Examining factors that influence subordinates’ willingness to connect with supervisors on Facebook through the lens of communication privacy management theory

Akin, Kazim Yigit

January 1900

Master of Arts / Department of Communication Studies / Gregory Paul / Over the last decade, people have been able to access and use the Internet quickly and easily though several types of advanced technologies. Social networking sites (SNS) have attracted millions of users from all over the word and have become a part of their social and work lives. As the most popular SNS, Facebook.com has been leading the SNS market with 1.86 billion monthly active users (Facebook, 2017). Facebook has also been adopted by workplaces. Individuals in the workplace use Facebook for several reasons, such as staying in touch with colleagues. This integration of SNSs into people’s work life has led to personal and professional boundaries being blurred and created privacy dilemmas. This study examines factors that influence subordinate’s willingness to accept a Facebook friend request from their supervisor, using the theoretical lens of communication privacy management (CPM). Overall, 231 individuals who have a Facebook account and work at either a full-time or part-time job completed an online survey. A positive relationship was found between subordinates’ willingness to accept a Facebook friend request from a supervisor and subordinate communication satisfaction with a supervisor. This study’s results indicate that alterations in Facebook content, and being more open through privacy management practices do not predict subordinates’ willingness to accept supervisors’ Facebook friend request. Further, subordinates’ communication satisfaction with their supervisor did not influence subordinates’ content alterations of Facebook, such as deleting previously posted media content, wall posts, modifying profile information, or removing status updates. This thesis ends with a discussion of the implications of Facebook connections between subordinates and supervisors. This study also provides insights on the intersections of use of SNS, workplace use of SNSs, workplace relationships, and communication privacy management theory.

Supervisor-subordinate communication

Facebook

Privacy management

Defending against inference attack in online social networks

Chen, Jiayi

19 July 2017

The privacy issues in online social networks (OSNs) have been increasingly arousing the public awareness since it is possible for attackers to launch several kinds of attacks to obtain users' sensitive and private information by exploiting the massive data obtained from the networks. Even if users conceal their sensitive information, attackers can infer their secrets by studying the correlations between private and public information with background knowledge. To address these issues, the thesis focuses on the inference attack and its countermeasures. First, we study how to launch the inference attack to profile OSN users via relationships and network characteristics. Due to both user privacy concerns and unformatted textual information, it is quite difficult to build a completely labeled social network directly. However, both social relations and network characteristics can help attribute inference to profile OSN users. We propose several attribute inference models based on these two factors and implement them with Naive Bayes, Decision Tree, and Logistic Regression. Also, to study network characteristics and evaluate the performance of our proposed models, we use a well-labeled Google employee social network extracted from Google+ for inferring the social roles of Google employees. The experiment results demonstrate that the proposed models are effective in social role inference with Dyadic Label Model performing the best. Second, we model the general inference attack and formulate the privacy-preserving data sharing problem to defend against the attack. The optimization problem is to maximize the users' self-disclosure utility while preserving their privacy. We propose two privacy-preserving social network data sharing methods to counter the inference attack. One is the efficient privacy-preserving disclosure algorithm (EPPD) targeting the high utility, and the other is to convert the original problem into a multi-dimensional knapsack problem (d-KP) which can be solved with a low computational complexity. We use real-world social network datasets to evaluate the performance. From the results, the proposed methods achieve a better performance when compared with the existing ones. Finally, we design a privacy protection authorization framework based on the OAuth 2.0 protocol. Many third-party services and applications have integrated the login services of popular social networking sites, such as Facebook and Google+, and acquired user information to enrich their services by requesting user's permission. However, due to the inference attack, it is still possible to infer users' secrets. Therefore, we embed our privacy-preserving data sharing algorithms in the implementation of OAuth 2.0 framework and propose RANPriv-OAuth2 to protect users' privacy from the inference attack. / Graduate

online social network

privacy

inference attack

On privacy in mobile voice communication networks

Croft, Neil John

03 October 2011

The introduction of mobile communications has undoubtedly altered our physical and social world. Like the Internet, it has changed the way we interact with each other allowing for communication using a variety of communication mediums by means of a magnitude of interactive mobile devices. The context, content, persons communicating, situation and timing all have a varying degree of influence on the sensitivity of information being shared. The individual's awareness of exposure of their private information on the Internet has filtered through into the mobile communications space. It is commonly held in current mobile communication network literature that as privacy-sensitive information travels through a network, it may be exposed to privacy infringement at various stages along its journey. Much of the concern from the individual's perspective, though, stems from a fear of the unknown. In the presence of these threats and vulnerabilities it is justified to wonder whether current mobile communications networks (and indeed future networks) provides sufficient privacy for users with very valuable information to communicate. In this thesis, I develop a systematic approach to identifying areas of privacy concern in a current mobile communication networks in an effort to outline mobile communication privacy principles and how applicable they are in Next Generation Networks. With a privacy stance, the objective of my work is through technical examination and sometimes theoretical undertaking to identify acceptable solutions which restrict the flow of private information and ultimately confirm, through privacy analyses, the benefits gained in doing so. The results show that, given the current situation and technological configuration, there are commonalities which extend beyond a mere concern within a mobile communications network's requirement for privacy enhancement. In a perfect world, the idea is to articulate towards a system of privacy by design rather than as an uttered afterthought. It is no longer inconceivable to think there is an opportunity to deliver a privacy-conscious network, if careful consideration is given to all parties and aspects that govern a mobile communications network and the correct privacy-enhancing technologies are administered correctly. Throughout my thesis, although each privacy solution is segmented and may have a specific privacy application, the results attested contribute largely to a converged prospectus for privacy-aware future generation communication networks. The significance of this lies in the study of past privacy pitfalls in order to better manage the potential for future privacy problems. The rationalisation is if privacy principles are identified (in existing networks) and adhered and applied to (in next generation networks), then we converge towards a network infrastructure that possesses a desirable level of privacy protection. / Thesis (PhD)--University of Pretoria, 2011. / Computer Science / unrestricted

Ngn

Anonymous

Mobile

Pet

Communications

Privacy

UCTD

Next Generation RFID Randomization Protocol

LaValley, Jason

January 2011

Radio Frequency IDentification (RFID) is a wireless communications technology which allows companies to secure their assets and increase the portability of information. This research was motivated by the increased commercial use of RFID technology. Existing security protocols with high levels of security have high computation requirements, and less intensive protocols can allow a tag to be tracked. The techniques proposed in this thesis result in the increase of ciphertexts available without a significant increase in processing power or storage requirements. The addition of random inputs to the generation of ciphertexts will increase the number of possible results without requiring a more advanced encryption algorithm or an increased number of stored encryption keys. Four methods of altering the plaintext/ciphertext pair (random block, set pattern, random pattern, and indexed placement) are analyzed to determine the effectiveness of each method. The number of ciphertexts generated, generation time, and generation errors were recorded to determine which of the four proposed methods would be the most beneficial in a RFID system. The comparison of these method characteristics determined that the set pattern placement method provided the best solution. The thesis also discusses how RFID transmissions appear to attackers and explains how the random inputs reduce effectiveness of current system attacks. In addition to improving the anonymity of RFID tag transmissions, the concept of authenticating random inputs is also introduced in this thesis. These methods help prevent an adversary from easily associating a tag with its transmissions, thus increasing the security of the RFID system.

RFID

Radio Frequency Identification

Randomization

Security

Privacy

Aggregation and Privacy in Multi-Relational Databases

Jafer, Yasser

January 2012

Most existing data mining approaches perform data mining tasks on a single data table. However, increasingly, data repositories such as financial data and medical records, amongst others, are stored in relational databases. The inability of applying traditional data mining techniques directly on such relational database thus poses a serious challenge. To address this issue, a number of researchers convert a relational database into one or more flat files and then apply traditional data mining algorithms. The above-mentioned process of transforming a relational database into one or more flat files usually involves aggregation. Aggregation functions such as maximum, minimum, average, standard deviation, count and sum are commonly used in such a flattening process. Our research aims to address the following question: Is there a link between aggregation and possible privacy violations during relational database mining? In this research we investigate how, and if, applying aggregation functions will affect the privacy of a relational database, during supervised learning, or classification, where the target concept is known. To this end, we introduce the PBIRD (Privacy Breach Investigation in Relational Databases) methodology. The PBIRD methodology combines multi-view learning with feature selection, to discover the potentially dangerous sets of features as hidden within a database. Our approach creates a number of views, which consist of subsets of the data, with and without aggregation. Then, by identifying and investigating the set of selected features in each view, potential privacy breaches are detected. In this way, our PBIRD algorithm is able to discover those features that are correlated with the classification target that may also lead to revealing of sensitive information in the database. Our experimental results show that aggregation functions do, indeed, change the correlation between attributes and the classification target. We show that with aggregation, we obtain a set of features which can be accurately linked to the classification target and used to predict (with high accuracy) the confidential information. On the other hand, the results show that, without aggregation we obtain another different set of potentially harmful features. By identifying the complete set of potentially dangerous attributes, the PBIRD methodology provides a solution where the database designers/owners can be warned, to subsequently perform necessary adjustments to protect the privacy of the relational database. In our research, we also perform a comparative study to investigate the impact of aggregation on the classification accuracy and on the time required to build the models. Our results suggest that in the case where a database consists only of categorical data, aggregation should especially be used with caution. This is due to the fact that aggregation causes a decrease in overall accuracies of the resulting models. When the database contains mixed attributes, the results show that the accuracies without aggregation and with aggregation are comparable. However, even in such scenarios, schemas without aggregation tend to slightly outperform. With regard to the impact of aggregation on the model building time, the results show that, in general, the models constructed with aggregation require shorter building time. However, when the database is small and consists of nominal attributes with high cardinality, aggregation causes a slower model building time.

Aggregation

Privacy

Relational Database

Data Mining

Cryptographic Credentials with Privacy-preserving Biometric Bindings

Bissessar, David

January 2013

Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials. Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials. The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.

Cryptography

Privacy Enhancing Techniques

Biometrics

Fuzzy Extractors

RESHAPING THE DISCOURSE ON PRIVACY IN THE ERA OF THE INTERNET OF THINGS

Spataru, Adriana

January 2017

This paper is situated at the border between privacy studies and law and media studies. More precisely, the research aims to find out how the discourse on privacy is reshaped in the context of the upcoming technological changes envisaged in the scenery of the IoT. In a world where potentially all items become connected, the era of the Web 2.0 seems to fade away and leave the floor for a new era where the machines are also empowered as to create human-related content. One of the dimensions of this technological shift is the ubiquity of data and the continuous flow of information it involves. In this new landscape, individual privacy is a construct that necessitates further reflection and content analysis. Where legislation sets up for being the patron of data protection, the European legal rules are undergoing a reform process aiming to adapt the legal framework to the social realities. In light of the above, this paper starts by mapping how privacy was conceptualized by analyzing different theories set up in various media contexts. It follows by sketching the new media context of the IoT and mainly how it functions and where it applies. In order to draw a conclusion on how the new type of communications under the IoT can carve the notion of privacy, this paper will analyze the legal texts that aim to regulate the field of privacy. Legal texts are chosen as empirical material because they are the best barometer of social realities. In addition, in this particular field, the European legal background is subject to a reformation aiming to impose stricter rules that mirror the need for a stronger protection of privacy under the fast technological changes. After the analysis of the empirical material, the research applies the findings on the IoT to the legal background in order to assess whether the legal regime is strong enough to protect personal data. After carrying out this examination, the theories presented at the beginning of the paper are tested under the IoT scenery in order to assess which one is the most appropriate for the new context. The analysis reveals that surveillance theories and especially the panspectric gaze theory are the most applicable in the IoT scenery.

Internet of Things

Privacy

Media and Communications

Medie- och kommunikationsvetenskap

Privacy law and the media

Paton, Elizabeth Katrine

January 1990

This thesis explores the issue of how to reconcile the value of individual privacy with that of freedom of speech. It argues that there ought to be legal protection against invasion of privacy by the media, and that such protection should be seen as complementary to a system of free expression rather than opposed to such a system. A definition of privacy is outlined which, it is contended, meets the criteria for a coherent, neutral definition. Various reasons for valuing privacy and in favour of protecting the individual's reasonable expectations of privacy are identified. It is argued that lack of precision in the normative realm, in defining with certainty when privacy is invaded, should not be an excuse for leaving the individual without legal protection. There follows an examination of the protection of privacy against media incursions in English, New Zealand, Australian and Canadian law, other than the coincidental protection afforded by certain common law actions. There has been significant judicial and legislative recognition of the need to safeguard privacy interests, and many interesting developments in recent years are discussed. However, none of the countries considered has yet developed effective recourse for victims of unwarranted and invasive publications. It is argued that the relationship between privacy and free speech has been wrongly conceptualised, and that in fact both interests serve the same underlying set of values. Problems arise when privacy and free speech interests are balanced in the abstract rather than in context, and when a simplistic view of press freedom is adopted in disregard of the realities of the modern mass media. Invasive publications generally do not significantly advance free speech interests unless they help to provide the information needed for public decision-making. Furthermore, this information can in many cases be conveyed without detriment by withholding details which disclose identity. A three-step test is proposed to determine whether privacy and free speech interests can be reconciled without compromise to either of them, or whether it is necessary to balance these interests in the context of the case. It will also be maintained that a contextual approach is preferable to the adoption of categories such as "public figures" and "public places". These concepts tend to be misleading, and should be eschewed as analytical tools, since they confuse important questions which require separate analysis. / Law, Peter A. Allard School of / Graduate

Privacy, Right of

Freedom of speech

Freedom of the press

Exploring Privacy in Location-based Services Using Cryptographic Protocols

Vishwanathan, Roopa

05 1900

Location-based services (LBS) are available on a variety of mobile platforms like cell phones, PDA's, etc. and an increasing number of users subscribe to and use these services. Two of the popular models of information flow in LBS are the client-server model and the peer-to-peer model, in both of which, existing approaches do not always provide privacy for all parties concerned. In this work, I study the feasibility of applying cryptographic protocols to design privacy-preserving solutions for LBS from an experimental and theoretical standpoint. In the client-server model, I construct a two-phase framework for processing nearest neighbor queries using combinations of cryptographic protocols such as oblivious transfer and private information retrieval. In the peer-to-peer model, I present privacy preserving solutions for processing group nearest neighbor queries in the semi-honest and dishonest adversarial models. I apply concepts from secure multi-party computation to realize our constructions and also leverage the capabilities of trusted computing technology, specifically TPM chips. My solution for the dishonest adversarial model is also of independent cryptographic interest. I prove my constructions secure under standard cryptographic assumptions and design experiments for testing the feasibility or practicability of our constructions and benchmark key operations. My experiments show that the proposed constructions are practical to implement and have reasonable costs, while providing strong privacy assurances.

Cryptographic protocols

privacy

location-based services

Peering Through the Cloud—Investigating the Perceptions and Behaviors of Cloud Storage Users

Wu, Justin Chun

01 October 2016

We present the results of a survey and interviews focused on user perceptions and behaviors with respect to cloud storage services. In particular, we study behaviors such as which services are used, what types of data are stored, and how collaboration and sharing are performed. We also investigate user attitudes toward cloud storage on topics such as payment, privacy, security, and robustness. We find that users are drawn to cloud storage because it enables robust, ubiquitous access to their files, as well as enabling sharing and collaborative efforts. However, users' preferred medium for file sharing continues to be email, due to its ubiquity and role as "lowest common denominator." Privacy and security are of great concern to users, and though users vocally describe feeling "safe" on the cloud, this is because they actively filter the content they store in cloud services. Payment is a sensitive issue, with users exhibiting a strong aversion to any form of direct payment, preferring even disliked alternative funding mechanisms such as targeted advertising. Finally, the cloud serves as an important backup location for users, although space limitations prevent them from using it as a full backup solution.

cloud storage

personal data

privacy

Computer Sciences