TIPOS DE INTERCAMBIADORES A VALORAR PARA EL DISEÑO DEL PASTEURIZADOR

An exponential evolution and user growth is evident on online social networks, where people can communicate through various means based on information-sharing. For example, the num- ber of users of social media worldwide has reached 1.96 billion, and 81% of the US citizens had a social media profile [1]. The affordability of location-aware mobile devices has enabled these networks to seize location feature by supporting location-based services along with the other online social networking advantages. Online social networks which embrace geo-location technologies can be referred to as Geo-Social Networks (GeoSNs), such as Facebook, Twitter and Foursquare. GeoSNs can be defined as “a web-based or mobile-based service that allows users to (1) construct a profile containing some of their geolocated data (along with additional information), (2) connect with other users of the system to share their geolocated data, and (3) interact with the content provided by other users (for instance by commenting, replying or rating)” [2].GeoSNs basically allow for the sharing of location information with other users, while enjoying all other features of traditional online social networks [2]. Users of GeoSNs can, for example, record their visit to places (check-in), share their thoughts about a place (leave a comment), or geo-tag a picture of theirs. A social dimension is involved within these applica- tions in which users are motivated to interact with others rather than interacting with the service provider. Users can geo-tag other users in their shared contents. Moreover, users can share a large amount of real-time information that can be accessed by wide audience, as opposed to traditional Location-Based Services (LBS) [2, 3]. They also share other contextual information along with their location data including social connections and reviews [4]. Interestingly, al- most all of the modern online social networks are GeoSNs where they enable sharing location information or using services based on location. In general, the majority of users share their accurate location that they visited to take advantage of the services provided by the GeoSNs. For example, in the study presented in Chapter 7, participants confirmed that their spatiotem- poral location history presented to them are correct and reflected their real mobility. However, some users tend to disclose a nearby or general location, or even share it after leaving the place

2 1.1 Introduction and Motivation

which can affect the spatial and temporal accuracy of the data if they felt the need to protect their privacy, as discussed in Section 3.2.1.6.

Sharing location information on GeoSNs can pose several threats to user privacy. Providing location-based services requires the knowledge of the users’ location, and in some GeoSNs, this location information is very precise. Location is considered to be sensitive in comparison to other types of information. Location information typically includes the spatial (where) and temporal (when) factors that make it distinctive and dynamic in nature. Tracking a user’s loca- tion over time can reveal their identity [5, 6]. In addition, users’ historical location information can be linked to contextual and semantic information publicly available on GeoSNs and can be used for constructing comprehensive user profiles that include inferred personal information about users [7]. Derived information in such profiles can include user activities, habits, mobility patterns and relationships with others [8, 9, 10, 11, 12]. Such enriched location-based profiles can be considered to be useful if used to personalise and enhance the quality and usability of the applications. However, it can potentially be used for undesirable purposes and pose new threats to users’ location privacy, which refers to a particular type of information privacy that sup- ports users’ right to be consent to all aspects of their location disclosure [13, 5]. Thus, location disclosure on GeoSNs can expand the implications to location privacy, compared to LBS. Users’ concerns about their location privacy are evident [14, 15, 16], yet the provided privacy solutions have shown to be ineffective. Privacy policies and privacy settings have been applied widely in online services as a means of providing privacy management to users by offering them some information about how their data are handled and basic access controls to their data. Nevertheless, privacy policies are relatively ineffective due to the vague and complex presentation of information [17]. Privacy settings also enable limited protection that has shown to be difficult to use [18, 19]. In fact, users are unable to effectively use them due to their lack of awareness of the potential privacy consequences of their data exposure [20, 21, 22, 23]. In addition, Location Privacy-Preserving Mechanisms (LPPMs) have been developed to provide protection in LBS which mainly utilise anonymity and obfuscation techniques [13, 24]. However, these are not fully robust in protecting location privacy against attacks [25]. They mainly work on reducing the spatial and temporal accuracy which restricts their applicability on GeoSNs and impacts the quality of service provided [7] (see Section 2.2.2). Hence, there is a need for effective location privacy solutions.

GeoSNs fail to provide privacy awareness related to users’ information exposure and associated privacy implications. The design of these applications focuses on providing an enjoyable exper- ience for users, and lacks support for awareness of data collection, accessibility, and utilisations [26, 4]. Therefore, users are not fully aware of their explicit or implicit location data collection and the related privacy threats, which can impact how they appreciate their location privacy

1.1 Introduction and Motivation 3

[22, 20, 27]. Users’ ability to make informed decisions about their location information disclos- ure and manage their privacy according to their preferences are restricted as well. The extent of the privacy management actions carried out by users is related to their personal awareness and experience with how a system processes their data, which is shown to be limited [28, 29]. Thus, users need to be informed about the explicit and implicit profiles that can be constructed based on their location data shared on GeoSNs.

Privacy feedback and control methods has been shown to be useful for enhancing users’ pri- vacy awareness, and ultimately allowing them to effectively manage their privacy in the area of mobile and social networking applications [30, 31, 33]. They also take into consideration the varying levels of personal privacy required by individuals, where they can decide upon their sharing actions according to their personal privacy preferences [35]. Thus, supporting users’ awareness of what of their data are collected, how they can be used to extract personal inform- ation, and who can access their data, has great potentials for addressing location privacy in GeoSNs. This awareness includes informing users about potential privacy consequences, hence enabling them to provide informed consent about their information disclosure which matches their desired privacy preferences. Providing real-time privacy feedback has been shown to sig- nificantly impact users’ data sharing decisions. There, users are notified of possible privacy risks just before they disclose their information [32, 34]. This type of feedback can be utilised for enhancing location privacy awareness in GeoSNs by allowing users to make information location-disclosure decisions through offering just-in-time privacy notification based on users’ profiles and where a privacy awareness is needed.

Few previous studies have addressed the impact of location privacy awareness on users’ sharing behaviour [36, 37, 38, 34]. The studies mainly offer rule-based privacy controls for managing location disclosure by specifying dynamic rules including place, time and recipient in geo-social applications. They generally assume that awareness of location information is confined to the visits the user makes to places, and focus on user awareness of the visibility and accessibility of their location information. However, these studies do not consider a holistic view of the possible personal information inferences that may be made in the network, which is another important aspect of privacy awareness. The studies’ test environment was limited, as proprietary applications with limited features of interaction were used in their evaluation, which does not provide sufficient representation the public (commercial) GeoSNs environment. For example, the participants interact with few users and mainly share their location without any contextual information such as reviews, tags, or pictures. Thus, the key concerns and challenges of this work are to address the problem of location privacy in GeoSNs through improving location privacy awareness of both the content aspect in terms of data collected and inferred about a user, and the accessibility aspect in terms of who of the application’s users can view a user’s data and by using public GeoSNs that are used by and available for millions of users.