社交媒体中“隐私悖论”解构:基于隐私态度与隐私行为的实证研究

随着网络社交媒体的普及，用户数据隐私披露和保护之间的矛盾日益凸显，这种现象被称为隐私悖论。文中以大学生在社交媒体中的隐私关注情况为研究对象，通过对隐私态度、隐私行为、感知风险和隐私悖论之间关系的研究，认为大学生用户对网络社交平台的信任感较高，导致隐私感知风险较低。为了更好地保护用户数据隐私，文中从国家、平台和个人3个层面提出了对策建议。     

网络健康社区的用户隐私问题研究

Web 2.0时代信息更加开放,但是却隐藏着网络信息隐私泄露的风险。文章分析了网络健康社区的用户隐私内容和用户隐私泄露的方式,最终提出一种综合的用户隐私保护方案,从法律、技术、个人隐私保护意识3方面着手加强用户隐私保护。     

网络隐私泄露容忍度与运营商的隐私保护实践

为帮助电信运营商更合理的利用用户信息资源、有的放矢的保护用户隐私,文章借鉴风险容忍度的理论研究提出网络隐私泄露容忍度的概念,并采用调查问卷法对网络隐私泄露容忍度进行了测量。依据测量结果与文章对国内外网络隐私保护举措和现状的梳理归纳,为电信运营商构建安全、高效的信息管理体系提供了实践建议。电信运营商应充分了解用户的网络隐私泄露容忍底线,适当、合理的进行数据挖掘,同时采取企业自律、多重安全技术手段、广泛的用户宣导等多种措施来严守用户的隐私安全。     

基于公开信息的社交网络隐私泄露

针对社交网络公开信息提出了一种隐私信息推测算法,通过对用户的好友关系网络进行社区发现,利用社区内一部分好友公开信息推测其他好友隐私信息。实验表明,该算法只需利用少量公开信息就能以较高的准确率推测出其他用户大量的隐私信息。     

移动互联网用户隐私信息检测保护技术研究及应用

智能终端及应用作为“大连接”中的重要节点和业务载体，直接或间接接触大量用户敏感隐私信息，近年来，App强制授权、过度索权、超范围收集个人信息的现象大量存在， 违法违规使用个人信息的问题十分突出，用户隐私泄露的情况愈演愈烈，安全及隐私问题引发社会广泛关注。本论文根据不同源头的APP隐私安全风险全面梳理排查，创新提出“静态权限检测+动态行为特征+网络DPI智能分析”的隐私信息检测防护技术体系，实现了敏感权限智能分析、违规索权动态监控、隐私泄露探测预警、敏感信息深度追踪，确保移动应用APP安全、可信、可控，保障了业务单位和用户隐私安全权益。     

隐私计算研究范畴及发展趋势

随着移动互联网、云计算和大数据技术的广泛应用,电商、搜索、社交网络等服务在提供便利的同时,大数据分析使用户隐私泄露的威胁日益凸显,不同系统隐私保护策略和能力的差异性使隐私的延伸管理更加困难,同一信息的隐私保护需求随时间变化需要多种隐私保护方案的组合协同。目前已有的各类隐私保护方案大多针对单一场景,隐私缺乏定量化的定义,隐私保护的效果、隐私泄露的利益损失以及隐私保护方案融合的复杂性三者之间的关系刻画缺乏系统的计算模型。因此,在分析隐私保护研究现状的基础上,提出隐私计算的概念,对隐私计算的内涵加以界定,从隐私信息的全生命周期讨论隐私计算研究范畴,并从隐私计算模型、隐私保护场景适应的密码理论、隐私控制与抗大数据分析的隐私保护、基于信息隐藏的隐私保护以及支持高并发的隐私保护服务架构等方面展望隐私计算的发展趋势。     

社交媒体“隐私悖论”下隐私再定义

社交媒体时代,用户在社交平台的隐私披露与用户对隐私外泄的担忧形成了"隐私悖论"。从用户视角来看,"隐私悖论"的出现与社交媒体用户的"取"与"舍"密不可分,用户基于隐私披露"回报"即时性与隐私泄露风险或然性的权衡。本研究在归因分析的基础上,发现隐私概念的演变,将原有隐私"被公开"发展至"信息控制"才是破解"隐私悖论"的密码。     

移动互联网服务的隐私保护机制

探讨了考虑背景信息的位置和查询隐私保护方案,如基于背景信息的虚假位置k-匿名方案、同时保护位置和兴趣的隐私保护方案、基于交互的隐私保护方案,还探讨了基于用户隐私链拆分的实名认证和身份隐私保护策略;认为在避免可信第三方参与,敌手能够获取到背景信息的前提下,能够实现对用户身份、位置和查询隐私的保护,达到信任机制和隐私保护的有机结合将是未来隐私保护发展的趋势。     

基于多变量信源编码的隐私效用均衡方法

在大数据时代,数据提供者需要保证自身隐私,数据分析者要挖掘数据潜在价值,寻找数据隐私性与数据可用性间的均衡关系成为研究热点。现有方法多数关注隐私保护方法本身,而忽略了隐私保护方法对数据可用性的影响。在对隐私效用均衡方法研究现状分析的基础上,针对数据集中不同公开信息对隐私保护需求不同的问题,提出基于多变量信源编码的隐私效用均衡方法,并给出隐私效用均衡区域。分析表明,隐私信息与公开信息的关联度越大,对公开信息扰动程度的增加会显著提高隐私保护效果。同时,方差较大的变量对应的公开信息,可选择较小的扰动,确保公开信息可用性较大。     

一种提供虚拟数据增强Android安全性的方法

文章对Android权限机制进行研究,通过分析其中存在的问题,设计并实现了一个隐私保护模块控制应用程序对用户隐私信息的访问。此隐私保护模块通过提供虚拟数据,使不被用户信任的应用程序获得错误的用户隐私信息,以保护用户隐私信息的安全。     

Towards the creation of a profile of the information privacy aware user through a systematic literature review of information privacy awareness

In today’s Internet reliant services, the issue of users’ information privacy awareness is being raised. Despite the fact that in many cases internet users claim to be cognizant of privacy issues, they tend to jeopardize their privacy and take no actions to protection it. This paper reports a systematic literature review of existing studies related to Internet users’ information privacy awareness, towards enhancing respective initiatives and defining the attributes that a user should have so as to be privacy aware. We created a five-concept classification framework for the research topics that the academic community raises as important to be further investigated and the main challenges inhibiting information privacy awareness, and we classified all the selected papers according to this framework. Based on the analysis of the literature, we identify five main attributes that constitute a “Profile for the Information Privacy Aware User”, stemming from the classification framework, and further, we suggest the way this profile can be beneficial for internet users, Internet providers and designers of privacy awareness enhancing technologies. Additionally, we highlight research gaps and we provide useful insights for future research, such as the need for a concrete definition (theme 1), the need for the proposal of privacy preventive technologies (theme 3 and 4) and the need for investigation of information privacy awareness in multiple contexts (theme 5).     

Understanding user privacy expectations: A software developer’s perspective

Software developers are trained to develop and design software applications that provide services to users. However, software applications sometimes collect users’ data without their knowledge. When applications collect and use users’ data without transparency, this leads to user privacy invasions because users do not expect the application to collect and use these information. Therefore, it is important that software developers understand users’ privacy expectations when designing applications in order to handle user data transparently in software applications. However, due to the lack of systematic approaches to extract user privacy requirements, developers end up designing applications either based on their assumptions on user privacy expectations, or relating to their own expectations of privacy as a user. Nevertheless, how accurate these perceived privacy expectations are against actual user expectations is not currently known. This research focuses on investigating developers’ privacy expectations from a user point of view against users’ privacy expectations. We also investigate developers’ assumptions on user privacy expectations against actual user privacy expectations. Our findings revealed that developers’ assumptions on user privacy expectations are close to their own expectations of privacy from a user point of view and that developers’ privacy expectations from a user point of view are significantly different from actual user privacy expectations. With this understanding, we provide recommendations for software developers to understand and acknowledge user expectations on privacy when they design and develop applications.     

Situational user consent for access to personal Information: Does purpose make any difference?

Privacy literature in recent years has emphasized the role of context and situation in individuals' privacy regulation. While most research is focused on understanding situational effects on self-disclosure, the role of situational factors in users’ decision to consent for third-party access to information, a common practice with significant privacy implications, has been barely investigated. The current study bridges this gap by adopting the framework of situational privacy to examine the effect of the purpose for information collection on participants' consent. An online experiment examined users' consent to allow access to their Facebook profile to an unknown entity, with requests distinguished by the framing of the purpose for collecting information as related to security, commercial or academic research. Contrary to the study’s hypothesis, consent rate was similar between groups and purpose was non-significant in explaining participants’ decisions. Furthermore, in all three groups- compensation amount and general willingness to disclose information explain user consent, regardless of purpose. However, some specific factors significantly correlate with consent in each group separately. The study concludes that due to blurring boundaries and uncertainties regarding real uses of information, when it comes to consent for third-party access, predetermined attitudes and preferences are main factors influencing users’ decisions, thus a situational framework is partly adequate for explaining variations in user consent decisions.     

Privacy self-correlation privacy-preserving scheme in LBS

The prevalence of mobile intelligent terminals gives the location-based service (LBS) more opportunities to enrich mobile users’ lives.However,mobile users enjoy the convenience with the cost of personal privacy.The side information and mobile user’s recent requirement records were considered,which were obtained or stored by the service provider.Based on the existence of recent requirement records,adversary can employ the inference attack to analysis mobile user’s personal information.Therefore,two schemes were proposed,including of basic privacy self-correlation privacy-preserving scheme (Ba-2PS) and enhanced privacy self-correlation privacy-preserving scheme(En-2PS).In En-2PS,the privacy-preserving scheme was designed from two dimensions of aspects of time factor and query region,which increased the uncertainty inferring out the real information.Finally,the privacy analysis was illustrated to proof En-2PS’s privacy degree,then the performance and privacy evaluation results indicate that En-2PS is effective and efficient.     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

Privacy measurement method using a graph structure on online social networks

Recently, with an increase in Internet usage, users of online social networks (OSNs) have increased. Consequently, privacy leakage has become more serious. However, few studies have investigated the difference between privacy and actual behaviors. In particular, users' desire to change their privacy status is not supported by their privacy literacy. Presenting an accurate measurement of users' privacy status can cultivate the privacy literacy of users. However, the highly interactive nature of interpersonal communication on OSNs has promoted privacy to be viewed as a communal issue. As a large number of redundant users on social networks are unrelated to the user's privacy, existing algorithms are no longer applicable. To solve this problem, we propose a structural similarity measurement method suitable for the characteristics of social networks. The proposed method excludes redundant users and combines the attribute information to measure the privacy status of users. Using this approach, users can intuitively recognize their privacy status on OSNs. Experiments using real data show that our method can effectively and accurately help users improve their privacy disclosures.     

The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review

Also known as the privacy paradox, recent research on online behavior has revealed discrepancies between user attitude and their actual behavior. More specifically: While users claim to be very concerned about their privacy, they nevertheless undertake very little to protect their personal data. This systematic literature review explores the different theories on the phenomenon known as the privacy paradox.Drawing on a sample of 32 full papers that explore 35 theories in total, we determined that a user’s decision-making process as it pertains to the willingness to divulge privacy information is generally driven by two considerations: (1) risk-benefit evaluation and (2) risk assessment deemed be none or negligible. By classifying in accordance with these two considerations, we have compiled a comprehensive model using all the variables mentioned in the discussed papers. The overall findings of the systematic literature review will investigate the nature of decision-making (rational vs. irrational) and the context in which the privacy paradox takes place, with a special focus on mobile computing. Furthermore, possible solutions and research limitation issues will be discussed.     

Personalized privacy protection method for group recommendation

To address the problem that most of the existing privacy protection methods can not satisfy the user’s personalized requirements very well in group recommendation,a user personalized privacy protection framework based on trusted client for group recommendation (UPPPF-TC-GR) followed with a group sensitive preference protection method (GSPPM) was proposed.In GSPPM,user’s historical data and privacy preference demands were collected in the trusted client,and similar users were selected in the group based on sensitive topic similarity between users.Privacy protection for users who had privacy preferences in the group was realized by randomization of cooperative disturbance to top k similar users.Simulation experiments show that the proposed GSPPM can not only satisfy privacy protection requirements for each user but also achieve better performance.     

Research progress on location privacy-preserving techniques

While providing plenty of convenience for users in daily life, the increasingly popular location-based ser-vice(LBS) posed a serious threat to users' privacy. The research about privacy-preserving techniques for LBS is becoming a hot spot, and there are a large number of research results. First, background information of privacy protection for LBS was introduced, including application scenarios of LBS, the LBS framework, objects of privacy protection and system architectures of privacy protection. Second, adversary models and metrics for privacy protection in LBS was discussed. Third, four types of privacy-preserving techniques based on generalization and obfuscation for LBS were analyzed and summarized thoroughly. Finally, the potential research directions for privacy-preserving techniques for LBS in the future were shown.     

Home IoT resistance: Extended privacy and vulnerability perspective

Home Internet of Things (IoT) services are expected to augment the efficiency and comfort of users’ daily lives; however, this expectation is eclipsed by concerns regarding privacy and vulnerability. While these concerns critically impact the acceptance of IoT services for the home, they have been discussed primarily from a traditional point of view; academic discussions of privacy and vulnerability in the current environment are lacking. This study extends existing privacy and vulnerability theories to demonstrate the importance of physical privacy and user vulnerability protections in home IoT environments. To validate the proposed research model, an empirical analysis was conducted on 265 samples with a partial least squares structural equation modeling technique. The differences in vulnerability factors, along with privacy concerns and resistance to home IoT services, were also compared by gender, experience, and type of housing. Results show that user vulnerability has the strongest impact on home IoT privacy concerns and resistance to home IoT environments. Additionally, this study found that personal factors appear differently across vulnerabilities, privacy concerns, and home IoT resistance. This study extends the traditional concepts of privacy and vulnerability to the home IoT environment.