Facebook and Twitter have led to a renewed discussion about
user privacy. In fact, numerous recent news reports and research studies
on user privacy stress the OSM users' urgent need for better privacy
control mechanisms. Thus, today, a key research question is: how do we
provide improved privacy protection to OSM users for their social
content? In my thesis, we propose a systematic approach to address this
question.
We start with the access control model, the dominant privacy model in
OSMs today. We show that, while useful, the access control model does
not capture many theoretical and practical aspects of privacy. Thus, we
propose a new model, which we term the exposure control model. We define
exposure for a piece of content as the set of people who actually view
the content. We demonstrate that our model is a significant improvement
over access control to capture users' privacy requirements. Next, we
investigate the effectiveness of our model to protect users' privacy in
three real world scenarios: (1) Understanding and controlling exposure
using social access control lists (SACLs) (2) Controlling exposure by
limiting large-scale social data aggregators and (3) Understanding and
controlling longitudinal exposure in OSMs, i.e., how users control
exposure of their old OSM content. We show that, in each of these cases,
the exposure control-based approach helps us to design improved privacy
control mechanisms.