A False Sense of Privacy: Online Photo Sharing Concerns

online-photo-sharing_300x200The ability to share photos and experiences instantly via social media platforms has undoubtedly bridged the lives of users around the world, allowing them to stay connected despite distance and other barriers. Social media users are not only able to share pictures of their daily activities; they have the opportunity to participate in free and real-time chats with friends and family in other locations; post status updates about both important milestones and quotidian occurrences; and express opinions about “hot spots” and places of business by “checking in” at their current location. The extension of social media applications to mobile devices has further enhanced users’ abilities to share this information at virtually any time, with others being able to access is just as frequently. This does not come without a price, however, as new privacy concerns, due not only to user error but to complex infrastructures and cross-use of social media platforms, are raised every day. Will it ever be possible to completely guarantee privacy for social media users?

In the March/April 2015 issue of IEEE Internet Computing, the IEEE Computer Society’s publication highlighting emerging and maturing Internet technologies and applications, authors Kaitai Liang, Joseph K Liu, Rongxing Lu, and Duncan S. Wong outline privacy issues that users face every day, without, in many cases, being aware. Focusing specifically on the popularity of photo sharing, first within individual social media platforms such as Facebook, Twitter, Instagram, MySpace, Tumblr, and Flickr, and then on cross-platform information sharing between each, the team identifies and defines what it deems “deletion-delay phenomenon.” In investigating this privacy concern, the team seeks to bring awareness of the privacy risks involved, with the ultimate goal of encouraging both social network service providers and users to be more conscious of the issue. Users, ideally, will share photos more responsibly across platforms, and social network service providers will explore proposed countermeasures by devoting more time and money to R&D endeavors to develop solutions for protecting user privacy.

A survey of the above-mentioned social media platforms (specifically when posting photos using them, either from a mobile application or using the Web) made it obvious that sensitive information can very easily be leaked to others, even if privacy and security measures are put in place by the user and/or the platform. The IEEE Internet Computing article, quite alarmingly, discovers that, in a single-platform scenario, “someone can still access a posted photo’s URL even after the user deletes the photo.” Even though the photo may be deleted by the user after being shared, if the photo’s URL has (quite easily, via the right-clicking on the photo itself or accessing the source code), been obtained and saved by another party, it can be used to access the photo for not merely a matter of minutes, but, in the cases of MySpace and Tumblr, more than thirty days. This delay, caused by the complex interactions of content delivery networks (CDNs), is only nonexistent when using Twitter: Facebook, Flickr, and Instagram are all saddled with deletion delays ranging from three days to two weeks.

This sensitive issue becomes further complicated when photos are shared across platforms. Under this circumstance, a photo posted in an initial platform might be shared to a “destination platform.” However, the photo’s access/sharing URL may still be shown in the destination platform even after the user removes the original photo. For example, when an Instagram or Tumblr photo is directly shared to Facebook, a copy of the photo still remains on a user’s Facebook timeline even after the original photo from Facebook or Tumblr is deleted. Again, as in the instance of single-platform sharing, Twitter adequately preserved photo sharing privacy in a cross-platform setting, while Facebook and Tumblr reserved either a copy of the shared photo.

Even though these risks have been identified, complex infrastructure has yielded no direct or efficient solution to deletion-delay. Solutions proposed by the team include combining an encryption mechanism with the help of a trusted third party, extending existing access/privacy controls, and/or shortening the photo-deletion time from the CDN. Each of these possibilities is saddled with its own complications and shortcomings, leaving no practical catch-all for ensuring photo-sharing security.

Perhaps the most disturbing part of this discovery is the ethical dilemma it poses. The average end user is likely unaware of the implications of photo sharing across platforms, and the ability to access, via URL, photos that he or she believes to be deleted; stricken from the internet forever. In turn, he or she puts trust in the privacy controls that can be set on his or her user account, which may not carry from platform-to-platform, giving the user an illusion of mastery and trust in the social network. Very rarely does a social media platform communicate all potential disruptions to its patrons.

Should users be able to trust privacy settings? Are social media platforms responsible for ensuring that the deletion-delay issue is solved, and do ethics suggest that they should be more transparent when communicating privacy and security issues to users? Who is accountable when security gaps are identified: the user — with the option to censor his or her posts —  or the provider, who is equipped with more knowledge than the average end user? Let us know your thoughts in the comments section below!

For more content from academic and industry experts on a wide range of topics including applications, architectures, information management, middleware, policies, security, and standards, check out the IEEE Internet Computing Web site.

Comments

  • What about old days when we left the film for processing and printing with the lab at the shopping mall? They processed, printed and left all the envelopes in a tray for the customers to pick up. I could have picked any body’s private photos just for paying the processing cost of $5 or $10 ! what happened to privacy then?

    • I will add that even the guys at the processing lab can make as many copies they want from customers photos. But, at the end, this is a different problem: do we trust in our service provider? What Facebook, twitter, tumblr, and others do with the photos we submit?

Comments are closed.