Controlling privacy disclosure of third party applications in online social networks

Abstract

Purpose The purpose of this paper is to analyse the problem of privacy disclosure of third party applications in online social networks (OSNs) through Facebook, investigate the limitations in the existing models to protect users privacy and propose a permission-based access control (PBAC) model, which gives users complete control over users’ data when accessing third party applications. Design/methodology/approach A practical model based on the defined permission policies is proposed to manage users information accessed by third party applications and improve user awareness in sharing sensitive information with them. This model is a combination of interfaces and internal mechanisms which can be adopted by any OSN having similar architecture to Facebook in managing third party applications, without much structural changes. The model implemented in Web interface connects with Facebook application programming interface and evaluates its efficacy using test cases. Findings The results show that the PBAC model can facilitate user awareness about privacy risks of data passed on to third party applications and allow users who are more concerned about their privacy from releasing such information to those applications. Research limitations/implications The study provides further research in protecting users’ privacy in OSNs and thus avoid the risks associated with that, thereby increasing users’ trust in using OSNs. Originality/value The research has proven to be useful in improving user awareness on the risk associated with sharing private information on OSNs, and the practically implemented PBAC model guarantees full user privacy from unwanted disclosure of personal information to third party applications.