Lattice-based Contextual Integrity Analysis of Social Network Privacy Policies

Abstract

More than four billion users use online social networks (OSNs) and integrate themselves into their ecosystems. Consequently, these users are increasingly tasked with understanding the implications of their consenting to the privacy practices of OSNs via privacy policies. However, privacy policies are often vague and confusing to users, leading to misconceptions and gaps in users’ understanding of privacy practices. In this paper, we propose the Lattice-Based Contextual Integrity Analysis (LCIA) framework to help make quantitative determinations about how likely an OSN’s privacy policy is to mislead users with regard to its information flow practices, relative to other OSNs. We evaluated LCIA with 13 OSNs’ privacy policies and identified that OSNs with more privacy-violating information flow practices are more likely to mislead users through ambiguous statements, thereby exposing them to greater privacy risk.