Human Aspects of Information Security, Privacy, and Trust

The purpose of this paper is to propose a preliminary framework for supporting usable security on the World Wide Web through adaptivity in user interface designs. In particular we elaborate the concept of “Adaptive Usable Security” and suggest that it is a promising research area aiming to organize and present information and functionalities in an adaptive format to diverse user groups, by using different levels of abstractions through appropriate interaction styles, terminology, information presentation and user modeling techniques related to security and/or privacy preserving tasks. Furthermore, we present components of a preliminary framework aiming to provide guidance in developing “adaptive usable secure” interactive systems. The results and implications of this paper can be considered valuable in elaborating a common architecture for future deployment of adaptive usable security systems on a variety of application areas and services through the World Wide Web.

Proactive cyber-security tools provide basic protection as today’s cyber-criminals utilize legitimate traffic to perform attacks and remain concealed quite often until it is too late. As critical resources, hidden behind layers of cyber-defenses, can still become compromised with potentially catastrophic consequences, it is of paramount significance to be able to identify cyber-attacks and prepare a proper defense as early as possible. In this paper we will go over the architecture, deployment and usefulness of a distributed network of honeypots that relies on darknets to obtain its data. As we have envisioned that such a system has the potential to detect large scale events as early as possible we have adopted the name Early Warning Intrusion System (EWIS).

Post-incident analysis of a security event is a complex task due to the volume of data that must be assessed, often within tight temporal constraints. System software, such as operating systems and applications, provide a range of opportunities to record data in log files about interactions with the computer that may provide evidence during an investigation. Data visualization can be used to aid data set interpretation and improve the ability of the analyst to make sense of information. This paper posits a novel methodology that visualizes data from a range of log files to aid the investigation process. In order to demonstrate the applicability of the approach, a case study of identification and analysis of attacks is presented.

The balance between security and usability must be addressed as early as possible in the Software Development Life Cycle (SDLC) to ensure the inclusion of usable-security in software products. Unfortunately, there has been little research on assessing and integrating security, usability, and usable-security during the requirements engineering phase of the SDLC. To address that deficiency, this paper proposes an Assessment Framework for Usable-Security (AFUS) based on two well-known techniques from the decision science field.

We argue that there will be an increasing future need for the design and implementation of declarative languages that can aggregate trust evidence and therefore inform the decision making of IT systems at run-time. We first present requirements for such languages. Then we discuss an instance of such a language,

Peal

 + 

, which extends an early prototype

Peal

that was researched by others in collaboration with us. Next, we formulate the intuitive semantics of

Peal

 + 

, present a simple use case of it, and evaluate to what extent

Peal

 + 

meets our formulated requirements. In this evaluation, particular attention is given to the usability aspects of declarative languages that mean to aggregate trust evidence.

As one of the advanced Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHAs), the CAPTCHA using mental rotation has been proposed. Mental rotation is an advanced human-cognitive-processing ability to rotate mental representations of “one” single 2D/3D object. However, as have already been reported, the mental rotation CAPTCHA can be overcome by pattern matching and/or machine learning. Therefore, this paper proposes to enhance the mental rotation CAPTCHA by using “two” distinct 3D objects in the task of mental rotation, which we call “sophisticated mental rotation”. We implemented a prototype of the sophisticated mental rotation CAPTCHA, and carried out basic experiments to confirm its usability. Also, we conducted a comparison between the proposed CAPTCHA and existing CAPTCHAs. The obtained results were satisfactory.

Non-compliance with security mechanisms and processes poses a significant risk to organizational security. Current approaches focus on designing systems that restrict user actions to make them ‘secure’, or providing user interfaces to make security tools ‘easy to use’. We argue that an important but often-neglected aspect of compliance is trusting employees to ‘do what’s right’ for security. Previous studies suggest that most employees are intrinsically motivated to behave securely, and that contextual elements of their relationship with the organization provide further motivation to stay secure. Drawing on research on trust, usable security, and economics of information security, we outline how the organization-employee trust relationship can be leveraged by security designers.

QR (Quick Response) codes are two-dimensional barcodes with the ability to encode different types of information. Because of their high information density and robustness, QR codes have gained popularity in various fields of application. Even though they offer a broad range of advantages, QR codes pose significant security risks. Attackers can encode malicious links that lead e.g. to phishing sites. Such malicious QR codes can be printed on small stickers and replace benign ones on billboard advertisements. Although many real world examples of QR code based attacks have been reported in the media, only little research has been conducted in this field and almost no attention has been paid on the interplay of security and human-computer interaction. In this work, we describe the manifold use cases of QR codes. Furthermore, we analyze the most significant attack scenarios with respect to the specific use cases. Additionally, we systemize the research that has already been conducted and identified usable security and security awareness as the main research challenges. Finally we propose design requirements with respect to the QR code itself, the reader application and usability aspects in order to support further research into to making QR code processing both secure and usable.

This case study talks about a mobile security app design that we worked on for one of our clients. In this project we made an attempt at to look at design as a game changer for the product’s strategy; and not just a mere tool for beautification of the UI. Through research and design we have tried to find an answer to the apprehensions that users have about mobile security. We have tried to create a security app that has a warm and friendly look and feel; and we hope this might reduce the anxiety on a non tech savvy user’s mind while engaging with it. We have attempted to raise the product’s emotional design quotient by integrating product’s UI and content strategy with very simple gamification elements. With this change in product perception we hope to drive the ROI in terms of a rise in user adoption, conversion and retention rates.

With the dramatic shift of internet use away from desktop and laptop PCs toward smartphones and tablets, protection thresholds for application, device and communication security have significantly lowered. Most attempts on reversing this situation by means of converting standard mobile devices into tamper-proof equipment have proven to leave ample space for vulnerability of mobile processes and communication content. The only high efficacy method of sheltering against spying and fraud is seen in a new approach where a dedicated piece of discrete hardware is tasked with all security related operations while the standard cell phone or tablet remains unchanged, providing only its connectivity capabilities. The increasing cost caused by e.g. fraud in the area of mobile banking provides the background to economically justify this effort, which can in parallel support many other areas of mobile security.

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism’s design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.

Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password, using the password to authenticate, then to the end of the lifespan of the password when it needs to be changed. We develop a cognitive-behavioral framework depicting the cognitive activities that users perform within each stage, and how the stages interact with the human information processor, i.e. memory and attention resources. Individual factors are also represented in the framework such as attitudes, motivations, and emotions that can affect users’ behaviors during the password management lifecycle. The paper discusses cognitive and behavioral activities throughout the lifecycle as well as the associated economics. We show the importance of a holistic approach in understanding users’ password behaviors and the framework provides guidance on future research directions.

Passwords are the most common form of authentication. The password memorability problem is magnified with increasing number of systems users have to access. Graphical authentication systems (GASs) have received significant attention as one potential alternative to alphanumeric passwords to provide more usable authentication. In this paper we review all the existing work which had explored the memorability of multiple graphical passwords. The review reveals that human memory capabilities should not be overestimated and the password memorability problem remains unsolved, even when graphical passwords are employed. Hence we propose a novel graphical authentication system with certain new security features which could solve the problem. This paper will be of interest to Human Computer Interaction-Security researchers investigating approaches to usable and secure authentication techniques.

In this paper we propose an e-voting authentication scheme combined with QR-codes and visual cryptography. We focus on the usability, in order to supply voters with less technical experience with a usable scheme. The only requirement is that the user needs to handle a device containing a QR-code reader, most probably a smartphone. This approach is based on visual cryptography as the work horse: The e-voting passwords for authentication are encoded as QR-codes and later encrypted into shadow transparencies. Thus, the transparency by itself conveys no information but when the layers are combined, the secret password is revealed.

Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords — an already burdensome task on desktop computing systems —becomes nearly unbearable on small mobile touchscreens. Complex passwords require numerous screen depth changes and are problematic both motorically and cognitively. Here we present baseline data on device- and age-dependent differences in human performance with complex passwords, providing a valuable starting dataset to warn that simply porting password requirements from one platform to another (i.e., desktop to mobile) without considering device constraints may be unwise.

Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.

The password the almost universal authentication solution yet is buckling under the strain. It demonstrates insufficiency and weakness due to poor choice, reuse and ease of transfer. Graphical passwords, biometrics, and hardware tokens have been suggested as alternatives. Industry has, unfortunately, not embraced these alternatives. One possible explanation is the complexity of the choice process. To support authentication decision-markers we suggest a framework called ACCESS (Authentication ChoiCE Support System) which captures requirements, consults a knowledge base of existing authentication mechanisms and their properties, and suggests those mechanisms that match the specified requirements.

Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of passwords. The thinking is that longer passwords will result in greater “entropy,” or randomness, making them more difficult to guess. The greater complexity requires inclusion of upper- and lower-case letters, numerals, and special characters. How users interact and cope with passwords of different length and complexity is a topic of significant interest to both the computer science and cognitive science research communities.

Using experimental methodology from the behavioral sciences, we set out to answer the following question: how memorable are complex character strings of different lengths that might be used as higher-entropy passwords? In this experiment, participants were asked to memorize a series of ten different character strings and type them repeatedly into a computer program. Character string lengths varied and the random characters were made up of alphanumeric and special characters in order to mimic passwords. Not surprisingly, our findings indicate that the longer a character string is, the longer it takes for a person to recall it, and the more likely they are to make an error when trying to re-type that string. These effects are particularly pronounced for strings of eight to ten characters or longer.

Access to healthcare is not a new issue, but it has been only in the last few years that it has gained significant traction with the federal government passing a number of laws to greatly enhance the exchange of medical information between all relevant parties: patients, providers, and payers. This research focuses specifically on these issues by examining industry compliance to the Health Insurance Portability and Accountability Act, electronic health record adoption, and the federal Meaningful Use program; all from the healthcare provider’s perspective. While many plans have been made, guidelines created, and national strategies forged, there are significant gaps in how actual technology will be applied to achieve these goals. The goal of this research is to bridge the gap from regulation to practice in a number of key technological areas of healthcare information security. Using standardized frameworks, this research proposes how accessibility, efficiency, and integrity in healthcare information security can be improved.

Creating security architectures and processes that directly interact with consumers, especially in consumer electronics, has to take into account usability, user-experience and skill level. Smart cards provide secure services, even in malicious environments, to end-users with a fairly straightforward limited usage pattern that even an ordinary user can easily deal with. The way the smart card industry achieves this is by limiting users’ interactions and privileges on the smart cards they carry around and use to access different services. This centralised control has been the key to providing secure and reliable services through smart cards, while keeping the smart cards fairly useable for end-users. However, as smart cards have permeated into every aspect of modern life, users have ended up carrying multiple cards to perform mundane tasks, making smart card-based services a cumbersome experience. User Centric Smart Cards (UCSC) enable users to have all the services they might be accessing using traditional smart cards on a single device that is under their control. Giving ”freedom of choice” to users increases their privileges, but the design requirement is to maintain the same level of security and reliability as traditional architectures while giving better user experience. In this paper, we will discuss the challenges faced by the UCSC proposal in balancing security with usability and ”freedom of choice”, and how it has resolved them.

Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.

End user development has grown in strength during the last decades. The advantages and disadvantages of this phenomenon have been debated over the years, but not extensively from an information security culture point of view. We therefore investigate information security design decisions made by an end user during an end user development project. The study is interpretative and the analysis is structured using the concept of inscriptions. Our findings show that end user development results in inscriptions that may induce security risks that organizations are unaware of. We conclude that it is a) important to include end user development as a key issue for information security management, b) to include end user developers as an important group for the development of a security-aware culture, and c) to address information security aspects in end user development policies.

This paper addresses the importance of continuously evaluating an organization’s awareness program and provides guidelines that will help organizations assess their efforts, extending the authors’ work in [1]. The proposed methodology evaluates an awareness program considering the most common and essential methods used for delivering awareness material. Key awareness-related processes and accompanying quantitative metrics are identified, along with a methodology for dynamically evaluating the metrics and the overall awareness program as a whole. A software tool is developed, to facilitate the deployment and maintenance of the assessment methods and to formalize their aggregation and evaluation. An organization’s security awareness posture is modelled as a dynamic system and the awareness level is calculated and monitored through time via Event Calculus. Furthermore, the tool can be deployed in a multi-agent form, to enable its use by organizations operating through remote offices and distributed locations.

Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners’ experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed.

There has been significant interest in the identification and profiling of insider threats, attracting high-profile policy focus and strategic research funding from governments and funding bodies. Recent examples attracting worldwide attention include the cases of Chelsea Manning, Edward Snowden and the US authorities. The challenges with profiling an individual across a range of activities is that their data footprint will legitimately vary significantly based on time and/or location. The insider threat problem is thus a specific instance of the more general problem of profiling complex behaviours. In this paper, we discuss our preliminary research models relating to profiling complex behaviours and present a set of experiments related to changing roles as viewed through large-scale social network datasets, such as Twitter. We employ psycholinguistic metrics in this work, considering changing roles from the standpoint of a trait-based personality theory. We also present further representations, including an alternative psychological theory (not trait-based), and established techniques for crime modelling, spatio-temporal and graph/network, to investigate within a wider reasoning framework.

Safeguarding and securing information assets is critical and challenging for organizations using information system to support their key business processes.

Information Security Management System (ISMS)

defines to setup a solid security framework and regulates systematic way how securely information system can use its resources. However technical advancements of information security do not always guarantee the overall security. All kinds of

human factors

can deeply affect the management of security in an organizational context despite of all security measures. But analyzing, modeling, quantifying and controlling human factors are difficult due to their subjective and context specific nature. This is because individuals tend to have distinct degree of personal and social status. This papers attempts to propose a conceptual framework for analyzing and reasoning three main human factors in an organizational context that supported by goal-modeling language based on concepts of human factors, driving and resisting forces of Force-Field Analysis (FFA) tool, goals, risks, vulnerability, controls, and Threats. This framework is beneficial to better understanding of human factors in the process of ISMS that eventually leads to reasoning a rationale change in organizational context whilst providing reasonable metrics for security. One would be ROI issue that is concern of all organization.

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a attacker. We identify research questions about possible factors that may affect user’s security decisions, and propose experiments to answer them.

We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse technical and social vulnerabilities. We show how to apply the framework in a use case scenario.

With more than 6.3 billion subscribers around the world, mobile de-vices play a significant role in people’s daily life. People rely upon them to carry out a wide variety of tasks, such as accessing emails, shopping online, micro-payments and e-banking. It is therefore essential to protect the sensitive information that is stored on the device against misuse. The majority of these mobile devices are still dependent upon passwords and Personal Identification Numbers (PIN) as a form of user authentication. However, the weakness of these point-of-entry techniques is well documented. Furthermore, current point-of-entry authentication will only serve to provide a one-off authentication decision with the time between an authentication and access control decision effectively becoming independent. Through transparent authentication, identity verification can be performed continuously; thereby more closely associating the authentication and access control decisions. The challenge is in providing an effective solution to the trade-off between effective security and usability.

With the purpose of providing enhanced security, this paper describes a behavioural profiling framework, which utilizes application or service usage to verify individuals in a continuous manner. In order to examine the effectiveness a series of simulations were conducted by utilising real users’ mobile applications usage. The dataset contains 76 users’ application activities over a four-week period, including 30,428 log entries for 103 unique applications (e.g. telephone, text message and web surfing). The simulations results show that the framework achieved a False Rejection Rate (FRR) of 12.91% and a False Acceptant Rate (FAR) of 4.17%. In contrast with point of entry approaches, the behavioural profiling technique provides a significant improvement in both device security and user convenience. An end-user trial was undertaken to assist in investigating the perceptions surrounding the concept of behavioural profiling technique – an approach that is conceptually associated with privacy concerns. The survey revealed that participants were strongly in favour (71%) of using the behavioural approach as a supplement of the point-of-entry technique to protect their devices. The results also provided an interesting insight into the perceived privacy issues with the approach, with 38% of the participants stating they do not care about their personal information being recorded.

On the one hand, an access control mechanism must make a conclusive decision for a given access request. On the other hand, such a mechanism usually relies on one or several decision making processes, which can return partial decisions, inconclusive ones, or conflicting ones. In some cases, this information might not be sufficient to automatically make a conclusive decision, and the access control mechanism might have to involve a human expert to make the final decision. In this paper, we formalise these decision making processes as

quantitative access control systems

, which associate each decision with a measure, indicating for instance the level of confidence of the system in the decision. We then propose to explore how nudging, i.e., how modifying the context of the decision making process for that human expert, can be used in this context. We thus formalise when such a delegation is required, when nudging is applicable, and illustrate some examples from the MINDSPACE framework in the context of access control.

Today, users share large amounts of information about themselves on their online social networks. Besides the intended information, this sharing process often also “leaks” sensitive information about the users - and by proxy - about their peers. This study investigates the effect of awareness about such leakage of information on user behavior. In particular, taking inspiration from “second-hand smoke” campaigns, this study creates “social awareness” campaign where users are reminded of the information they are leaking about themselves and their friends. The results indicate that the number of users disallowing the access permissions doubles with the social awareness campaign as compared to a baseline method. The findings are useful for system designers considering privacy as a holistic social challenge rather than a purely technical issue.

Computer users are often referred to, rather disparagingly as “the weakest link” in information security. This resonates with the frus- tration experienced by organisations who are doing their best to secure their systems, only to have an employee compromise everything with an insecure act. Organisations put a great deal of effort into education and training but it has become clear that this, on its own, is not sufficient. A wide range of relevant literature has been consulted in order to produce a model that reflects the process from ignorance to actual behaviour, and to highlight the factors that play a role in this pathway. This is the pri- mary contribution of this paper. The model introduces the notion of two gulfs. The gulf of evaluation has the undecided user at one side, at the other a user with an intention to behave securely. A set of factors that help to bridge the gulf have been identified from the research literature. The second gulf is called the gulf of execution, which has to be bridged, assisted or deterred by a number of factors, so that users will convert intentions to actual behaviours. Interestingly, one of the factors that play a role in bridging both gulfs is security culture. Particular attention is paid to this factor and its role in encouraging secure behaviour.

In this work, we present the first statistical results on users’ understanding, usage and acceptance of a privacy-enhancing technology (PET) that is called “attribute-based credentials”, or Privacy-ABCs. We identify some shortcomings of the previous technology acceptance models when they are applied to PETs. Especially the fact that privacy-enhancing technologies usually assist both, the primary and the secondary goals of the users, was not addressed before. We present some interesting relationships between the acceptance factors. For example, understanding of the Privacy-ABC technology is correlated to the perceived usefulness of Privacy-ABCs. Moreover, perceived ease of use is correlated to the intention to use the technology. This confirms the conventional wisdom that understanding and usability of technology play important roles in the user adoption of PETs.

Social network sites (SNS) are powerful technologies to bring people together and share information, changing the way society interacts in contemporary days. SNS such as Facebook have grown in popularity in recent years, reaching 1,3 billion monthly active users. However, as this network helps to make the world more open and connected, participants inevitably end up losing control over the extent that their personal information may reach among people that belong to their social circle or not. In this context we present +PrivacyCTRL, a model to enhance privacy controls on SNS, which supports the design of privacy settings in order to give users more autonomy over what they publish in these networks. +PrivacyCTRL was applied – via paper prototype technique – to three well-known SNS and showed promise in clarifying the privacy settings and improving the user’s choice about what to reveal and to whom.

Advances in information technology have simplified many processes in our lives. However, in many cases trust issues arise when new technology is introduced, and voting is one prominent example. To increase voters’ trust, current e-voting systems provide paper audit trails (PATs) which enable automatic tally and/or manual audit of the election result. PATs may contain only the encrypted vote or the plaintext vote in human-readable and/or machine-readable format. Previous studies report voter privacy concerns with PATs containing additional information (e.g. QR-Codes) other than the human-readable plaintext vote. However, omitting such PATs negatively influences security and/or efficiency. Hence, to address these concerns we applied the coping and threat appraisal principles of the protection motivation theory in the communication process. We evaluated them in separate surveys focused on the EasyVote system [15]. Results show that the coping appraisal is more promising than the threat appraisal approach. While our findings provide novel directions on addressing privacy concerns in the e-voting context, corresponding limitations need to be considered for future user studies.

In this position paper, we propose a new approach to privacy decision-making that relies on conceptual representations of mental models. We suggest that helping users to construct mental models of privacy will facilitate privacy decisions and hence contribute towards usable privacy. We advance that usable privacy research will benefit from qualitative and quantitative user studies that first elicit users’ mental models of privacy and second aim to build a composite model of the concept maps of users’ mental models. The links between the concept maps and deductive and inductive reasoning, and System 1 and 2 of the dual-process theory, are thought to potentially provide valuable insights for future usable privacy research. We also propose that the composite model might provide routes to privacy decisions and enable us to develop strategies akin to nudges aimed towards facilitating privacy behaviour.

This paper explores the content themes and provision structures of the website privacy policies of a nonrandom sample of comparable universities across the United States. Because these organizations collect, analyze, and manage personal information via digital media, it is important to evaluate the legal content and usability of their privacy policies. The issue is complex, because technology continues to advance, privacy policy standards continue to evolve, and the law is unclear on many aspects of privacy. Furthermore, the education sector lags industry in its implementation of privacy and security programs. A content analysis was conducted to identify patterns in legal provisions, general usability, and communication of sixteen university web privacy policies. This approach revealed what universities disclose about their information practices and user rights. The results reveal the commonalities of how web privacy policies are structured, what concepts are presented, and what information is absent. Additionally, recommendations are shared regarding how to develop comprehensive online privacy policies appropriate for higher education.

Online Social Networks (OSNs) such as Facebook, Twitter, and so on recently are major impact in communication and social interaction. Users can share any information with others. However, they have concerns about losing privacy due to lack of an adequate privacy protection provided by the OSNs. The information posted by the user (owner) might leak to unwanted target users. Especially, when collaborative information (e.g. text, photo, video, link), which has associated with the owner and multiple users (co-owners) in the real world, is posted into the OSNs, the co-owners do not have permission to control and might not be aware their information that is being managed by others. To overcome, collective privacy protection (CPP) is proposed to balance between the collaborative information sharing and the privacy protection for the owner and co-owners by majority vote. It enables the owner to create the privacy policy and the co-owners to make a decision in the privacy policy by vote. It additionally identifies and solves the privacy conflicts because at least one co-owner intends to keep private.