Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
collect a lot of personal data about people by indexing several websites and hence make<br />
this sensitive data available to anyone with one click by entering a simple query into the<br />
search engine - security through obscurity is not existent anymore if personal data has<br />
been published on the Internet [Pik2006]. This problem area especially arises when it<br />
comes to social networks which the following section is going to deal with.<br />
2.3.4. Social networks<br />
Social networks such as Facebook, LinkedIn, MySpace or StudiVZ are getting more<br />
popular every day, hence attract more users and collect more data [Gro05]. One principle<br />
of such platforms is that users have to register to create a profile. There they can enter<br />
all kind of personal data: Name, address, contact information such as e-mail or telephone<br />
number, date of birth, hobbies, photos, relationship status, employer and so on. If users<br />
want to, they are literally able to publish their whole curriculum vitae. One of the main<br />
reasons to join such a social network is to get connected to friends and other people<br />
by “adding” them as “friends”. With this feature, social networks can be calculated<br />
by the provider of the platform: friends of friends are suggested to other users because<br />
they may know them, live near them or attended the same class, different connections<br />
to other friends can be displayed and so on. All this leads to a huge threat to privacy<br />
if not necessary mechanisms are in place to make sure that all this very sensitive user<br />
data is not mis-used (e.g. for data mining), sold (e.g. to direct marketing companies) or<br />
stolen (and then, for example, used for identity theft). Although all such platforms offer<br />
privacy settings, the default settings are not very strict. The reason for this was already<br />
mentioned earlier: there is a trade-off between privacy and functionality, especially for<br />
social networks. In addition to that, every information about its users is an asset for<br />
the platform operators. [Gro05] discusses privacy implications of social networks based<br />
on the example of Facebook which are broken down into the following categories:<br />
12<br />
• Stalking: As user profiles often not only include information about the residence<br />
but also about the occupation (such as the university and currently attended classes<br />
at university), stalkers can easily identify the physical location during the day. Especially<br />
status messages can also reveal information which could be used to locate<br />
the physical location of users. Besides physical stalking, potential adversaries could<br />
stalk their victim via instant messaging (IM) as IM account-names are very often<br />
provided in user profiles.<br />
• Re-identification: Besides using data such as date of birth and zip-codes, users<br />
can easily be identified via posted pictures. Depending on the country, available<br />
data on social networks can also easily be used for identity theft. The social<br />
security number in the US, for example, can almost be estimated if the following<br />
information is available: date of birth, hometown and current residence - all this<br />
information is often present in user profiles [Gro05].<br />
• Building a digital dossier: By collecting data about users, a digital dossier can<br />
easily be build, especially over time. Changing home-towns, partnership details,