Identifying Transitivity Threats in Social Networks

Transitivity threats refer to the unintended disclosure of information to unintended recipients as a consequence of an unrelated action. In the context of social networking sites, transitivity threats refer to potential privacy policy breaches that stem from the automated transmission of data/content due to user actions within the social network. For example, commenting on some content within the social network makes the commented content visible to the recipients of the comment, thereby breaching the privacy policy under which the original/commented content was shared. This paper presents a novel approach for modelling and comparing social network privacy policies to deal with transitivity threats. Our approach differs from existing approaches in its use of formal methods techniques to compare social network privacy policies. This work builds on a predicate calculus definition for social networking, modelling social network content, people, friendship relations, and privacy policies as access permissions to content. We have implemented our approach as a tool called Poporo. The tool extends on a previous version of the Poporo tool that checked a third party application´s compliance with system invariants. We validate our approach by using Poporo on several examples.