HideNoSeek



Social media has become an integral part of our lives. We use social media to stay connected with family, friends and sometimes complete strangers. As of 2020, there are 3.96 billion people using some kind of social media platform in the world, which is 83.36% of the total world population, and this number increases each year. 

Along with the many advantages that social media serves, it also comes with an additional set of problems. Privacy on social media is a big issue. With most of your life events being broadcasted on social media platforms, privacy is a rare thing to find these days. Most people know that they want to share certain things with certain people, not all of them know how exactly to achieve it. Most people are not even aware of the security threats that publicly available personal information can pose. 

Right to privacy is a fundamental right in most parts of the world, but in the context of social media, the exercising of this right is difficult. The users are always stuck in a dilemma of wanting to share information with their loved ones, but not sharing this information with everyone else with an internet connection. To help users exercise some control over their privacy online, most social networks provide a plethora of privacy settings which the users can adjust according to their preferences. But even these privacy settings are not always easily accessible. 

Studies show that a typical user has an account on more than 8 social media platforms. Each of these platforms comes with their own privacy settings page, but their organization and interface differs from each other. Finding these settings pages, understanding the organization and content, which sometimes includes technical jargon, can be simply exhausting. 


To solve this problem, we present HideNoSeek, an application which automates the privacy setting changes for all your social media accounts, according to your preferences. 

Solution

HideNoSeek presents a one stop solution for organising privacy on online social media (OSM). It allows users to model their privacy for popular social media with just a couple of clicks. We present three profiles to cover users’ general needs: private, public and moderate. A user is free to choose from the three profiles and available OSMs and our application automatically models the user’s privacy accordingly without their intervention. The profiles take into account important aspects of privacy including the spread of user data to third parties, sharing of information, profile visibility etc. 


Given that our application allows the users to escape traversing the complicated mazes of privacy settings pages and manually editing them one after the other, we can confidently say it helps with the problem we are trying to solve in an efficient and user friendly fashion. 


The backbone of our solution is the lack of need of user intervention, often called creating a headless environment. We use Google’s Puppeteer API which allows us to control Chrome in a completely headless fashion. The API has several features including the ability to take screenshots for testing, automating form submission, timeline tracing etc which leads us to our current solution. While the user doesn’t need to do anything more than running our application, we take advantage of Puppeteer’s capabilities to provide screenshots of our actions for their reference.



Each of the three profiles of our application is carefully crafted to ensure they reflect their respective meanings accurately. While a public profile will not debar any social media from sharing information, a private profile will ensure no information is shared with an unwanted user or organization. The moderate profiles for each social media were manually designed with the help of user surveys to gauge how users feel about their privacy and how they set up their profiles. For instance, a moderate profile on LinkedIn would be much more open when compared to one on Facebook given that LinkedIn is a much more public platform with being ‘visible’ a key aspect of its use. The profiles can in some ways be compared to Alan Westin’s categorization of population into privacy fundamentalists(private), privacy pragmatists(moderate) and privacy unconcerned(public). 

Design Process


We first performed a user survey to understand the problem and domain, see if users were concerned about their privacy on various social media platforms and what their opinion was regarding the same. To restrict the scope for this project, we focused on five major platforms: Facebook, LinkedIn, Instagram, Reddit and Twitter. We also enquired about their privacy settings on various platforms. 


These are some of things people responded when asked about their privacy settings on social media and their opinion on them: 



Many people had kept their settings as default on all platforms and wrote that changing settings becomes tedious with the hordes of different privacy settings and combinations available. While some had taken an effort to customize their settings, when asked if they would use a common platform which could change their settings in a few clicks, a significant majority of them responded positively. After analysing the responses of the people, we concluded that at least three levels of private profiles would be required to model user behaviour and accurately represent it: Private, Moderately Controlled and Public profiles.
We then performed an analysis of common settings across the platforms.  

 



It is evident from the analysis that many settings were similar across various platforms. A similar approach for all social media platforms would not pose any problems with modelling user profiles while allowing modular coding to aid further expansion and maintenance of the application.

Roadblocks

Headless Chrome

We initially decided that we would programmatically change privacy settings of users on social media accounts by using JavaScript to manipulate elements like checkboxes, buttons etc on the page. But we soon realized that this is not a user friendly approach to the problem. In our initial prototypes, the Javascript code opened the settings page and changed the settings one by one, which had the user seeing their social media's privacy page abruptly opening up in front of them, and the settings being changed. We decided that having our application change the users’ settings in the background would be much more visually appealing, which led us to implementing our logic using Puppeteer and Headless Chrome, as mentioned in the solution. 

Detection and blocking of Headless Chrome by Instagram

One problem that we faced while implementing the logic for Instagram is that it was able to detect when a user is accessing a site using Headless Chrome, and then it blocked our access, so we weren't able to change the settings initially. It didn't give an error, but the request didn't go through and it eventually timed out. So we figured how Instagram was able to detect the use of Headless Chrome. It does so by looking at the User String in the request header, which has a substring "HeadlessChrome" when we are operating in that environment. So we overwrote that string in our code and replaced the substring "HeadlessChrome" with a standard User String, after which it started working.

Variation in user behaviour regarding privacy among platforms

Online social media comes in all shapes and sizes. There are websites like Facebook which are used to make personal relationships while websites like LinkedIn are extremely professional. With the difference in platforms comes an inherent difference in how users interact with them. A user may keep an extremely private profile on Facebook and add only a small number of friends while keeping an open profile on LinkedIn to attract jobs and recruiters. It is thus impractical to consider all social media to have similar levels of privacy for any specific profile. Taking this into account, we carefully crafted each profile to ensure the profiles for each social media take into account user behaviour.

User Credentials and their Security

One of the key concerns we expect users to have with our application is the handling of their social media credentials. While we would love to alleviate the risk from the users’ minds completely, it was not possible to change their privacy settings without access to their accounts for obvious reasons. What we decided to do to reduce any possible risk was to allow the users to manually enter their credentials in the application and have the application do nothing but login in their account once before changing the privacy settings. The application runs locally on the users’ systems and has no need of storing the credentials to a server or external storage. This allows HideNoSeek to make use of credentials for only the required tasks and have the system log out immediately afterwards by not storing the headless chrome instance as well. As a possible alternative, one may use Puppeteer to access the user’s browser data to fetch the credentials for logging in but this comes with access to all other accounts and files the browser data may store.

Conclusion

With a study of how users interact with online social media and what they feel about the privacy within these platforms, we identified a key problem that exists and attempted to solve it. We present HideNoSeek, an application that allows users to forego the hassle of traversing complicated mazes of privacy settings of online social media and model their profiles according to their needs in a few simple steps. Each profile, being carefully crafted to suit the social media, presents the users with choices to keep their profiles public, private or ‘right in the middle’. We feel this application, and further possible modifications to it, will allow users a much easier and better experience when using these social media platforms while feeling safer.

Team Members


Acknowledgement

This project was carried out under the guidance of Prof. Ponnurangam Kumaraguru for the course Privacy and Security in Online Social Media.




Comments

Post a Comment

Popular posts from this blog

#Tractor2Tractor

Image
    India Farmer's Protest was in the news in early 2021 for being one of the largest organized protests. The farmer's protest was not only in national news but was also featured internationally by many media outlets. Social Media is the new way to share information, and it's here to stay. Twitter is one such platform where the information travels at a blazing fast speed through replies and retweets. Tweets are instant and easy to make, therefore allowing easy access to the platform.  The protest created a lot of buzz on Twitter. People from both sides of the argument used Twitter to spread awareness among the general public. The issue caught wind when the international popstar Rihana made a tweet recognizing the farmer's protest. The importance of Twitter cannot be understated as the government sought out to ban over 1200 Twitter accounts that were allegedly labelled "Khalistani sympathizers." Tweets from many famous Indian and international celebrities follo
Read more

Sperrow

Image
Domain: Fake News Platform: Twitter Problem Definition: Discourage a user from spreading potential fake news on social media platforms. What is the problem? I don’t understand!! The credibility of posts or accounts on social media has always been a topic of concern. Public figures have verified accounts, but they constitute only a small fraction of the total user base on any available platform. The considerable chunk is the " Other " crowd, and the line between what is trustworthy and what is not is blurry. An equally important question is whether you as a user might reveal more information than you intend to. Flagging fake content isn't always enough and is rather challenging in real-time, as accounts that spread such content would continue to do so , and due to the volatile nature of such information, people would tend to follow such posts. After a while, the distinction between what is fake and what is not is no longer clear. Who do we target and Why? Our motivatio
Read more

🍞 bRead

Image
🍞 What is the problem? A Filter Bubble is a state of intellectual isolation that can result from personalized searches when a social media algorithm selectively guesses what information a user would like to see based on their interaction history and other data which platform knows about them. It is difficult for a person to find opposing views on a topic on social media. One has to make a conscious effort to get diverse views on some topic, and break out from the filter bubble created by the social media algorithms. However, some choose to keep their filter bubble intact in order to prevent information overload which leads to misinformation, another problem prevalent in OSMs today. 🍞 What is bRead?  bRead is a new outlook on interacting with social media where people view multiple sides of a Debate, Question or News Topic and contribute to the conversation, hence delivering discourse in an organized, ethical and user-centric function. 🍞 How did we create bRead? Initial User Study 60
Read more