clearly, privacy protection mechanisms need to be designed using human-computer principles with easy manipulation. This will undoubtedly be the most important aspect of developing privacy policies in the future.
Changing the structure of SNS can render ineffective the control malicious applications can otherwise gain. Cutillo et al.  build a model of social networking on a peer-to-peer architecture, to avoid scale effect on malicious applications. This acts to restrict the diffusion of malicious applications, although it should be noted that this is not helpful to those users who were initially deceived. But user diligence when using SNS is still the most effective way to escape online attacks.
Users' Behavior with Respect to SNS and Privacy
The rapid growth of contemporary SNS has coincided with an increasing concern over personal privacy . These sites “allow individuals to present themselves, articulate their social networks, and establish or maintain connections with others” . The more popular the Internet, the more danger to privacy there could be.
Studies in behavioral theory summarize users' behaviors when private information is at risk. Son and Kim  introduced the notion of information privacy-protective responses (IPPR), which is “a set of Internet users' behavioral responses to their perception of information privacy threats that result from companies' information practices.” There are also studies on techniques and privacy policies –.
Profile Creation and Information Disclosure
Use of one's real name is a practice strongly encouraged by most SNS, including Facebook. “Most people don't bother with different user names and passwords, so if they can figure out what your username and password are on Facebook, there's a chance that at least a small percentage of those will be the same for your banking login also” says Rick Howard, Director of Intelligence in iDefense. Even if some people think they have not been that naive, just as Devine  indicated “the average user's profile contains information like their pet's name, where they went to school, family details – just the kind of information used for security or “lost password” questions by banking services.”
Through the process of data mining, fragments of users' information can be brought together and integrated.
This is exacerbated because people frequently try to add strangers to their pool of friends on social network sites, more often than not just to increase the number of friends in their profile . Acquisti and Gross  found users' privacy concerns are weak predictors of their membership of the network. Trusting their ability to control their private information, even those with high levels of privacy concern reveal great amounts of personal information on SNS, and, because of the lack of human-centric design, privacy protection techniques and policies are not well employed by users.
Use of Privacy Techniques and Policies
Most social network sites have privacy setting capabilities and features. Various protections are suggested by scholars –, although most are not used sufficiently.
Lehikoinen et al.  found privacy settings that SNS provide are rarely used and that participants relied mainly on their own judgment in what information they shared and how that was achieved.
Overconfidence in one's own knowledge and the prevailing disbelief that one could fall victim to attack, make users especially vulnerable in social networks, where they are facing various perils on social network sites. According to cost-benefit theory, there must be reasons good enough to convince users to disclose personal information.
Reasons for Information Disclosure on SNS
As there are so many risks perceived by transacting in social networks, some attention should be given to how to deliver private information on the Internet. Forman et al.  believe that online self-disclosure is driven in part by:
The desire for identification with a community, and
The need for self-verifying feedback from other community members affirming that one is a member.
Scholars in this area trace this back to the theory of weak ties. Weak ties include friends of a friend, family of a colleague and so on. It refers to the association of two people who do not interact so much but are both familiar with the same brokerage with the relationship as friends or colleagues.
As demonstrated by Granovetter – and Burt , weak ties are essential to the flow of information that integrates otherwise disconnected social clusters into a broader society. Considering the situation with respect to SNS interaction is a dyadic process and can be maintained if parties involved get more benefit than risk exposure when sharing information –. As SNS have been one of the best ways for people to consolidate their old ties and work on new ones, there is an impetus to create a profile and to subsequently display social connections.
Factors Affecting User Behaviors
Users' online behaviors are careless, threatening their safety.
Paine et al.  reviewed numerous studies, and drew the conclusion that privacy concern was the most important factor affecting privacy disclosure , but Acquisti and Gross  found users' privacy concerns to be weak predictors of their membership of the network. Even some of those users with high levels of privacy concern enjoyed sharing personal information on social network sites.
Different groups behave differently in the face of potential risk. As Fogel and Nehmad  stated, different risk taking attitudes exist between genders of users with profiles on SNS: greater risk taking attitudes exist among men than women. In general, privacy concerns and identity information disclosure concerns are of greater importance to women than men. Greater percentages of men than women also display their phone numbers and home addresses on social networking websites. In addition, it was found that individuals with profiles on social networking websites have greater risk taking attitudes than those who do not.
There are also scholars who have studied the effect of differences in age with respect to behavior on SNS. Pfeil et al.  demonstrated that teenagers have larger networks of friends compared to older users of My Space. The majority of teenage users' friends are in their own age range, while older people's networks of friends tend to have a more diverse age distribution. In addition, their results show that teenagers tend to make more use of different media within MySpace and use more self-referencing compared to older people.
There are still other factors influencing privacy data disclosures on SNS. Lehikoinen et al.  also found that culture of community and competence are significant factors affecting information disclosure in social online services.
Topical Themes and Issues
Privacy-Preserving Collaborative Social Network
Information sharing in or among social networks can be used as a helpful antiterrorist strategy , an intelligence sharing capability , and in project fulfillment procedures. Mutual benefit calls for collaborative social networks while everyone still cares about their private information. Yang , Blosser and Zhan  and Zhan et al.  discuss how to design social networks with better privacy controls.
According to Blosser and Zhan , three main hurdles exist in building a collaborative social network. “The first hurdle is how to actually combine the social network data of multiple, potentially competing providers into a single network. This must be done in a way to prevent a provider from acquiring the data of other providers and without the central server knowing the contents of the social network. The next hurdle is keeping the collaborative social network updated so edges that have been removed in sub-networks are removed in the collaboration.” The last hurdle is handling user interaction within the collaborative social network.
Both Yang  and Blosser and Zhan  have worked on the structures of privacy-preserving collaborative social networks. Blosser and Zhan  propose a client-server architecture as the technological base of a collaborative social networking environment, allowing the users and other social networks to be clients of a server that would keep the data and communications partitioned. They also determined which nodes within different social networks were the same by finding matching attributes (e.g., email addresses, names, and so on), so the edges in both networks should be combined at that point. Yang  proposed publishing a combination of information in a generalized node depending on the intended degree of privacy, and he proposed new criteria to determine which information was to be shared in a generalized node: need to know, need to share, privacy, and trust. According to experiments, the methodological approaches in both articles seem to be useful. Meanwhile they all believe a more complete network including the structure and information filtering system needs to be developed in the future.
Innovative Business Models for Privacy Protection
O'Reilly  has created business models for the next generation of software. He believes that data control may be the chief source of competitive advantage for companies. Hoffman et al.  also believe that the “effective way for commercial web providers to develop profitable exchange relationships with online customers is to earn their trust,” which can be done by “allowing the balance of power to shift toward a more cooperative interaction between an online business and its customers.”
Though these are the main opinions that have been proposed by scholars, the concrete structure of the business model is rarely mentioned. An innovative business model taking into account privacy protection is desperately needed by both users and providers of SNS. The duty of companies, users and government in protecting users' privacy should be made clear, and the model should be easy to implement.
Personalized Services or Privacy Invasion?
Users can reduce their risk by increasing their own levels of safety awareness.
Facebook introduced the beacon platform in 2007, which was aimed at tracking users' online purchasing habits and publishing it to a friend. The purpose of this strategy was to bring about more customized advertising. But people felt their privacy had been breached. After user groups resisted the feature, the beacon platform was closed. On April 21, 2010, Mark Zuckerberg announced Facebook would bring out an “Open Graph” plan. This plan attempted to connect users of Facebook to the rest of the networked world according to their preference and behavior online. Within a few days of the announcement, privacy advocacy groups urged the Federal Trade Commission to investigate the plan.
According to Kevin Werbach, legal and business ethics professor at the Wharton School, University of Pennsylvania, “act now; apologize later” is one way that big companies are pushing forward with new services. It is only after the service is introduced that we learn whether a company ultimately will face a backlash from users and regulators.
Table I outlines the findings of this article. Four main parts are presented: a) information leaks based on privacy disclosure, b) information leaks based on attack techniques, c) users' behaviors with respect to SNS and privacy and d) some other topical themes and issues that are presently receiving a great deal of attention. Important articles focusing on those areas are arranged and referenced in the last column.
Rights to Privacy are Endangered
Users' rights to privacy are in danger. Users' online behaviors are careless, threatening the safety of their property, reputation, and sometimes even their lives. Dealing with information leaks depends on what users are willing to disclose, and it has to do with government laws and market regulation within a given jurisdiction. Self-regulation is an advanced form of market regulation.
Attack techniques include direct attack techniques and malicious applications. Protection from direct attacks relies on experts, but protection from malicious applications depends mostly on users' watchfulness.
Users can reduce their risk by increasing their own levels of safety awareness. Previous studies have shown that users' behaviors on SNS have placed individuals in dangerous situations. The theory of weak ties provides reasons why users disclose personal information in SNS. Future research should address privacy-preserving collaborative social networks, innovative business model sensuring privacy protection, and the question of personalized services or an invasion of privacy.
1. L. Cutillo, R. Molva, T. Strufe, "Privacy preserving social networking through decentralization", Proc of 6th International Conference on Wireless On-demand Network Systems and Services, pp. 145-152, 2009-Feb.
2. D. Boyd, N. Ellison, "Social network sites: Definition history and scholarship", Computer-Mediated Communication, vol. 13, no. 1, pp. 210-230, 2008.
3. R. Gross, A. Acquisti, "Information revelation and privacy in online social networks", Proc. ACM Workshop on Privacy in the Electronic Society, pp. 71-80, 2005-Nov.
4. S. Warren, L. Brandeis, "The right to privacy", Harvard Law Rev., vol. 4, no. 5, pp. 193-220, 1890.
5. A. Westin, Privacy and Freedom, Athenaeum, 1967.
6. D. Solove, The Digital Person. Technology and Privacy in the Information Age., NYU Press, 2004.
7. L. Austin, "Privacy and the question of technology", Law and Philosophy, vol. 22, pp. 119-166, 2003.
8. B. Wellman, "Computer networks as social networks", Science, vol. 293, pp. 2031-2034.
9. S. Mansfield-Devine, "Anti-social networking: Exploiting the trusting environment of Web 2.0", Network Security, vol. 11, pp. 4-7, 2008.
10. E. Caudill, P. Murphy, J. of Public Policy and Marketing, vol. 19, no. 1, pp. 7-19, 2000.
11. J. DeCew, In Pursuit of Privacy: Law Ethics and the Rise of Technology, Cornell Univ. Press, 1997.
12. P. Swire, R. Litan, None of Your Business: World Data Flows Electronic Commerce and the European Privacy Directive., Brookings Institution Press, 1998.
13. K. Sheehan, M. Hoy, "Flaming complaining abstaining: How online users respond to privacy concerns", J. Advertising, vol. 28, no. 3, pp. 37-51, 1999.
14. P. Swire, Markets Self-Regulation and Government Enforcement in the Protection of Personal Information Privacy and Self-Regulation in the Information Age., U.S. Department of Commerce, pp. 3-20, 1997.
15. M. Culnan, "Protecting privacy online: Is self-regulation working", J. Public Policy and Marketing, vol. 19, no. 1, pp. 20-26, 2000.
16. F. Cate, Privacy in the Information Age, Brookings Institution Press, 1997.
17. S. Chakrabarti, "Data mining for hypertext: A tutorial survey", ACM SIGKDD Explorations Newsletter, vol. 1, no. 2, pp. 1-11, 2000.
18. L. Geetor, "Link mining: A new data mining challenge", ACM SIGKDD Explorations Newsletter, vol. 5, no. 1, pp. 84-89, 2003.
19. D. Jensen, P. Cohen, "Multiple comparisons in induction algorithims", Machine Learning, vol. 38, pp. 309-338, 2000.
20. N. Friedman, "Learning probabilistic model of relational structure", Proc 18th Int. Conf. Machine Learning, pp. 170-177, 2001.
21. W. Alist, M. Song, "Mining social networks: Uncovering interaction patterns in business processes", Proc. Int. Conf. Business Process Management, pp. 244-260, 2004.
22. P. Mika, "Flink: Semantic Web technology for the extraction and analysis of social networks", Web Semantics: Science Services and Agents on the World Wide Web, vol. 3, pp. 2-3, 2005.
23. C. Saran, "Web users warned of crosssite script attacks", Computer Weekly, pp. 47, Oct. 2006.
24. R. Diebert, J. Stein, "Hacking networks of terror", Dialogue IO, vol. 1, pp. 1-14, 2002.
25. E. Athanasopoulos, "Antisocial networks: Turning a social network into a botnet", Proc. Information Security Conf., pp. 146-160, 2008-Sept.
26. J. Doucer, "The Sybil Attack", Proc 1st Int. Workshop on Peer-to-Peer Systems, pp. 251-260, 2002.
27. A. Korolova, "Link privacy in social networks", Proc. IEEE 24th Int. Conf. Data Engineering, pp. 1355-1357, 2008.
28. B. Zhou, J. Pei, "Preserving privacy in social networks against neighborhood attacks", Proc. IEEE 24th Int. Conf. Data Engineering, pp. 506-515, 2008.
29. T. Jagatic, "Social phishing", Commun. ACM, vol. 50, no. 10, pp. 94-100, 2007.
30. L. Chen, T. Longstaff, K. Carley, "Characterization of defence mechanisms against distributed denial of service attacks", Computers and Security, vol. 23, no. 8, pp. 665-678, 2004.
31. A. Cheng, E. Friedman, "Sybilproof reputation mechanisms", Proc. ACM SIGCOMM Workshop on Economics of peertopeer systems, pp. 128-132, 2005.
32. K. Lai, "Incentives for cooperation in peer-to-peer networks", Workshop Economics of Peer-to-Peer Systems, 2003.
33. M. Feldman, "Robust incentive techniques for peer-to-peer networks", Proc. 5th ACM Conf. Electronic Commerce, pp. 102-111, 2004.
34. H. Yu, "SybilGuard: Defending against Sybil Attacks via social networks", Proc. Conf. on Applications Technologies Architectures and Protocols for Computer Communications, pp. 267-278, 2006.
35. K. Lewis, J. Kaufman, N. Christakis, "The taste for privacy: An analysis of college student privacy settings in an online social network", J. Computer-Mediated Communication, vol. 14, pp. 79-100.
36. N. Ellison, C. Steinfield, C. Lampe, "The benefits of Facebook ‘friends’: Social capital and college students' use of online social network sites", J. Computer-Mediated Communication, vol. 12, no. 4, pp. 1143-1168, 2007.
37. J-Y. Son, S. Kim, "Internet users' information privacy-protective responses: A taxonomy and a nomological node", MIS Quart., vol. 32, no. 3, pp. 503-529, 2008.
38. H-G. Ko, S-H. Kim, S-H. Jin, "Usability enhanced privacy protection system based on users' responses", Proc. Int. Symp. Consumer Electronics, pp. 1-6, 2007.
39. J. Lehikoinen, T. Olsson, "Privacy regulation in online social interaction", ICT Society and Human Beings, 2008.
40. J. Khan, S. Shaikh, "Computing in social networks with relationship algebra", J. Network and Computer Applications, vol. 31, pp. 862-878, 2007.
41. A. Acquisti, R. Gross, "Imagined communities: Awareness information sharing and privacy on Facebook", Proc. 6th Workshop on Privacy Enhancing Technologies, pp. 36-58, 2006.
42. C. Bennett, R. Grant, Univ. of Toronto Press, 1999.
43. J. Kleinberg, "Challenges in mining social network data: processes privacy and paradoxes", Proc. ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, pp. 4-5, 2007.
44. C. Forman, A. Ghose, B. Wisenfeld, "Examining the relationship between reviews and sales: The role of reviewer identity disclosure in electronic markets", Information Systems Res., vol. 19, no. 3, pp. 291-313, 2008.
45. M. Granovetter, "The strength of weak ties", Amer. Economic Rev., vol. 78, pp. 1360-1480, 1973.
46. M. Granovetter, "The strength of weak ties: A network theory revisited", Sociological Theory, vol. 1, pp. 201-233, 1983.
47. R. Burt, Harvard Univ. Press, Press, 1992.
48. G. Homans, "Social behaviour as exchange", Amer. J. Sociology, vol. 63, no. 6, pp. 597-606, 1958.
49. J. Johanson, L. Mattsson, "Interorganizational relations in industrial systems: A network approach compared with the transaction-cost approach".
50. International Studies of Management and Organization, vol. 17, no. 1, pp. 34-48, 1987.
51. C. Paine, "Internet users' perceptions of ‘privacy concerns’ and ‘privacy actions’", Human-Computer Studies, vol. 65, pp. 526-536, 2007.
52. H. Xu, S. Gupta, "The effects of privacy concerns and personal innovativeness on potential and experienced customers' adoption of location-based services", Electronic Markets — Int. J. Networked Business, vol. 19, no. 2, pp. 137-149, 2009.
53. J. Fogel, E. Nehmad, "Internet social network communities: Risk taking trust and privacy concerns", Computers in Human Behavior, vol. 25, pp. 153-160, 2009.
54. U. Pfeil, R. Arjan, P. Zaphiris, "Age differences in online social networking — A study of user profiles and the social capital divide among teenagers and older users in Myspace", Computers in Human Behavior, vol. 25, no. 3, pp. 643-654, 2009.
55. C. Yang, "Information sharing and privacy protection of terrorist or criminal social networks", Proc. IEEE Int. Conf. on Intelligence and Security Informatics, pp. 40-45, 2008.
56. G. Blosser, J. Zhan, "Privacy preserving collaborative social Network", Proc. 2nd Int. Conf. on Information Security and Assurance, pp. 543-548, 2008.
57. J. Zhan, "Privacy-preserving collaborative social networks", Proc. IEEE Int. Conf. on Intelligence and Security Informatics, pp. 114-125, 2008.
58. M. Langheinrich, "A privacy awareness system for ubiquitous computing environments", Lecture Notes in Computer Science, pp. 315-320, 2002.
60. D. Rosenblum, "What anyone can know: The privacy risks of social networking sites", IEEE Security and Privacy, vol. 5, no. 3, pp. 40-49, 2007.
61. T. O'Reilly, "What is Web 2.0: Design patterns and business models for the next generation of software", Communications and Strategies, vol. 1, pp. 17-37, 2007.
62. D. Hoffman, T. Novak, M. Peralta, "Building consumer trust online", Commun. ACM, vol. 42, pp. 80-85, 1999.
63. P. Boutin, "Just how trusty is truste?", Wired, 2002, [online] Available: http://www.wired.com/techbiz/media/news/2002/04/51624.
64. M. Ackerman, "Privacy in pervasive environments: Next generation labeling protocols", Personal Ubiquitous Computing, vol. 8, no. 6, pp. 430-439, 2004.
65. A. Kobsa, "Privacy-enhanced personalization", Commun. ACM, vol. 50, no. 8, pp. 24-33, 2007.
66. L. Cranor, "Web Privacy in P3P", [online] Available: http://p3pbook.com/.
The work was supported in part by the National Natural Science Foundation of China under Grant No. 70901039 and 71171106, National Planning Office of Philosophy and Social Science under Grant No. 11&ZD169, NCET-11-0220 project, Jiangsu Planning Office of Social Science under Grant No. 11TQC010, Jiangsu University Philosophy and Social Science key project under Grant No. 2012ZDIXM036, and a Nanjing University Innovation Team Support Project.
Security, Privacy, Data privacy, Social network services, Internet, Online services, personal data handling, online social network sites, private information security
Citation: Xi Chen and Katina Michael, 2012, "Privacy Issues and Solutions in Social Network Sites", IEEE Technology and Society Magazine, Vol. 31, No. 4, pp. 43 - 53.