Professor Hendrik Speck - Social Conduct. Privacy and Social Networks, re:publica’09. Shift happens. Netiquette for Social Networks, April 2nd, 2009, Berlin, Germany
October 9th, 2008 Berlin, Germany, privacy, private sphere, public sphere, risk, law, security, anonymity, surveillance, panopticon, sousveillance, social network analysis, social media, web 2.0, hype, history, features, examples, audience, user, markets, revenues, google, youtube, myspace, wikipedia, captcha, security, cracking, data portability, decentralization, helloworld, hello world network, open id, openid, opensocial, open social, rsa, foaf, xml, java
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
1. Social Conduct. Prof. Hendrik Speck University of Applied Sciences Kaiserslautern re:publica’09. Shift happens. Netiquette for Social Networks April 2 nd , 2009 Berlin, Germany
2. 1. User Information and Interests Social Networks Data Mining. Data Layers. 2. ??? 3. ??? 4. ??? 5. ??? 6. ???
3. 1. Account ID 2. User Name 3. First Name 4. Last Name 5. Academic Title 6. Academic Degree 7. Sex/Gender 8. Birth/Maiden Name 9. Relationship Status User Identifiers and Attributes. Social Network Analysis. 10. Sexual Preferences 11. Birthday 12. Sign of the Zodiac 13. Hometown 14. Country 15. Time Zone 16. Political Views 17. Religious Views Social Networks
4. 18. Address 19. City 20. Zip 21. Country 22. Website 23. Email 24. Mobile Phone 25. Land Phone 26. Fax Contact Information. Social Network Analysis. 27. Skype ID 28. ICQ ID 29. AIM ID 30. Yahoo ID 31. WindowsLive ID 32. GoogleTalk ID 33. Gadu-Gadu ID Social Networks
5. 34. Status 35. Employer 36. Position/Title 37. Company Website 38. Address 39. City 40. Zip Code 41. State 42. Country Work. Social Network Analysis. 43. Industry 44. Description 45. Wants 46. Haves 47. Time Period From 48. Time Period To 49. Business Organization Social Networks
6. 50. College/University 51. Class Year 52. Attended for 53. Degree 54. College/Graduate School 55. Concentration 56. Second Concentration 57. Third Concentration 58. Degree Education. Social Network Analysis. 59. High School 60. Class Year Social Networks
7. 61. Activities 62. Interests 63. Hobbies 64. Favorite Music 65. Favorite TV Shows 66. Favorite Movies 67. Favorite Books 68. Favorite Quotes 69. About Me Personal Information and Interests. Social Network Analysis. 70. Pictures 71. Uploaded Picture(s) 72. Picture Tags 73. Audio 74. Uploaded Audio 75. Audio Tags 76. Video 77. Uploaded Video(s) 78. Video Tags Social Networks
8. 79. Location 80. Contacts 81. # of Contacts 82. Messages 83. # of Messages 84. Events 85. # of Events 86. Guestbook Entries 87. # of Guestbook Entries Connection and Usage Information. Social Network Analysis. 88. Online Status 89. Login Time 90. Usage 91. IP Address 92. Network 93. Operating System 94. Browser 95. Screen Size 96. Language Social Networks
9. 1. User Information and Interests Social Networks Data Mining. Data Layers. 2. User Generated Content, Interaction 3. Third Party Associations and Content 4. Access and Connectivity 5. API's, Beacons, and Data Feeds 6. Merger of Social, Mobile and Local
12. Social networks and other companies’ “aggressive” attempts to target advertising according to users’ search behaviour risk damaging the internet industry’s reputation . „ „ Source: Edgecliffe-Johnson, Andrew. Google founders in web privacy warning. Financial Times. May 19 2008, http://www.ft.com/cms/s/0/9a877256-25de-11dd-b510-000077b07658.html Sergei Brin and Larry Page, Founder of Google
13. (2) Der Nutzer räumt zoomer.de ein räumlich und zeitlich uneingeschränktes, kostenloses Nutzungsrecht an den von ihm auf dem Internetportal zoomer.de veröffentlichten Inhalten, insbesondere an den Diskussionsbeiträgen in Wort und Bild, den Bewertungen und Kommentaren ein. Das Nutzungsrecht erfasst insbesondere • das Recht, die Inhalte zu speichern und zu vervielfältigen und online im Internet auf zoomer.de sowie auf weiteren Internetportalen öffentlich zugänglich zu machen, soweit diese Internetportale auch von Unternehmen der Holtzbrinck-Gruppe (verbundene Unternehmen im Sinne von §§ 15 ff. Aktiengesetz) betrieben werden; Social Networks Rights Reserved by Platform. Zoomer.de Source: Holtzbrinck. Nutzungsbedingungen. Zoomer.de. Available: http://www.zoomer.de/news/nutzungbedingungen
14. • das Recht, die Inhalte anderen Unternehmen, die jetzt oder zukünftig zur Holtzbrinck-Gruppe gehören, online per Datenübermittlung oder offline auf Datenträger gespeichert zu übermitteln und zur Speicherung und Vervielfältigung sowie zur Veröffentlichung online im Internet auf deren Homepages und Portalen zur Verfügung zu stellen; der Nutzer willigt deshalb bereits jetzt darin ein, dass zoomer.de die eingeräumten Nutzungsrechte an andere Unternehmen der Holtzbrinck-Gruppe weiter überträgt bzw. weiterlizenziert. Social Networks Source: Holtzbrinck. Nutzungsbedingungen. Zoomer.de. Available: http://www.zoomer.de/news/nutzungbedingungen Rights Reserved by Platform. Zoomer.de
15. § 8 Rechte an den von dem Nutzer veröffentlichten Inhalten, Nutzungsrechtseinräumung, Haftung des Nutzers für die Inhalte (1) Der Nutzer hat sicherzustellen, dass er über die Nutzunsgrechte an den von ihm auf dem Portal zoomer.de veröffentlichten Inhalten, insbesondere den Materialien, Texten, Bildern, Audio-Files oder Videos usw. verfügt. Social Networks Duties of User. Zoomer.de Source: Holtzbrinck. Nutzungsbedingungen. Zoomer.de. Available: http://www.zoomer.de/news/nutzungbedingungen
17. Selling 13000 Oxford Students by hanno 200,000 British users, 10k daily active, $121.31 made yesterday by sourcecode 175000 user app for sale - Dating and Sex Test by goldfinger App for sale: 2M+ users by appdev2008 Over than 6000$ December Revenue - App For Sale by Tiger 105,308 adds yesterday with over $400 revenue - in one day! by Temporary 250k users / 2000$ by tolga Facebook App + Website 90,000 users $25,000 income since August by darbsllim apps making 1000.00 a day! by webguy2008 My Clothing Label - 200k+ Users - $0 starting bid by trianaglobal Social Networks Application/Data Market Place. Facebook. Source: Facebook Platform Developer Forum . Application Marketplace. Available: http://forum.developers.facebook.com/
18. Social Networks Source: Mack, Daniel. StasiVZ: StudiVZ startet Spionage Werbung. Bündnis 90/Die Grünen. December 15, 2007, Available: http://danielmack.de/2007/12/15/stasivz-studivz-startet-spionage-werbung/ Brand Damage. StudiVz vs. StasiVz. 2007.
19.
20. Source: Stasido MC. Kaioo.com: Nie wieder StasiVZ! Die Wahrheit über StasiVZ. YouTube. 3 min 31 sec. Available: http://www.youtube.com/watch?v=B92sDagwZ1I Social Networks Kaioo.com: Nie wieder StasiVZ! Video. 2008.
21. Business Interest vs. Privacy. Security Mechanisms. 1. Account / Cookies 2. Captcha 3. Login / HTTPS/ SSL 4. IP Address / UA / Logfile Analysis 5. Default Settings 6. Privacy Settings 7. Link / Friendships 8. Limiter / Caching Mechanism Social Network Analysis
22. StudiVz. Harvesting the Social Graph. Security Mechanisms. 1. Research Login Mechanisms 2. Break Captcha 3. Create / Link Alias Accounts 4. Distribute / Botnet / Proxy Network 5. User Agent Standard/Mozilla 6. Crawl ID/ Person / Account 7. Parse / Analyze Page, Profile, Friends 8. Follow Links / Associations Social Network Analysis
23. Breaking StudiVz Captcha. Letter Recognition under Adverse Conditions. 2008. Font. Normal Fonts, Limited number of fonts, No deformation, Same font size, No overlap, Limited rotation of glyphs, Limited colors, Limited color variation Noise. Standard Primitive Pattern/ Repeating Background/ No texture, Limited number of colors, No perturbation / separate color key (Positive: Glyphs not aligned, Glyph position not constant, No words/ dictionary attacks) Social Network Analysis
24. 1. feeding unanticipated events into their activity stream, or exposing their activity stream to an unanticipated audience 2. eagerly and automatically linking between pages representing users’ different personae 3. mining different social networks for the purpose of merging users’ social graph Social Networks Undermining Privacy in Social Networks. Google. Source: Monica Chew, Dirk Balfanz and Ben Laurie. (Under)mining Privacy in Social Networks. Google Inc. Web 2.0 Security and Privacy 2009. W2SP 2009. 2009. Available: http://w2spconf.com/2008/papers/s3p2.pdf
25. No tested platform was really convincing. In many cases the usage of certain services or functions can not be recommended. Amongst all private platforms facebook received the best evaluations, but even this platform revealed significant weaknesses. Positive evaluations were compensated by different weaknesses and gaps in the privacy control, usage or lacking encryption. „ „ Source: Poller, Andreas. Privatsphärenschutz in Soziale-Netzwerke-Plattformen. Fraunhofer Institut für Sichere Informationstechnologie SIT. September 23, 2008, Available: http://www.sit.fraunhofer.de/Images/SocNetStudie_Deu_Final_tcm105-132111.pdf Andreas Poller and Dr. Thorsten Henkel, Fraunhofer Institut
26. 1. Require too much private information 2. Pseudonyms are not supported 3. Communication is not encrypted 4. Concept avoids privacy protection 5. Privacy options not implemented 6. Access of confidential multimedia files outside of platform 7. Resignation process complicated or difficult to find 8. Incomplete deletion of private data Social Networks Privacy Protection. Fraunhofer Institute. Source: Poller, Andreas. Privatsphärenschutz in Soziale-Netzwerke-Plattformen. Fraunhofer Institut für Sichere Informationstechnologie SIT. September 23, 2008, Available: http://www.sit.fraunhofer.de/Images/SocNetStudie_Deu_Final_tcm105-132111.pdf
27. 1. Data must be Fairly and lawfully processed. 2. Processed for limited purposes. 3. Adequate, relevant and not excessive. 4. Accurate. 5. Not kept longer than necessary. 6. Processed in accordance with the data subject's rights. 7. Secure. 8. Not transferred to countries without adequate protection. Private Sphere and Privacy Directive 95/46/EC of the European Parliament. Source: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal. L 281, November 23, 1995, P. 0031 – 0050, Available: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
28. Source: Eggert, Eric. Bye, bye, StudiVZ. (Update). November 26, 2006. Available: http://yatil.de/Weblog/bye-bye-studivz Social Networks Community Response against StudiVz Marketing. 2006.
32. HelloWorld Comparison Email, Browser, Social Networks AOL Browser versus Mozilla Firefox Microsoft Hotmail versus Mozilla Thunderbird Social Network versus HelloWorld Network
33. 1. Decentralized Network and Data Storage. 2. Encryption and Privacy Settings per Default 3. Open Source and Open Standards (OpenID, OpenSocial) 4. Informational self-determination / User regain Control over Image/Representation. 5. Security / Expiration of Data. 6. Modularity, Scalability 7. Mobile, Customizable, User Friendly HelloWorld Goals and Objectives
34. 1. Social Network Analyis. Students: Florian Moritz and Christoph Gerstle (Summer Semester 2006) 2. MashUp/ Social Network Analyis. Cease-and-Desist Letter by StudiVz Students: Boris Hasselmann and Thomas Overbeck (Winter Semester 2006 /2007) 3. HelloWorld / OpenSocial / OpenID. Students: Markus Ackermann, Krister Hymon, Benjamin Ludwig, and Kai Wilhelm (Summer Semester 2007) 4. HelloWorld / Android. Students: Artur Friesen, Kok-Chee Lim, Julian Weigle, Tobias Schröter (Winter Semester 2007/2008) HelloWorld Project History
35. 1. Based on HelloWorld framework 2. Designed for social communication 3. Encrypted data layer / Privacy Enhancing 4. Web file system (P2P, email, HTTP, FTP, SSH ) 5. Platform independent (Java, Mozilla) 6. Portable App / Social on USB 7. Identity and password management HelloWorld Social. Firefox Extension.
41. Professor Hendrik Speck contact (at) hendrikspeck [dot] com University of Applied Sciences Kaiserslautern Information Architecture Lab Amerikastrasse 1 66482 Zweibrücken Tel: +49 6332 914 360 Skype: hendrikspeck
42. License Information. You are free to share (to copy, distribute and transmit the work) and to remix (to adapt the work) under the following conditions: Attribution. (You must attribute the work in the manner specified by the author or licensor but not in any way that suggests that they endorse you or your use of the work) Share Alike. (If you alter, transform, or build upon this work, you may distribute the resulting work only under the same, similar or a compatible license.) Conclusion Attribution-ShareAlike 3.0 Unported. License Information.