Security and Privacy Issue in Social Networking

It is the time to share the information for the last 3 lectures. I will mainly focus on the Security and Privacy Issue in Social Networking. As you know, almost everyone should have at least one account on famous social network platform, for instance, Facebook, Twitters, etc. We are living in a world where people would communicate by sending a text message from their mobile phone, post comments on their favorite online network. 

Having the social networking sites, it provides the following benefits:

  1. People can find easily and reach their audience for their businesses
  2. It help a business to improve its reputation.
  3. It provide low cost marketing with free advertising.
  4. It increases the personal touch of each others.

However, due to the social networking, the main two issues can be the XSS Attacks/ worms and LikeJacking.

1. XSS Attacks

XSS attacks are attacks that target the end user instead of your actual site. As private information is a valuable items. Hackers want to steal it.  Under XSS Situation, hackers can steal the end users cookie data or redirecting to a different site, to embedding a browser exploit on a page. Anything that can be done with JavaScript. 

Do you know the "Samy worm"? It was an XSS worm developed to propagate across the MySpace social-networking site.  It gained significant media attention.

The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours, over one million users had run the payload. It propagated across so fast over the site. MySpace XSS worm that effectively shut the site down for a few days in October 2005. Luckily, no private information was stolen at that time.

How to prevent XSS Attacks?

The following list outlines the general approaches to prevent cross-site scripting attacks:

• Encode output based on input parameters.
• Filter input parameters for special characters.
• Filter output based on input parameters for special characters.

For example, in ASP.NET,  use URLEncode and HTMLEncode to encode the output data to the web site.

Possible sources of malicious data

While the problem applies to any page that uses input to dynamically generate HTML, the following are some possible sources of malicious data to help you spot check for potential security risks:

• Query String
• Cookies
• Posted data
• URLs and pieces of URLs, such as PATH_INFO
• Data retrieved from users that is persisted in some fashion such as in a database

2. Likejacking

Facebook-enabled clickjacking attack that tricks users into clicking links that mark the clicked site as one of your Facebook "likes." These likes then show up on your profile and, of course, in your Facebook News Feed where your friends can see the link and click it, allowing the vicious, viral cycle to continue.

Usually, the content of the likejacking site is video. The content is very interesting and attractive. It attracts users to click on the links and watch the video into details. Victims then invited to a Facebook application asking them for user information and access to the user profile. Using this permission, the application posts spam, asks users to fill out surveys (a genuine source of commission revenue). Our privacy and credit cards information may be stolen in this case.

How to prevent Likejacking?

The following ways can prevent Likejacking:
1) If a link leads you a page which says "Click here to continue", close the page.
2) Watch out for Facebook content that involves a lot of clicking before you get to the point.

3) Facebook taking steps with pop-up message to warns users if they want to open a suspected link.

4) Log in the website and log out after uses.

Conclusion

Actually, we get used to social network and sometimes we may forget to verify the integrity of contents in our friends posts. We should look at it carefully before clicking any suspected link in order to protect our privacy data carefully. "Please slow down our steps. Think before action!"

Reference

http://en.wikipedia.org/wiki/Samy_(computer_worm)

http://tycoontalk.freelancer.com/php-forum/47587-tip-prevent-xss-attacks.html

http://www.readwriteweb.com/archives/likejacking_takes_off_on_facebook.php

http://www.mensxp.com/technology/internet/2945-watch-out-for-facebook-likejacking.html
http://www.myid.com/blog/avoid-facebook-likejacking-scams/

http://www.fastcompany.com/articles/2008/10/social-networking-security.html

Sharing on Social Network Analysis

What is Social Network Analysis (SNA) ?

Social Network Analysis (SNA) is the study of social relations among a set of actors. For instance, people, groups, organizations, computers, URLs, and other connected information/knowledge entities. The nodes in the network are the people and groups while the links show relationships or flows between the nodes. SNA provides both a visual and a mathematical analysis of human relationships. We can base on the analysis and conduct new form of information and knowledge.

My knowledge on SNA

    Figure 1: Social Network
The above figures shows a simple social network, In Social Network Analysis (SNA), it can be represented by adjacency matrix or sociomatrix like the following:

The symbol, "1", represent the link exists between two nodes while represents there is no relationships between them This kind of social network is an undirected graph.

Let L be the number of links in a network, and g is the number of nodes.

In this case, L = 6 and g = 5
In order to find out the most influential people within the social network. We take the above example, several techniques can be used. 

1. Density 

It measures the closeness of a network, is an indicator for the general level of connectedness of the graph
The value of computed density is between 0 and 1.
Density = (L/ [g(g-1) / 2]) = 2* 6/20  = 0.6
2. Centrality

Three standard centrality measures capture a wide range of “importance” in a network:

2.1 Degree Centrality

It counts the number of direct connections a node has:
For the below graph, each value in "Values" rows means the Degree of the node i, we denote it as D(node i)
For the Normialized/ Standardized value,  D(node i) / (g-1)

Result:

Network Centralization = 66.67%


2.2 Closeness Centrality

Closeness represents the mean of the geodesic distances between some particular node and all other nodes connected with in. It describes the average distances between one node and all other nodes connected with it.

The formula is like the following:

Result:

Network Centralization (Closeness) = 58.33%

2.3 Betweenness Centrality

It is a measure of the potential for control as an actor who is high in “betweenness” is able to act as a gatekeeper controlling the flow of resources (information, money, power, e.g.) between the alters that he or she connects.

It can be calculated by the following formula:

Result:

Network Centralization (Betweenness) = 56.25%

In figure 1, we can find out David is the most influential people within the social network.

Conclusion
Centrality is a basic technique to measure how central an individual is positioned in a social network.

For the closeness centrality basically counting the inverse of the average shortest-path distance from the vertex to any other vertex in the graph. It can be viewed as the efficiency of each individual in spreading information to all others.

Actually, beside of the above techniques, if we transform the internet web-pages into a complicated directed graph , we can also use ranking algorithm, for example: PageRank, Hits, EigenRumor, etc They are the methods to find out the rankings. Good homepage will have a good ranking.

As SNA become more and more popular, those SNA technique will help us make the social network data to be high conceptional level into new information and knowledge in different aspects. We can find out and understand more behavior of each social network user and develop a better semantic web in the future. 

On the other hand, we need more sampling in order to make the analysis to be more accurate. However, it may lack of sufficient computing resources to handle large sampling datasets.

Social Media Marketing in Different Forms

Nowadays, Internet grows rapidly and becomes more and more essential in our modern society. After well-developed of social computing and platform, people can form their social networking easily.  Moreover, under the Web 2.0, user can share and express their opinions on their mobile or just comment it with just a button click. In the light of this, the social media is somehow used for business marketing.

The most common strategy are Recommendation and Reviews, Direct Social Recommendations, and Derived Social Recommendations.

Recommendation and Reviews

Normally, people love to buy the best thing with the lowest price, with the recommendation and reviews. On Internet, those reviews that were written by reviewers are the rating of the product. Visitors can enjoy the feature and select the things they want to buy.

I experienced the most of this feature is booking Hotels for my travelling. For example, Booking.com is a famous site for visitors to book the hotels online. Rating can by sorted by Recommended, Stars, Distance and Price. Those factors become the reviewing aspects by the users who have experienced stay on that particular hotel.

Recommendation and Reviews on Booking.com
 

Direct social recommendations

Direct social recommendation emphasize direct relationship, it is not like the above strategy. It can be formalized as a marketing campaign. The most famous we know is that we can easily share the news. For example, JosDB.com can provide a function "Email to Friends" to send the news to a group of friends.
 

"Email to Friends" option on JobsDB.com

"Email to Friends" User Interface on JobsDB.com

So far as I know, there is a website which is called "Addthis.com". It can provide a generic plug-in for website can install to website easily, just within a few lines of code.
 

Free Sharing Plugin on Addthis.com

Derived Social Recommendations
 

It involves software system to analyze and generate related recommendations to visitors. The most famous should be YouTube. It can show recommendations base on your input keyword. Although it may contain thousands of videos after a user input, YouTube has its own component to analyze the data and show the most related suggestions. Most likely it is by user ratings and views.

Derived Social Recommendations on YouTube.com
 

Summary
 

In summary, social media marketing involves social platform with good user interface, and artificial intelligence on information. The most important is how to collect the right data, right person, process the data and analyze the information in a collect way in user experience point of view.

================================================================

I have learnt the Blogosphere and Information Sharing, marketing on social media, and social multimedia computing.on class on these two weeks.

The great thing is that social multimedia computing seem becoming more and more popular. Social multimedia provides several effective ways to harvest the large-scale digital traces of social behaviors. 

In the future, I think that using VBlog will be the next things that will be famous and hot on social platform.

Twitter-based Prediction Market

Prediction markets are created for the purpose of making predictions. Predicting outcomes is essential to business decision making. The most famous example meaning is the stock market predictions. People who buy low and sell high are rewarded for improving the market prediction, while those who buy high and sell low are punished for degrading the market prediction. The two most popular approaches for producing reliable forecasts are experts' predictions and "the wisdom of crowds". Nowadays, many companies started using the social media platforms for marketing, custom service and promotions, particularly Twitter.  

Twitter scans 10% of tweets at random and then categorizing these according to positive or negative moods,  such as ‘alert’, ‘vital’ or ‘happy’. This intelligence is then used to predict movements in the Dow Jones Industrial Average. Incredibly, it’s claimed their method is about 88% accurate for reflecting stock market movements, and importantly it is paying off. This strategy use human emotions to influence and drive the strategy, instead of looking at the effect that these human emotions have on a campaign that has been implemented to drive revenue. Twitter may not be the biggest social network, but they are certainly the most public, as the majority of information in there is available to pretty much anyone, unlike Facebook where it’s unusual to come across a profile that is set to public, with personal updates ready to be searched and analysed.

The Twitter-embedded prediction market can induce people to provide the information easily. For example, sharing information by sending direct messages from smart phones is a more convenient mode of communication. With more people participating and providing more information in a more timely manner, the prediction market potentially can outperform other prediction markets. It seems that Twitter based prediction markets produce better predictions than the prediction markets without social networks. In real life, Twitter Prediction market is not 100% reflect the real outcome. Although the information is provided, we need to adjust the reliability of the predicted information ourselves. Furthermore, in the future, Twitter can do better if they can pay more effort to provide a better algorithm to increase the prediction result and show more monetary value of Twitter.

Reference:

[Video]    Can Twitter predict the Stock Market?

[Website] TweetTrader.net
[Website] Twitter Can Predict the Stock Market
[Website] How Twitter Is Being Used To Predict Movements In Stock Markets

------------------------------------------------------------------------------------------------------------

After attended the lecture 1 to 3 of this course, I have learnt a lot.

First, the course introduced several social experience models. I never knew those types of social platform before. Now, I can classify those social media sites (types and characteristics).

Second, in lecture 3, I have a clear identify the difference between the term (data, information and knowledge) by the different level of cognition.

Third, the most I like is that the example that introduced for the new and developing social task.

I found that social media network really had a big influence to public. We need to analyze the data and found our specific information after processing and form our knowledge.

For further expectation, I want to more social tasks and social strategies that make important for social media users in the future.