Design and Development of a Facebook Application to Raise Privacy Awareness

Abstract

Everyday people upload a large number of private pictures on online social networks (OSNs). Users trust OSNs to keep their pictures private, e.g. by making them available to their social friends only. Unfortunately, OSN security controls are not always strong enough and malicious people may exploit these weaknesses to potentially see any user's private pictures. It might even possible to access private photos posted on an OSN without circumventing its security policies. In fact, users sometimes add to their social circles acquaintances, recently met people, which might not be completely trusted. Furthermore, they occasionally allow third-party applications to access their pictures. These conditions imply that, to keep their photos private, users must trust all the security controls implemented by OSNs and all of their social friends (and how they interact with third-party applications). Actually, there are some situations in which these assumptions are not met and some data that users believed to be private might also be accessed by unknown people. The goal of this paper is to raise awareness on the problem of privacy of online pictures and to have OSN users think more carefully about how they use third-party applications and how they choose their friends online. To this end, we discuss a use-case of a Facebook application, which we have developed, that exploits some weaknesses and users' assumptions to gather a huge amount of private pictures.