Control of Photo Sharing over Online Social Networks Kaihe Xu * , Yuanxiong Guo * , Linke Guo † , Yuguang Fang * , Xiaolin Li * * Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL 32611, USA {xukaihe, guoyuanxiong}@ufl.edu, {fang, andyli}@ece.ufl.edu † Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY 13902, USA lguo@binghamton.edu Abstract—Photo sharing is an attractive feature which pop- ularizes Online Social Networks (OSNs). Unfortunately, it may leak users’ privacy if they are allowed to post, comment, and tag a photo freely. In this paper, we attempt to address this issue and study the scenario when a user shares a photo containing individuals other than himself/herself (termed co-photo for short). To prevent possible leakage of a photo privacy, we design a mechanism to enable each individual in a photo be aware of the posting activity and participate in the decision making on the photo posting. For this purpose, we need an efficient facial recognition (FR) system that can recognize everyone in the photo. However, more demanding privacy setting may limit the number of the photos publicly available to train the FR system. To deal with this dilemma, our mechanism attempts to utilize users’ private photos to design a personalized FR system specifically trained to differentiate possible photo co-owners without leaking his/her privacy. We have also developed a distributed consensus- based method to not only reduce the computational complexity, but also preserve the privacy during the training. We show that our system is superior to other possible approaches in terms of recognition ratio and efficiency. Our mechanism is implemented as an Android application on Facebook’s platform. I. I NTRODUCTION OSNs have become integral part of our daily life and has profoundly changed the way we interact with each other, fulfilling our social needs–the needs for social interactions, in- formation sharing, appreciation and respect. It is also this very nature of social media that makes people put more content, including photos, over OSNs without too much thought on the content. However, once something, such as a photo, is posted online, it becomes a permanent record, which may be used for purposes we may not expect. For example, a posted photo in a party may reveal a connection of a celebrity to a mafia world. Just because OSN users may be careless in posting content while the effect is so far-reaching, privacy protection over OSNs becomes an important issue. When more functions such as photo sharing and tagging are added, the situation becomes more complicated. When someone attempts to share a co- photo that contains individuals (photo co-owners) other than himself/herself, currently there is no restriction on posting. On the contrary, social network service providers like Facebook are encouraging users to post co-photos and tag their friends out in order to get more people involved. However, what if the This work was partially supported by National Science Foundation under grant CNS-1343356. The work of X. Li was partially supported by CCF- 1128805 and ACI-1229576. co-owners of a photo are not willing to share the co-photo? Is it a privacy violation to share co-photos without permissions of the co-owners? Should the co-owners have some control over the co-photos? With these questions, we shall take a new look at the popular OSNs such as Facebook to find how users’ privacy are managed especially with the photo sharing feature. According to the statistics from Facebook, 95% of the users are tagged at least once on a photo, while most photos are tagged by someone else. Tagging reveals identity immediately, but it also works as a notification. There are 350 million photos uploaded everyday, and so what if someone just uploads photos contain- ing a user without his/her knowledge? Currently, we can barely do anything about it. In this paper, we propose a mechanism to help photo co- owners to get some control over their co-photos. We argue that the co-owner of a photo should have the same control over the photo as the owner. Whether or not to post the photo should be a collaborative decision of everybody in the photo. To do that, we need to design an add-on scheme to monitor photo posting activities on OSNs. Whenever a user attempts to post a photo, he/she will receive a notification and has to make the joint decision on whether to post it or not with all individuals involved in the photo. Thus, a face recognition engine (FR) is needed to recognize users in the photo. Photos to be posted usually contains social friends on OSN, and thus, FR can be trained to recognize the social friends (people in the social circle). Training techniques could be adapted from the off-the-shelf FR training algorithms. However, how to get enough training samples from the social circle in the OSN for the FR engine is the key. FR with higher recognition ratio demands more training samples (photos of friends). However, online photo resources may not contain enough photos of a friend potentially in a photo. Users who really care about their photo privacy are unlikely to post too many photos online. Perhaps it is exactly those people who really want to use our proposed mechanism and expect a high recognition ratio. To break this dilemma, we propose a privacy-preserving distributed collaborative training system for our FR with users’ private photos as the training input. Since the decision on photo posting involves friends in the circle (the most likely scenario) and it is distributed in nature, our problem can be transformed to be a typical secure multi- party computation problem. Intuitively, we may apply cryp- Globecom 2014 - Communication and Information System Security Symposium 978-1-4799-3512-3/14/$31.00 ©2014 IEEE 704