Modeling interdependent privacy threats

TL;DR

This paper introduces a new threat modeling methodology specifically designed to identify and mitigate interdependent privacy threats in social networks and third-party applications, addressing gaps in existing frameworks.

Contribution

The paper presents IDPA, a novel threat modeling approach focused on interdependent privacy risks, and demonstrates its effectiveness through a case study on WeChat.

Findings

IDPA uncovers privacy risks overlooked by traditional models.

Case study shows IDPA's practical applicability in real-world systems.

Highlights the importance of modeling interdependent privacy in social platforms.

Abstract

The rise of online social networks, user-gene-rated content, and third-party apps made data sharing an inevitable trend, driven by both user behavior and the commercial value of personal information. As service providers amass vast amounts of data, safeguarding individual privacy has become increasingly challenging. Privacy threat modeling has emerged as a critical tool for identifying and mitigating risks, with methodologies such as LINDDUN, xCOMPASS, and PANOPTIC offering systematic approaches. However, these frameworks primarily focus on threats arising from interactions between a single user and system components, often overlooking interdependent privacy (IDP); the phenomenon where one user's actions affect the privacy of other users and even non-users. IDP risks are particularly pronounced in third-party applications, where platform permissions, APIs, and user behavior can lead to unintended and unconsented data sharing, such as in the Cambridge Analytica case. We argue that existing threat modeling approaches are limited in exposing IDP-related threats, potentially underestimating privacy risks. To bridge this gap, we propose a specialized methodology that explicitly focuses on interdependent privacy. Our contributions are threefold: (i) we identify IDP-specific challenges and limitations in current threat modeling frameworks, (ii) we create IDPA, a threat modeling approach tailored to IDP threats, and (iii) we validate our approach through a case study on WeChat. We believe that IDPA can operate effectively on systems other than third-party apps and may motivate further research on specialized threat modeling.