Collaborative privacy management for third-party applications in online social networks

Privacy control mechanisms for online social networks (OSNs) offer little by way of managing access to a user's personal information by third-party applications (TPAs). Most OSNs provide an "accept all or nothing" mechanism for managing permissions from TPAs to access a user's private data. In this paper, we propose an approach that makes all requests for private data from TPAs explicit and enables a user to exert fine-grained access control over what profile data can be accessed by individual applications. Equally importantly, our approach also allows users to share their access control configurations for TPAs with their friends who can reuse and rate such configurations. This is particularly beneficial to novice users or those new to a particular TPA or an OSN. We present an implementation of our approach for managing privacy for third-party Facebook applications and report an initial evaluation (N=50). A significant proportion of our sample (76%) found the collaborative privacy management approach useful in determining the type of applications one might use based on its privacy rankings and noted a raised awareness about data privacy issues arising from use of TPAs.