Enhance Collaborative Privacy Management in Photo Sharing
Problem Summary
In the realm of online social networks, photo sharing involves multiple stakeholders whose privacy needs to be collaboratively managed. Collaborative privacy management in photo sharing requires fine-grained control, context-aware enforcement, and scenario-based policies to protect user privacy effectively.
Rationale
Existing privacy controls are too coarse-grained and do not adequately protect individual elements within shared photos. Users need more intuitive and automated systems to manage their privacy effectively without significant effort.
Solution
Enhance privacy protection in social networks by providing more detailed, context-aware, and collaborative privacy controls for photo sharing.
Shu, Zheng and Hui [1] proposed Cardea, a context-aware visual privacy protection system designed for photos taken and shared via mobile and wearable devices. It protects visual privacy based on user-specified preferences related to location, scene, presence of others, and hand gestures. Cardea can be integrated into camera apps and social media platforms to enforce privacy measures such as blurring faces automatically.
Li et al. [2] presented HideMe, a framework for privacy-preserving photo sharing on social networks. It allows users to set scenario-based privacy policies, automatically blurring faces based on user-defined conditions such as time, location, and relationships. HideMe includes a distance-based algorithm to protect bystanders' privacy and an efficient face-matching algorithm to reduce system overhead. HideMe prototype is available at GitHub: https://github.com/HideMe2018/HideMe.
Vishwamitra et al. [3] proposed a PII-based Multiparty Access Control (PMAC) model to address the privacy concerns in photo sharing on Online Social Networks (OSNs). This model enables fine-grained control over Personally Identifiable Information (PII) within shared photos. The PMAC model includes a policy specification scheme and a policy enforcement mechanism, allowing multiple users to manage access to their PII items collaboratively.
Lin et al. [4] presented a mechanism called REMIND to estimate the risk of privacy breaches when sharing images on social networks. REMIND uses a probabilistic model to evaluate the likelihood of unwanted image disclosure based on various factors, including user behaviour and image content. If the computed probability indicates a high risk of privacy breach, the image owner is reminded to help revise privacy settings and harmonise policies for multi-owner images.
Platforms: personal computers, mobile devices
Related guidelines: Implement Collaborative Privacy Management for Shared Data in Social Networks
Example
![Cardea privacy preference setting interface and Privacy protection example <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/cardea.jpg)
Cardea privacy preference setting interface and Privacy protection example [1]. (See enlarged)
![Cardea privacy preference setting interface and Privacy protection example <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/cardea.png)
Use cases
- Providing users with the ability to control their own privacy settings in shared photos.
- Allowing multiple users to manage privacy settings for shared photos collaboratively.
Pros
- The integrated system demonstrates an 86% overall accuracy in protecting privacy, indicating promising potential for context-aware visual privacy protection [1]. Evaluations show that solutions like HideMe [2] effectively maintain privacy while ensuring system efficiency. A prototype implementation on Facebook underscores the feasibility and practicality of enhancing user privacy controls [3]. Additionally, models such as REMIND [4] can be seamlessly applied to various types of co-owned or co-managed content in online social networks, extending beyond just images.
Cons
- Integrating mechanisms like Cardea into existing camera apps and social media platforms requires significant development effort and cooperation from platform providers [1].
Privacy Choices
This guideline aligns more closely with the design space for privacy choices. This alignment is due to its focus on user control, dynamic settings, and collaborative management, which are core aspects of meaningful privacy choices [5].
- Contextualised
It supports context-specific privacy settings that adjust based on the situation, such as location, time, and presence of others. This allows users to specify different privacy preferences for various contexts.
- Multiple choices
The guideline emphasises providing users with multiple options for managing privacy, such as deciding who can view different PII items within a photo (e.g., faces, body parts).
- On-demand
Users can access and modify their privacy settings anytime, providing flexibility and control over their privacy preferences.
- Context-aware
The guideline supports the implementation of dynamic privacy settings based on the context, such as during photo capture or sharing, ensuring timely and relevant privacy decisions.
- Just in time
Privacy choices are presented at relevant moments, such as when uploading or sharing a photo, allowing users to make decisions just in time.
- Combined
The guideline suggests leveraging multiple modalities, such as visual and possibly auditory feedback, to ensure users are well-informed and can manage their privacy effectively.
- Visual
The guideline promotes clear visual interfaces to help users navigate and set their privacy preferences.
- Enforcement
Discussed solutions include mechanisms to enforce users' privacy decisions, ensuring that preferences are respected and applied. For example, in Cardea [1], the enforcement is handled through the integration of camera apps and social media platforms.
- Presentation
Privacy choices always have a presentation that involves a system providing clear and easily understandable information to users about potential data practices, available options, and how to communicate privacy decisions, often incorporating multiple components and integrating with related privacy notices, requiring careful consideration of design dimensions such as timing, channel, and modality [4]. The solutions presented in this guideline resort to displaying privacy options in an understandable manner and user-friendly interfaces.
- Secondary
For more detailed privacy management, secondary channels like mobile apps or websites can be used to provide comprehensive privacy settings options.
- Primary
Privacy settings are integrated directly into social media platforms and photo-sharing applications, allowing users to manage their privacy within the primary interface.
Control
The guideline gives users control [6] over who can view different Personally Identifiable Information (PII) items within shared photos. It highlights the importance of user-defined privacy preferences and scenario-based privacy policies. Other related privacy attributes:
The guideline includes measures like blurring faces to protect individual privacy, contributing to pseudonymisation efforts within shared photos.
References
[1] Jiayu Shu, Rui Zheng, and Pan Hui (2018). Cardea: context-aware visual privacy protection for photo taking and sharing. In Proceedings of the 9th ACM Multimedia Systems Conference (MMSys '18). Association for Computing Machinery, New York, NY, USA, 304–315. https://doi.org/10.1145/3204949.3204973
[2] Fenghua Li, Zhe Sun, Ang Li, Ben Niu, Hui Li, and Guohong Cao (2019). HideMe: Privacy-Preserving Photo Sharing on Social Networks. In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, Paris, France, 2019, pp. 154-162. https://doi.org/10.1109/INFOCOM.2019.8737466
[3] Nishant Vishwamitra, Yifang Li, Kevin Wang, Hongxin Hu, Kelly Caine, and Gail-Joon Ahn (2017). Towards PII-based Multiparty Access Control for Photo Sharing in Online Social Networks. In Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies (SACMAT '17 Abstracts). Association for Computing Machinery, New York, NY, USA, 155–166. https://doi.org/10.1145/3078861.3078875
[4] Dan Lin, Douglas Steiert, Joshua Morris, Anna Squicciarini, and Jianping Fan (2019). REMIND: Risk Estimation Mechanism for Images in Network Distribution. In IEEE Transactions on Information Forensics and Security, vol. 15, pp. 539-552, 2020 https://doi.org/10.1109/TIFS.2019.2924853
[5] Yuanyuan Feng, Yaxing Yao, and Norman Sadeh (2021). A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3411764.3445148
[6] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288