17/06/2019 – Talk: “Privacy Policies For Social Networks: A Formal Approach” By Raúl Pardo

Raúl Pardo will present his work on privacy policies for social networks. Details below.


Raúl Pardo, Postdoc, ITU.


Privacy Policies for Social Networks: A Formal Approach


As the use of Online Social Networks (OSNs) increases, privacy breaches keep pace with this growth. One reason is that users are unable to effectively manage the privacy settings (also known as privacy policies) that the platform offers. Often privacy policies are too coarse-grained, which forces users to unnecessarily restrict the audience of the data or to share it with more people than they intend to. Another problem is that users cannot control the audience of their information when it is uploaded by other users. For instance, when a picture contains several people, only the user uploading the picture can set the audience.

In this talk, I will give an overview of a formal framework to express fine-grained privacy privacy policies for OSNs. In this framework users specify who can know their data, e.g., “Nobody can know my location”. Note that in this policy the user defines the audience of her data; independently of who uploaded the data. I also introduce the notion of evolving privacy policies, i.e., policies that change depending on time and events, for instance, “my location can be disclosed at most 3 times per day”. We have used this framework to formally model the privacy settings of Facebook and Twitter and prove under which conditions users’ privacy is preserved. I will show how to combine data and privacy policies by means of Attribute-based Encryption. Thus, preventing inconsistencies between policies in distributed OSNs. For each type of privacy policy I will show a prototype implementation in the open source OSN Diaspora.