TECHNICAL FIELD

The present invention relates to data processing, and more particularly relates to a method and a device for protecting private information.

BACKGROUND

Social networks (e.g., Facebook, Twitter, and WeiBo in China etc.) have attracted billions of people in the world. Through those websites, users can freely post their data, including text, images and video, and share the data with friends and peer users. Due to open characteristic of the social networks, anyone can access data users have posted on the social networks. The users are not conscious of exposing sensitive data (such as home address, location, family members, sensitive opinions from the perspective of the boss, and so on) in their posts. Those sensitive posts may trigger undesired consequences, such as identity theft. More and more users of social networks are deeply worried that their privacy information will be exposed or be used by online companies. For example, there are many websites that "mine" the user's personal information to get the data for advertising. If the users don't share any data, there is no risk in exposing the privacy. But information sharing is the main goal of the social networks, so a big problem in social networks for the users is to balance the users' desire of sharing data with the desire to protect privacy.

There are mainly two ways for the users to lose their privacy in the social networks. When the users register in the social networks, they usually are required to create their profile or account, input name, address, birthday, mobile phone, city, work, and email etc. Most of social networks permit the users to set or configure their own privacy settings (privacy configuration). For example, it is allowed to select if the email address can be seen or opened to the other users. But many users forget to set the privacy settings, and some users even don't know how to use those granular privacy controls. Even though the users set the privacy settings provided by the social networks, they are still under the risk in losing their private information to some degree. Normally, the social networks have a kind of privacy settings strategy to control the information access. For example, Google+ allows the users to configure member group and add other users to the member group so as to make some information only visible to the group members. The users may set their own privacy settings so that only some other users can view the information they have posted. But the group strategy has its limitation. The posted data, which is only allowed to be viewed to a group, may be forwarded by a group member and then be further spread in the social networks. In addition, the social networks may revise their Privacy Policy from time to time, and the users normally don't review the Privacy Policy frequently. So it increases the risk for the users in exposing their privacy.

Therefore, it is desired for the users of social networks to protect their privacy as much as possible.

SUMMARY

According to an aspect of the present invention, it is provided a method for protecting private information. The method comprises steps of obtaining a set of items in privacy policy of a web site; obtaining a set of items in user profile of a user account in the web site; obtaining a join set of items between the set of items from privacy policy and the set of items from user profile; assigning values to the join set of items based on values of the set of items in the user profile and values of the corresponding items in privacy settings of the user account, wherein if an item has a value and is set to visible to the public a first value is assigned to the item; determining a score in proportion to percentage of items with the first value against the join set of items; and displaying the score.

According to another aspect of the present invention, it is provided a device for protecting private information. The device comprises a privacy policy module for obtaining a set of items in privacy policy of a web site; a user profile module for obtaining a set of items in user profile of a user account in the web site; a privacy settings module for obtaining values of items in privacy settings; a processing module for obtaining a join set of items between the set of items from privacy policy and the set of items from user profile; assigning values to the join set of items based on values of the set of items in the user profile and values of the corresponding items in privacy settings of the user account, wherein if an item has a value and is set to visible to the public a first value is assigned to the item; determining a score in proportion to percentage of items with the first value against the join set of items; and a user interface module for displaying the score It is to be understood that more aspects and advantages of the invention will be found in the following detailed description of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, will be used to illustrate an embodiment of the invention, as explained by the description. The invention is not limited to the embodiment.

In the drawings:

Fig. 1 is a diagram showing an exemplary view of the web page on the left and legend on the right according to an embodiment of the present invention;

Fig. 2 is a diagram showing the content that is presented when the information symbols are clicked according to the embodiment of the present invention;

Fig. 3 is a diagram showing a page for missing parameters of privacy settings when the settings symbol is clicked according to the embodiment of the present invention;

Fig. 4 is a block diagram showing a system architecture including a social network application server and a privacy evaluation manager according to the embodiment of the present invention; and Fig. 5 is a flow chart showing a method for protecting privacy information according to the embodiment of the present invention.

DETAILED DESCRI PTION The embodiment of the present invention will now be described in detail in conjunction with the drawings. In the following description, some detailed descriptions of known functions and configurations may be omitted for clarity and conciseness.

The present invention relates generally to a method and a device for protecting private information of users. The basic underlying assumptions are that the users in the social networks are interested in sharing data or information with others, but they don't have a clear vision that how their privacy will be exposed. The social networks or a third party company can deploy a service for privacy evaluation, which provides the users with information about the degree of their privacy exposition. With the result of privacy evaluation (or even automatic suggestion or automatic modification based on the privacy evaluation result), the users are able to reduce the probability in exposing private information or sensitive data.

According to an embodiment of the present invention, the method for prompting the privacy risk or protecting user privacy includes steps of retrieving the privacy rules (or called privacy strategy or privacy policy) of a social network to determine which items of information that the social network web site collects; retrieving user profile and privacy settings to determine which items of information that the user has inputted and that is exposed to other users according to current settings or configuration; generating a privacy evaluation result. The privacy evaluation result includes a) a score representing the degree of exposing the privacy and b) details about privacy exposition, e.g. it at least comprises items of information that the user has inputted and that is exposed. In addition, it dynamically generates a form for the user to change the items of information. This is the first level of privacy evaluation. According to another embodiment, it provides a second level of privacy evaluation, i.e. to generate privacy evaluation result for a post that the user is writing. It is implemented by analyzing the text content that user is editing to post and history posts that the user have posted before. Using the above information, the evaluation algorithm will dynamically generate a recommendation or recommended privacy value(s) to the user, so the user can have a choice to modify what they would like to post based on the privacy evaluation.

An application scenario for the proposed privacy protection and evaluation method is described as follows. The method is deployed on a same computing device (e.g. a computer) that provides the social network service or on a computing device (e.g. a computer) that is able to or is authorized by the social network to access to the privacy rules, user profile, privacy settings and the inputted text content. A user case includes the following interactive steps:

a) a user signs in a social network, and a privacy evaluation service that embodying the principle of the present invention is launched automatically. In addition, the user can manually start, suspend and stop the service. In another example, the service needs to be launched manually.

b) a web page is displayed showing a privacy evaluation result for the base privacy settings (i.e. parameters the user sets for his account or profile) and dynamically showing a privacy evaluation result for the content of a post if the user is writing the post. The privacy evaluation result for the base privacy settings is shown on the top of the webpage (which evaluated the privacy strategy and the user privacy settings). The privacy evaluation result for the content of a post is shown close to the text content of the post and shows privacy exposition degree of the post.

Fig. 1 is a diagram showing an exemplary view of the web page on the left and legend on the right according to the embodiment of the present invention. In this example, the score indicating the degree of privacy exposition is represented in the form of bar. In the legend, the privacy level indicator, i.e. the bar includes 3 patterns. The pattern of vertical lines means low possibility on privacy exposition, the pattern of horizontal lines means middle possibility on privacy exposition and the pattern of mesh lines means high possibility on privacy exposition. Besides, the length of the bar indicates degree of possibility in exposing privacy. The information symbol i with a circle around it is used to prompt users that there is details about the privacy exposition. When it is clicked, details about the privacy exposition are shown. The settings symbol s with a circle around it is used to prompt users that parameters corresponding to the items of information can be directly accessed by clicking it. When it is clicked, a page of privacy settings is shown for users to configure these parameters. The symbols i and s can be implemented as images with clicking functions. The clicking functions allow invoking other pages or views.

On the top of the exemplary view, the base privacy evaluation result is on the top. The base privacy evaluation result is based on the privacy strategy of the social network, user profile and the user's privacy settings. If the user wants to know the items of information that exposes the privacy, he can click the information symbol. In response to the click, the items of information that exposes the privacy are shown. Besides, in this example, the items of information that the social network collects is also shown. The items in the privacy strategy of the social network cannot be changed by the user. And the social network may revise its privacy strategy from time to time. But the privacy indicator will make the user aware that some parameters of the privacy settings should be set in accordance with the revised privacy strategy, or otherwise, his privacy may be exposed. The settings symbol beside the privacy indicator bar permits the user to set parameters of the privacy settings that have not been set and have possibility to expose user's privacy. In other words, the current values of these parameters have risk in exposing user privacy and are recommended to be modified. In the middle and the bottom of the exemplary view, the privacy indicator for the new post indicates the privacy evaluation result of the user's input. Same as the base privacy indicator, the user can review the privacy exposition information by click the information symbol beside the privacy indicator bar.

Fig. 2 is a diagram showing the content that is presented when the information symbols are clicked according to the embodiment of the present invention. When clicking the information symbol next to the privacy indicator, a page is displayed to show the privacy strategy of the social network and the items of information that exposes privacy in the privacy settings of the user account. Herein, the data of the privacy strategy and the data of the privacy settings can be obtained from the computer of the service provider of the social network. The data of the privacy strategy shows that the parameters or information that the user has inputted is collected and used by the social network provider. In this example, the data of the privacy strategy includes registration information (including his name, address birthday, email...), online activity, the information about the device that the user uses to access the social network, IP address, location information etc. The data of the privacy settings shows parameters of the privacy settings that have values and are visible to the public. In this example, the visible parameters include sex, birthday, email, address, city, phone etc. The privacy indicator and the information symbol in the new post section are automatically updated as text content is being inputted by the user. In this example, the user has typed "I would like to go to Disney tomorrow". Based on the inputted text content, the method analyzes the text content and generates a privacy evaluation result showing what sensitive information is exposed in the post. In this example, the private information is time and place.

If the user would like to modify his privacy settings after the knowledge of what the information is being exposed to the outside, he can directly click the settings symbol to set the parameters, whose current values have potential risks in privacy exposition. Fig. 3 is a diagram showing a page for presenting parameters of privacy settings when the settings symbol is clicked according to the embodiment of the present invention. When the user clicks the settings symbol, the page is shown to list these parameters. The user can check the items if he doesn't want to expose that information to the public, and then click the "save" button to save the new value(s).

Fig. 4 is a block diagram showing a system architecture including a social network application server and a privacy evaluation manager according to the embodiment of the present invention.

To implement the privacy evaluation, the proposed system architecture comprises the social network application server and the privacy evaluation manager. The social network application server comprises modules of social network privacy strategy, user privacy settings and user profile. The privacy evaluation manager comprises modules of structured information retrieval, privacy evaluation data definition, privacy evaluation generator, structured database and user interface. The privacy evaluation generator module further comprises modules of base privacy evaluation and post privacy evaluation. Herein, system architecture is represented in terms of software functions. As to implementation in a device, the non-software data (including privacy strategy, privacy settings, and user profile) is stored in one or more hardware memories of the device, and the software code performing the method of the present invention is executed by one or more hardware processor of the device.

The privacy evaluation manager can be provided by the social network owner, or provided by a third party. For retrieval or extraction privacy related information from the social network, the module of structured information retrieval gets and parses the data provided by the privacy related modules in the social network application server (privacy strategy, user privacy settings and user profile) in a variety of different formats, and generates structured privacy data allowing subsequent processing. Structured data is data that is organized by identifying and separating desired data from the content and saving the desired data in a unified format. In a usual case, the privacy policy is presented in an unstructured or a semi-structured webpage. The structured information retrieval module accesses and analyzes the data provided by privacy policy webpage and forms key-value pairs. Herein, Key-value pairs are frequently used in lookup tables, hash tables and configuration files. A key-value pair is a pair of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data. In the above case, we need retrieve items of information that are collected by the social network web site from the privacy policy webpage. Below shows an example in implementation. In this example, the page of privacy policy contains the text "Information we receive about you:" and "how we use the information we received:" which is followed the usage of the privacy information by the social network. The privacy settings and user profile are also provided by one or more web pages in a HTML or XML format. The structured information retrieval module will extract the privacy information from above three modules in the social network application server, and store processed information in the database. The database can be owned by the social network or by the third party. Herein, the processed information is data in key-value pair format. Specifically, a set of items are obtained from privacy policy page, e.g. online activity, device info, IP address etc... And a set of items are obtained from the user profile, i.e. items of information that the user can input in the user profile page. The join(or called join operation) of the set of items corresponding to the privacy policy and the set of items corresponding to the user profile determines keys in the key-value pairs, i.e. which items are considered in the privacy evaluation process. For each item in the join set, if it has a value in the user profile (i.e. the user has inputted the value for the item) and it is set to open to the other users in the privacy settings, then its value is 1 , or otherwise, its value is 0.

The module of privacy evaluation data definition comprises the predefined structured data. The predefined structured data is used to direct the module of structured information retrieval to extract the desired items from the social network. For a specific social network, a specific data definition is predefined to ensure accuracy. Fox example, we can propose the privacy evaluation data definition for Facebook. The privacy evaluation data definition can be specified by the third party, and/or manually set by the user himself. The data definition can be described as XML file. The module of structured information retrieval extracts the desired data with the help of privacy evaluation data definition and stored the results in the database. For example, the predefined structured data is a set of items that are most likely to be collected by the web site. Each item in the set of items is used to search for identical items in the privacy policy page. After checking all items in the set of items, a subset of items that are found in the privacy policy page are obtained as a set of items for the privacy policy.

The module of privacy evaluation generator includes two sub modules: one is base privacy evaluation, and the other is post privacy evaluation. The base privacy evaluation result is calculated based on the privacy information extracted by the module of structured information retrieval. For example, we assume that twenty parameters of the privacy settings are defined (such as I P address, GPS location, and User name, Sex, Birthday and so on) and all parameters have a same weight. If 20 items are found in the user profile and 4 items that are configured to open to public have values, the key-value pairs includes 20 records, 4 of which has value 1 while 16 has value 0. So the score is 4/20=0.2. The highest score is 1 . We can set that low possibility in privacy exposition corresponds to a range under 0.33; middle possibility corresponds to a range from 0.33 to 0.66; and high possibility corresponds to a range from 0.67 to 1 . The post privacy evaluation result is calculated by analyzing what the user has inputted in the text box, and its score is independent of the base privacy evaluation result. The score just evaluates the current post. In another example, history posts are taken into account when evaluating the score of the current post. The evaluation index includes two parts: one is privacy information from the user profile, such as user name, address, city, location, sex and so on; the other part is the context in the post, such as name, time, action, place and plan. The evaluation algorithm for the post privacy evaluation is same as the base privacy evaluation algorithm. The final score will be shown in the current post editing box.

The module of user interface is configured to display the privacy evaluation results for the user. The base privacy indicator shows the privacy evaluation result relating to the social network itself and user privacy settings. The post privacy indicator shows the privacy evaluation result relating to what the user is posting. The information symbol is used to provide more detailed information to the user about his privacy exposition status; the settings symbol is configured to display the privacy options that the user is suggested to modify.

Fig. 5 is a flow chart showing a method for protecting private information according to the embodiment of the present invention.

In the step 501 , a user registers or signs in a social network named "AAA".

In the step 502, the privacy evaluation service is triggered to be launched. In the step 503, the privacy evaluation manager gets the privacy evaluation data definition. Herein, the privacy evaluation data definition defines a set of items that are most likely to be collected by a web site.

In the step 504, the privacy evaluation manager retrieves a set of items from privacy policy of AAA based on the privacy evaluation data definition. The set of items obtained from the privacy policy is a subset of the set of items of the privacy evaluation data definition.

In the step 505, the privacy evaluation manager uses the set of items in the step 504 as set of items for privacy policy and saves the items on the database in the step 510.

In the step 506, the privacy evaluation manager retrieves user profile and user privacy settings.

In the step 507, the privacy evaluation obtains set of items for the privacy evaluation process and sets values for the set of items, and saves the values on the database in the step 510. As mentioned above, the set of items for the privacy evaluation process is a join of the set of items corresponding to the privacy policy and a set of items obtained from the user profile. The values are determined based on the method mentioned above. For example, only name and email that are exposed to the public have values in the user profile, so in the database the items and their values are organized as name - 1 , email - 1 , address - 0, sex - 0 etc.

In the step 508, the base privacy evaluation is generated according to the stored data. Specifically, a score is generated based on the set of items for privacy evaluation process and their values (i.e. key - value pairs) in the database; information about items that are collected by the web site is generated based on the items obtained in the steps 505 and information about items that exposes privacy is generated based on the set of items for privacy evaluation process, whose values are 1 .

After the step 508, an information symbol is shown on the page. In response to a click on it, a page showing information about items that are collected by the web site and information about items that exposes privacy is displayed to the user. Herein, if there are one or more items that are suggested to modify (i.e. those items having value 1 ), a setting symbol is shown in the page; if there is no parameter, the settings symbol is not shown. After showing the settings symbol, the privacy evaluation manager determines if there is a user input, e.g. a click on the setting symbol. If the user chooses to modify values of these items of the privacy settings by clicking the settings symbol, a settings page comprising the items having the value 1 is shown to allow the user to set values of these items. In response to affirmation of change of settings (e.g. by checking one or more parameter and clicking the save button in the Fig. 3), the privacy evaluation manager informs the social network application server to configure the settings in accordance with the change of settings.

A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made. For example, elements of different implementations may be combined, supplemented, modified, or removed to produce other implementations. Additionally, one of ordinary skill will understand that other structures and processes may be substituted for those disclosed and the resulting implementations will perform at least substantially the same function(s), in at least substantially the same way(s), to achieve at least substantially the same result(s) as the implementations disclosed. Accordingly, these and other implementations are contemplated by this application and are within the scope of the invention as defined by the appended claims.