Problem Summary

Managing multiparty privacy in online social networks (OSNs) is crucial due to the collaborative nature of data sharing. The main challenges stem from multiple users, which may have conflicting privacy preferences.

Rationale

Ensuring that all co-owners have a say in how shared content is handled and that diverse privacy preferences are accommodated by addressing the complexities and conflicts that arise from co-owned data.

Solution

To develop systems that enable collaborative privacy settings by leveraging mechanisms such as conflict detection and resolution, consensus-based decision-making or automated conflict resolution, aiming to respect all co-owners privacy needs.

Squicciarini, Xu, and Zhang [1] introduced CoPE, a tool designed to enable collaborative privacy management in Online Social Networks (OSNs). Recognising that users often co-own and co-manage data like photos, the authors extend traditional access control mechanisms to include collaborative content management. CoPE allows content owners to invite tagged users (co-owners) to jointly manage shared content, specifying who can view, modify, or comment on the data. Implemented as a Facebook application, CoPE addresses privacy concerns through features like notifications, co-ownership requests, and access management.

Hu, Ahn, and Jorgensen [2] propose a systematic mechanism to detect and resolve privacy conflicts in collaborative data sharing. Their approach includes specifying multiparty privacy policies, detecting conflicts through accessor space segmentation, and resolving conflicts by balancing privacy risks and sharing losses. They implemented a proof-of-concept prototype, Retinue, as a Facebook application, demonstrating the feasibility and practicality of their approach through system evaluation and a user study.

Ratikan and Shikida [3] propose a Collective Privacy Protection (CPP) approach that balances sharing and privacy through a majority vote system. The owner of shared content creates a privacy policy, and co-owners vote on whether to accept it. If any co-owner rejects, their privacy concerns are prioritised. The system detects and resolves privacy conflicts by considering social relationships and preferences.

Such and Criado [4] proposed a computational mechanism to resolve these conflicts by merging individual privacy preferences into a single policy. The mechanism adapts to different situations by modelling users' willingness to make concessions. It detects conflicts by comparing privacy policies and suggests solutions based on user preferences, item sensitivity, and the importance of the conflicting users.

Fang et al. [5] introduced the concept of "dislike relation", where users may not want their relationships inferred from shared items. The proposed solution uses a communication-intensity-based scheme to measure social intimacy between visitors and co-owners, enabling more nuanced access control. By calculating social intimacy through factors like effective communication, communication popularity, and emotional tendency, the scheme helps decide which co-owners images should be visible to visitors.

Akkuzu, Aziz, and Adda [6] proposed a process that uses consensus-reaching and trust values among decision-makers. The framework employs the Extended Induced Ordered Weighted Averaging (EIOWA) technique to incorporate trust values into the decision-making process, ensuring decisions respect the privacy preferences of all co-owners. The authors develop three algorithms for consensus-reaching and implement the framework in a prototype called Trusty.

Muhammad and Ahmad [7] propose a collaborative sharing model for multiparty data in OSNs. The model integrates joint sharing principles, multiparty authorisations, and a joint-ownership policy enforcement mechanism. It features a fine-grained automated conflict resolution method for shared objects. Formal verification is performed through Petri-nets and ontologies, and a Facebook application called “Safe-Sharing” is developed as a proof of concept.

Hu, Ahn, and Jorgensen [8] propose a multiparty access control (MPAC) model. The MPAC model protects shared data associated with multiple users by capturing the core features of multiparty authorisation requirements. The authors introduce a policy specification scheme and a policy enforcement mechanism, along with a logical representation of the access control model that leverages existing logic solvers for analysis. Their approach includes conflict resolution mechanisms, such as voting schemes and sensitivity scores, to handle authorisation and privacy conflicts. The paper provides a proof-of-concept implementation within Facebook and evaluates its feasibility and usability.

Mosca and Such [9] introduced ELVIRA, an agent designed to address multiuser privacy conflicts (MPCs) in OSNs by considering both the utility and moral values of users. ELVIRA's key features include role-agnosticism, adaptability, utility- and value-driven decision-making, and explainability. It supports a collaborative resolution of MPCs by identifying optimal sharing policies that balance individual utility gains and moral values. The agent explains its recommendations using argumentation, ensuring users understand the reasoning behind suggested actions.

Squicciarini, Shehab, and Wede [10] addressed the challenge of managing collective privacy settings for shared content in OSNs using game theory. It proposes a mechanism based on the Clarke-Tax approach to model and enforce collective privacy policies. The proposed solution promotes truthfulness and rewards users who support co-ownership, using automated ways to share images and a simple voting scheme. The framework is integrated with inference techniques to reduce the burden on users for manual privacy preference selection. A proof-of-concept application on Facebook demonstrated the feasibility and minimal overhead of this approach.

Platforms: personal computers, mobile devices

Related guidelines: Enhance Collaborative Privacy Management in Photo Sharing

Example

Retinue prototype - A controller (co-owner) can select trusted groups, assign trust levels, and choose the photo's sensitivity while the interface displays privacy risk and sharing loss [2]. (See enlarged)

Safe-Sharing Facebook application prototype - posts that are co-owned by a user [7]. (See enlarged)

• User studies and experimental setups consistently demonstrate positive reception and a high potential for adopting collaborative privacy tools. These studies highlight the effectiveness of the proposed methods in managing privacy conflicts, balancing data sharing with privacy protection, and outperforming existing approaches. Evaluations indicate high user acceptance, feasibility, and practicality in various contexts, with users appreciating the fairness and utility-value trade-offs offered by the systems [1][3][4][5][6][7][8][9][10].

• There is potential user collusion in the context of enforcing collective privacy preferences, and the system must include features to account for that [1][8][9][10].
• Although the method of considering individual privacy preferences, item sensitivity, and the relative importance of the target for resolving multiparty privacy conflicts shows promising accuracy, it does not account for all factors. For example, the strength of relationships among negotiators can also influence their willingness to concede during negotiations. Therefore, future research should explore additional factors that could affect privacy concessions to enhance the effectiveness of the proposed solutions [4].
• The problems related to collaborative privacy management present long-term challenges that go beyond technical design and implementation. These challenges involve modelling relationships in social networks, understanding user profiles and stakeholders, and developing privacy control mechanisms for all potential cases of collaborative sharing that could arise. This indicates that while technical solutions are crucial, the broader social and relational dynamics within social networks also need to be addressed to manage collaborative privacy​​​​​ [1].

This guideline discusses solutions aligned with the design space of privacy choices [11].

The guideline focuses on enabling multiple users to jointly manage privacy settings for shared content, ensuring that all co-owners have a say in how their data is shared and protected. This directly aligns with the attribute of Control [12], as it emphasises users' ability to influence the handling of their data actively.