Archive for the ‘Social aspects’ Category

WSJ: many Facebook apps transmit user IDs to advertising and tracking companies

Sunday, October 17th, 2010

This Wall Street Journal article says that many of the most popular of the 550,000 Facebook apps (!) have been transmitting identifying information about users and their friends to dozens of advertising and Internet tracking companies.

“The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

Defenders of online tracking argue that this kind of surveillance is benign because it is conducted anonymously. In this case, however, the Journal found that one data-gathering firm, RapLeaf Inc., had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms, the Journal found.

RapLeaf said that transmission was unintentional. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf.”

Update: Facebook responds.

New Facebook Groups Considered Somewhat Harmful

Thursday, October 7th, 2010

I always think of things I should have added in the hour after making a post. Sigh. Here goes…

The situation is perhaps not so different from mailing lists, Google groups or any number of similar systems. I can set up one of those and add people to them without their consent — even people who are are not my friends. Even people whom I don’t know and who don’t know me. Such email-oriented lists can also have public membership lists. The only check on this is that most mailing lists frameworks send a notice to people being added informing them of the action. But many frameworks allow the list owner to suppress such notifications.

But still, Facebook seems different, based on the how the rest of it is configured and on how people use it. I believe that a common expectation would be that if you are listed as a member of an open or private group, that you are a willing member.

When you get a notification that you are now a member of the Facebook group Crazy people who smell bad, you can leave the group immediately. llBut we have Facebook friends, many of them in fact, who only check in once a month or even less frequently. Notifications of their being added to a group will probably be missed.

Facebook should fix this by requiring that anyone added to a group confirm that they want to be in the group before they become members. After fixing it, there’s lots more that can be done to make Facebook groups a powerful way for assured information sharing.

How the DC Internet voting pilot was hacked

Wednesday, October 6th, 2010

University of Michigan professor J. Alex Halderman explains how his research group compromised the Washington DC online voting pilot in his blog post, Hacking the D.C. Internet Voting Pilot.

“The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they’ve invited the public to evaluate the system’s security and usability. … Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.”

The problem was a shell-injection vulnerability that involved the procedure used to upload absentee ballots. Halderman concludes

“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I’m confident that we would have found another way to attack the system.”

Facebook Browser gets a low F1-score in my book

Sunday, September 12th, 2010

Facebook has rolled out Facebook Browser as what sounds like a simple and effective idea — recommend pages based on on a user’s country and social network. My impression is mixed, however. While I like it’s top recommendation for me, I am already a fan. It’s suggestions for the celebrities category are a bust — Rush Limbaugh, Glenn Beck, Michelle Malkin, Mark Levin, Red Green and Bill O’Reilly. And Movies? Don’t even go there! Maybe it’s trying to tell me I need a new set of friends? Inside Facebook summarizes Facebook Browser this way:

“Facebook has launched a new way to “Discover Facebook’s Popular Pages” called Browser. It shows icons of Pages that are popular in a user’s country, but factors in which Pages which are popular amongst their unique friend network. When the Page icons are hovered over they display a Like button. Browser could cause popular Pages to get more popular, widening the gap between them and smaller Pages, similar to the frequently criticized and since abandoned Twitter Suggested User List.”

I think the idea is sound, though, and I like my Facebook friends. So, my conclusion is that Facebook needs to tweak the algorithm.

An ontology of social media data for better privacy policies

Sunday, August 15th, 2010

Privacy continues to be an important topic surrounding social media systems. A big part of the problem is that virtually all of us have a difficult time thinking about what information about us is exposed and to whom and for how long. As UMBC colleague Zeynep Tufekci points out, our intuitions in such matters come from experiences in the physical world, a place whose physics differs considerably from the cyber world.

Bruce Schneier offered a taxonomy of social networking data in a short article in the July/August issue of the IEEE Security & Privacy. A version of the article, A Taxonomy of Social Networking Data, is available on his site.

“Below is my taxonomy of social networking data, which I first presented at the Internet Governance Forum meeting last November, and again — revised — at an OECD workshop on the role of Internet intermediaries in June.

  • Service data is the data you give to a social networking site in order to use it. Such data might include your legal name, your age, and your credit-card number.
  • Disclosed data is what you post on your own pages: blog entries, photographs, messages, comments, and so on.
  • Entrusted data is what you post on other people’s pages. It’s basically the same stuff as disclosed data, but the difference is that you don’t have control over the data once you post it — another user does.
  • Incidental data is what other people post about you: a paragraph about you that someone else writes, a picture of you that someone else takes and posts. Again, it’s basically the same stuff as disclosed data, but the difference is that you don’t have control over it, and you didn’t create it in the first place.
  • Behavioral data is data the site collects about your habits by recording what you do and who you do it with. It might include games you play, topics you write about, news articles you access (and what that says about your political leanings), and so on.
  • Derived data is data about you that is derived from all the other data. For example, if 80 percent of your friends self-identify as gay, you’re likely gay yourself.”

I think most of us understand the first two categories and can easily choose or specify a privacy policy to control access to information in them. The rest however, are more difficult to think about and can lead to a lot of confusion when people are setting up their privacy preferences.

As an example, I saw some nice work at the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks on “Collaborative Privacy Policy Authoring in a Social Networking Context” by Ryan Wishart et al. from Imperial college that addressed the problem of incidental data in Facebook. For example, if I post a picture and tag others in it, each of the tagged people can contribute additional policy constraints that can narrow access to it.

Lorrie Cranor gave an invited talk at the workshop on Building a Better Privacy Policy and made the point that even P3P privacy policies are difficult for people to comprehend.

Having a simple ontology for social media data could help us move forward toward better privacy controls for online social media systems. I like Schneier’s broad categories and wonder what a more complete treatment defined using Semantic Web languages might be like.

Papers with more references are cited more often

Sunday, August 15th, 2010

The number of citations a paper receives is generally thought to be a good and relatively objective measure of its significance and impact.

Researchers naturally are interested in knowing how to attract more citations to their papers. Publishing the results of good work helps of course, but everyone knows there are many other factors. Nature news reports on research by Gregory Webster that analyzed the 53,894 articles and review articles published in Science between 1901 and 2000.

The advice the study supports is “cite and you shall be cited”.

A long reference list at the end of a research paper may be the key to ensuring that it is well cited, according to an analysis of 100 years’ worth of papers published in the journal Science.
     The research suggests that scientists who reference the work of their peers are more likely to find their own work referenced in turn, and the effect is on the rise, with a single extra reference in an article now producing, on average, a whole additional citation for the referencing paper.
     ’There is a ridiculously strong relationship between the number of citations a paper receives and its number of references,” Gregory Webster, the psychologist at the University of Florida in Gainesville who conducted the research, told Nature. “If you want to get more cited, the answer could be to cite more people.’

A plot of the number of references listed in each article against the number of citations it eventually received reveal that almost half of the variation in citation rates among the Science papers can be attributed to the number of references that they include. And — contrary to what people might predict — the relationship is not driven by review articles, which could be expected, on average, to be heavier on references and to garner more citations than standard papers.

Creating more secure cloud computing environments

Saturday, July 10th, 2010


The Air Force recently highlighted some of our AISL MURI research done at the University of Texas in Dallas on developing solutions for maintaining privacy in cloud computing environments.

The work is part of a three year project funded by the Air Force Office of Scientific Research aimed at understanding the fundamentals of information sharing and developing new approaches to making it easier to do so securely.

Dr. Bhavani Thuraisingham has put together a team of researchers from the UTD School of Management and its School of Economics, Policy and Political Sciences to investigate information sharing with consideration to confidentiality and privacy in cloud computing.

“We truly need an interdisciplinary approach for this,” she said. “For example, proper economic incentives need to be combined with secure tools to enable assured information sharing.”

Thuraisingham noted that cloud computing is increasingly being used to process large amounts of information. Because of this increase, some of the current technologies are being modified to be useful for that environment as well as to ensure security of a system.

To achieve their goals, the researchers are inserting new security programming directly into software programs to monitor and prevent intrusions. They have provided additional security by encrypting sensitive data that is not retrievable in its original form without accessing encryption keys. They are also using Chinese Wall, which is a set of policies that give access to information based on previously viewed data.

The scientists are using prototype systems that can store semantic web data in an encrypted form and query it securely using a web service that provides reliable capacity in the cloud. They have also introduced secure software and hardware attached to a database system that performs security functions.

Assured information sharing in cloud computing is daunting, but Thuraisingham and her team are creating both a framework and incentives that will be beneficial to the Air Force, other branches of the military and the private sector.

The next step for Thuraisingham and her fellow researchers is examining how their framework operates in practice.

“We plan to run some experiments using online social network applications to see how various security and incentive measures affect information sharing,” she said.

Thuraisingham is especially glad that AFOSR had the vision to fund such an initiative that is now becoming international in its scope.

“We are now organizing a collaborative, international dimension to this project by involving researchers from Kings College, University of London, University of Insubria in Italy and UTD related to secure query processing strategies,” said AFOSR program manager, Dr. Robert Herklotz.

ICWSM best paper award for work on study of online social dynamics

Thursday, July 1st, 2010

A paper by AISL CO-PI Lada Adamic and her students received a best paper award from the Fourth International Conference on Weblogs and Social Media. The paper studied how online social structures effected economic activity in Second Life, a massively multiplayer virtual world that allows its users to create and trade virtual objects and commodities.

The rise of online social environments like Second Life are important for information sharing for two reasons. First, the provide researchers with an opportunity to easily collect vast amounts of data about the behavior of real people. Such data is invaluable in developing and testing new models to better understand the factors that underlie information sharing behavior. Second, online social environments have become an important way that people interact to share information. Understanding how they work and can be better managed is important.

Dr. Adamic and her students estimated the strength of social ties in Second Life using the frequency of chatting between pairs of users. They found that free items are more likely to be exchanged as the strength of the tie increases and that social ties particularly play a significant role in paid transactions for sellers with a moderately sized customer base. They also developed a novel method of visualizing the transaction activities.

Eytan Bakshy, Matthew Simmons, David Huffaker, ChunYuen Teng, Lada Adamic, The Social Dynamics of Economic Activity in a Virtual World, Fourth International AAAI Conference on Weblogs and Social Media, May 2010.

This paper examines social structures underlying economic activity in Second Life (SL), a massively multiplayer virtual world that allows users to create and trade virtual objects and commodities. We find that users conduct many of their transactions both within their social networks and within groups. Using frequency of chat as a proxy of tie strength, we observe that free items are more likely to be exchanged as the strength of the tie increases. Social ties particularly play a significant role in paid transactions for sellers with a moderately sized customer base. We further find that sellers enjoying repeat business are likely to be selling to niche markets, because their customers tend to be contained in a smaller number of groups. But while social structure and interaction can help explain a seller’s revenues and repeat business, they provide little information in the forecasting a seller’s future performance. Our quantitative analysis is complemented by a novel method of visualizing the transaction activity of a seller, including revenue, customer base growth, and repeat business.

How lotteries like Spain’s El Gordo enhance social ties

Monday, January 4th, 2010

The economist has an article, Gamblers united, on Spain’s lotteries, like El Gordo (“the Fatty”) will will pay out €2.3 billion this year. What I found interesting is that this and other Spanish lotteries are events that enhance social ties.

“Loterías y Apuestas del Estado, the government agency that runs El Gordo and other lotteries during the year, encourages mass participation by dividing each €200 ticket into décimos, or tenths, which sell for €20. This, in turn, allows players to improve their odds by buying small shares in many tickets, often by forming syndicates with friends and colleagues. … All this has transformed the lottery from a glorified tax on the poor, as it is in most countries, into part of the social fabric. Sharing tickets at Christmas has become a way to reinforce social ties, says Roberto Garvía, a visiting professor at Georgetown University. The practice of forming syndicates, which initially started in the 19th century when lottery tickets became too expensive for working-class folk, has become a tradition among all classes. As one banker says, “I don’t want to be the only idiot who has to turn up to work if the office number wins.”

DDOS on twitter, facebook and livejournal

Thursday, August 6th, 2009

It will be interesting to see what comes from today’s DDOS attacks on twitter, facebook and liveJournal. It is certainly a show of strength from whoever controls the botnets that launched the attacks. We can only assume that three three are from the same source or at lease related sources. Some sources:

Was it a test? Demonstration? Preparation for extortion (Nice little Internet you got there. Shame if something happened to it.)?