View article

The popularity of social-networking sites, blogging and other content-sharing sites has exploded, resulting in more personal information and opinions being available with less access control than ever before [5]. Many content-sharing sites provide only the most rudimentary access control: a document can be either completely private or completely public. Other sites offer the slightly more flexible private/friends/public access-control model, but this still fails to support natural distinctions users need, such as separating real-world friends from online friends. The traditional response to these privacy concerns is to post anonymously or pseudonymously, but recent psychological research shows that some Internet users do not establish separate, online personae, but instead consider their online identity as an extension of their real-life self [3]. And although privacy expectations that users desire are easy to state, there is a large gap between the users’ mental models and the policy languages of traditional access-control systems [2]. The consequences of poor access control are welldocumented in the news media. Bloggers have lost their jobs when their employer discovered the employee’s personal blog [9]. Sexual predators use social-networking sites to find victims [7]. Bloggers have been stalked based on the opinions and personal information placed on their blog [8]. Universities have disciplined students using photographs published on social-networking sites [1]. For all these reasons, we advocate that blogs and social networks need a policy mechanism that supports high-level policies that can be expressed succinctly, applied automatically, and …