{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T16:53:09Z","timestamp":1770223989137,"version":"3.49.0"},"reference-count":57,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2018,11,22]],"date-time":"2018-11-22T00:00:00Z","timestamp":1542844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.<\/jats:p>","DOI":"10.3390\/fi10120114","type":"journal-article","created":{"date-parts":[[2018,11,22]],"date-time":"2018-11-22T09:18:25Z","timestamp":1542878305000},"page":"114","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":80,"title":["Privacy and Security Issues in Online Social Networks"],"prefix":"10.3390","volume":"10","author":[{"given":"Shaukat","family":"Ali","sequence":"first","affiliation":[{"name":"Department of Computer Science, Islamia College University, Peshawar 25120, Pakistan"}]},{"given":"Naveed","family":"Islam","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Islamia College University, Peshawar 25120, Pakistan"}]},{"given":"Azhar","family":"Rauf","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Peshawar, Peshawar 25120, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8896-547X","authenticated-orcid":false,"given":"Ikram Ud","family":"Din","sequence":"additional","affiliation":[{"name":"Department of Information Technology, The University of Haripur, Haripur 22620, Pakistan"}]},{"given":"Mohsen","family":"Guizani","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering Department, Qatar University, Doha 2713, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8657-3800","authenticated-orcid":false,"given":"Joel J. P. C.","family":"Rodrigues","sequence":"additional","affiliation":[{"name":"Post-graduation, National Institute of Telecommunications (Inatel), 37540-000 Santa Rita do Sapuca\u00ed-MG, Brazil"},{"name":"Covilh\u00e3 Delegation, Instituto de Telecomunica\u00e7\u00f5es, 1049-001 Lisbon, Portugal"},{"name":"PPGIA, University of Fortaleza (UNIFOR), 90811-905 Fortaleza-CE, Brazil"}]}],"member":"1968","published-online":{"date-parts":[[2018,11,22]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"210","DOI":"10.1111\/j.1083-6101.2007.00393.x","article-title":"Social network sites: Definition, history, and scholarship","volume":"13","author":"Boyd","year":"2007","journal-title":"J. Comput.-Mediat. Commun."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1016\/j.telpol.2015.07.014","article-title":"Social media definition and the governance challenge: An introduction to the special issue","volume":"39","author":"Obar","year":"2015","journal-title":"Telecommun. Policy"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1016\/j.bushor.2009.09.003","article-title":"Users of the world, unite! The challenges and opportunities of Social Media","volume":"53","author":"Kaplan","year":"2010","journal-title":"Bus. Horiz."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Shozi, N.A., and Mtsweni, J. (June, January 30). Big data privacy in social media sites. Proceedings of the 2017 IST-Africa Week Conference (IST-Africa), Windhoek, Namibia, Southern Africa.","DOI":"10.23919\/ISTAFRICA.2017.8102311"},{"key":"ref_5","first-page":"101","article-title":"Privacy as Contextual Integrity","volume":"79","author":"Nissenbaum","year":"2004","journal-title":"Wash. L. Rev."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10672-011-9178-y","article-title":"To Screen or Not to Screen? Using the Internet for Selection Decisions","volume":"24","author":"Davison","year":"2012","journal-title":"Empl. Responsib. Rights J."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1111\/jcc4.12052","article-title":"The \u2018Privacy Paradox\u2019 in the Social Web: The Impact of Privacy Concerns, Individual Characteristics, and the Perceived Social Relevance on Different Forms of Self-Disclosure","volume":"19","author":"Taddicken","year":"2014","journal-title":"J. Comput.-Mediat. Commun."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1051","DOI":"10.1177\/1461444814543995","article-title":"Networked privacy: How teenagers negotiate context in social media","volume":"16","author":"Marwick","year":"2014","journal-title":"New Media Soci."},{"key":"ref_9","first-page":"80","article-title":"I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy","volume":"9","author":"Ashtari","year":"2013","journal-title":"J. Inf. Priv. Secur."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"2019","DOI":"10.1109\/COMST.2014.2321628","article-title":"Online social networks: Threats and solutions","volume":"16","author":"Fire","year":"2014","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/MIC.2007.125","article-title":"Fighting spam on social web sites: A survey of approaches and future challenges","volume":"11","author":"Heymann","year":"2007","journal-title":"IEEE Internet Comput."},{"key":"ref_12","first-page":"8","article-title":"Social media: Opportunity or risk?","volume":"2010","author":"Everett","year":"2010","journal-title":"Comput. Fraud Secur."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Alarm, S., and El-Khatib, K. (2016, January 20\u201322). Phishing Susceptibility Detection through Social Media Analytics. Proceedings of the 9th International Conference on Security of Information and Networks, Newark, NJ, USA.","DOI":"10.1145\/2947626.2947637"},{"key":"ref_14","first-page":"139","article-title":"A survey on detection and prevention of cross-site scripting attack","volume":"9","author":"Nithya","year":"2015","journal-title":"Int. J. Secur. Appl."},{"key":"ref_15","unstructured":"Baltazar, J., Costoya, J., and Flores, R. (2018, October 21). The Real Face of Koobface: The Largest Web 2.0 Botnet Explained. Available online: https:\/\/www.trendmicro.de\/cloud-content\/us\/pdfs\/security-intelligence\/white-papers\/wp_the-real-face-of-koobface.pdf."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Alghamdi, B., Watson, J., and Xu, Y. (2016, January 13\u201316). Toward detecting malicious links in online social networks through user behavior. Proceedings of the IEEE\/WIC\/ACM International Conference on Web Intelligence Workshops, Omaha, NE, USA.","DOI":"10.1109\/WIW.2016.014"},{"key":"ref_17","unstructured":"Protalinski, E. (2018, October 21). Chinese Spies Used Fake Facebook Profile to Friend Nato Officials. Available online: https:\/\/www.zdnet.com\/article\/chinese-spies-used-fake-facebook-profile-to-friend-nato-officials\/."},{"key":"ref_18","unstructured":"Dvorak, J.C. (2018, November 01). LinkedIn Account Hacked. Available online: https:\/\/www.pcmag.com\/article2\/0,2817,2375983,00.asp."},{"key":"ref_19","unstructured":"Miller, S. (2018, November 01). Sen. Grassley\u2019s Twitter Account Hacked by SOPA Protesters. Available online: https:\/\/abcnews.go.com\/blogs\/politics\/2012\/01\/sen-grassleys-twitter-account-hacked-by-sopa-protesters\/."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.dss.2017.09.004","article-title":"Getting phished on social media","volume":"103","author":"Vishwanath","year":"2017","journal-title":"Decis. Support Syst."},{"key":"ref_21","first-page":"26","article-title":"Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies","volume":"1","author":"Fire","year":"2012","journal-title":"Human J."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/TDSC.2015.2479616","article-title":"Towards detecting compromised accounts on social networks","volume":"14","author":"Egele","year":"2017","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Grier, C., Thomas, K., Paxson, V., and Zhang, M. (2010, January 4\u20138). @spam: The underground on 140 characters or less. Proceedings of the 17th ACM conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1866307.1866311"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., and Zhao, B.Y. (2010, January 1\u20133). Detecting and characterizing social spam campaigns. Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, Melbourne, Australia.","DOI":"10.1145\/1879141.1879147"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Thomas, K., Grier, C., Ma, J., Paxson, V., and Song, D. (2011, January 22\u201325). Design and evaluation of a real-time URL spam filtering service. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2011.25"},{"key":"ref_26","unstructured":"Gao, H., Chen, Y., Lee, K., Palsetia, D., and Choudhary, A.N. (2012, January 5\u20138). Towards Online Spam Filtering in Social Networks. Proceedings of the 19th Annual Network & Distributed System Security Symposium, San Diego, CA, USA."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"512","DOI":"10.1007\/s13198-015-0376-0","article-title":"Cross-Site Scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art","volume":"8","author":"Gupta","year":"2017","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1815","DOI":"10.1109\/TIFS.2013.2280884","article-title":"A study of XSS worm propagation and detection mechanisms in online social networks","volume":"8","author":"Faghani","year":"2013","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_29","unstructured":"Lundeen, R., Ou, J., and Rhodes, T. (2018, November 01). New Ways Im Going to Hack Your Web APP. Available online: https:\/\/www.blackhat.com\/html\/bh-ad-11\/bh-ad-11-archives.htmlLundeen."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Ding, X., Zhang, L., Wan, Z., and Gu, M. (2010, January 26\u201328). A brief survey on de-anonymization attacks in online social networks. Proceedings of the IEEE International Conference on Computational Aspects of Social Networks (CASoN 2010), Taiyuan, China.","DOI":"10.1109\/CASoN.2010.139"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Guly\u00e1s, G.G., Simon, B., and Imre, S. (2016, January 24). An Efficient and Robust Social Network De-anonymization Attack. Proceedings of the Workshop on Privacy in the Electronic Society, Vienna, Austria.","DOI":"10.1145\/2994620.2994632"},{"key":"ref_32","unstructured":"Wani, M.A., Jabin, S., and Ahmad, N. (2018, October 29). A sneak into the Devil\u2019s Colony-Fake Profiles in Online Social Networks. Available online: https:\/\/arxiv.org\/ftp\/arxiv\/papers\/1705\/1705.09929.pdf."},{"key":"ref_33","unstructured":"Perlroth, N. (2018, November 01). Fake Twitter Followers Become Multimillion-Dollar Business. Available online: https:\/\/bits.blogs.nytimes.com\/2013\/04\/05\/fake-twitter-followers-becomes-multimillion-dollar-business\/?_php=true&_type=blogs&ref=technology&_r=0."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Kharaji, M.Y., Rizi, F.S., and Khayyambashi, M.R. (arXiv, 2014). A New Approach for Finding Cloned Profiles in Online Social Networks, arXiv.","DOI":"10.5121\/ijnsa.2014.6107"},{"key":"ref_35","unstructured":"Lewis, J. (The Telegraph, 2012). How spies used Facebook to Steal NATO Chief\u2019s Details, The Telegraph."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1849","DOI":"10.1109\/TKDE.2012.120","article-title":"Preventing private information inference attacks on social networks","volume":"25","author":"Heatherly","year":"2013","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_37","unstructured":"Viswanath, B., Bashir, M.A., Crovella, M., Guha, S., Gummadi, K.P., Krishnamurthy, B., and Mislove, A. (2014, January 20\u201322). Towards Detecting Anomalous User Behavior in Online Social Networks. Proceedings of the USENIX Security Symposium, San Diego, CA, USA."},{"key":"ref_38","unstructured":"Torabi, S., and Beznosov, K. (2013, January 12). Privacy Aspects of Health Related Information Sharing in Online Social Networks. Proceedings of the 2013 USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies, Washington, DC, USA."},{"key":"ref_39","unstructured":"Scism, L., and Maremont, M. (The Wall Street Journal, 2010). Insurers Test Data Profiles to Identify Risky Clients, The Wall Street Journal."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1111\/j.1083-6101.2007.00399.x","article-title":"Mobile social networks and social practice: A case study of Dodgeball","volume":"13","author":"Humphreys","year":"2007","journal-title":"J. Comput.-Mediat. Commun."},{"key":"ref_41","first-page":"10","article-title":"A study on cyberstalking: Understanding investigative hurdles","volume":"72","author":"Doyle","year":"2003","journal-title":"FBI Law Enforc. Bull."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"194","DOI":"10.13189\/ujph.2015.030504","article-title":"Exploring Cyber Harassment among Women Who Use Social Media","volume":"3","author":"Walker","year":"2015","journal-title":"Univers. J. Public Health"},{"key":"ref_43","first-page":"125","article-title":"User Profiling: A Privacy Issue in Online Public Network","volume":"49","author":"Ali","year":"2017","journal-title":"Sindh Univ. Res. J. (Sci. Seri.)"},{"key":"ref_44","first-page":"113","article-title":"Towards a theoretical model of social media surveillance in contemporary society","volume":"40","author":"Fuchs","year":"2015","journal-title":"Commun. Eur. J. Commun. Res."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Gross, R., and Acquisti, A. (2005, January 7\u201310). Information revelation and privacy in online social networks. Proceedings of the 2005 ACM workshop on Privacy in the Electronic Society, Alexandria, VA, USA.","DOI":"10.1145\/1102199.1102214"},{"key":"ref_46","unstructured":"Zhang, W., and Al Amin, H. (2015, January 9\u201311). Privacy and security concern of online social networks from user perspective. Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP2015), ESEO, Angers, Loire Valley, France."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1016\/j.cose.2010.08.003","article-title":"Semantic web-based social network access control","volume":"30","author":"Carminati","year":"2011","journal-title":"Comput. Secur."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Strater, K., and Richter, H. (2007, January 18\u201320). Examining privacy and disclosure in a social networking community. Proceedings of the 3rd Symposium on Usable Privacy and Security, Pittsburgh, PA, USA.","DOI":"10.1145\/1280680.1280706"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1057\/ejis.2013.17","article-title":"Cultural and generational influences on privacy concerns: A qualitative study in seven European countries","volume":"23","author":"Miltgen","year":"2014","journal-title":"Eur. J. Inf. Syst."},{"key":"ref_50","unstructured":"Fletcher, D. (2018, November 10). How Facebook Is Redefining Privacy. Available online: http:\/\/content.time.com\/time\/magazine\/article\/0,9171,1990798,00.html."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Madejski, M., Johnson, M., and Bellovin, S.M. (2012, January 19\u201323). A study of privacy settings errors in an online social network. Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops, Lugano, Switzerland.","DOI":"10.1109\/PerComW.2012.6197507"},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"498","DOI":"10.1016\/j.tele.2016.10.009","article-title":"The future of online social networks (OSN): A measurement analysis using social media tools and application","volume":"34","author":"Penni","year":"2017","journal-title":"Telemat. Inform."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"556","DOI":"10.1016\/j.comnet.2012.06.006","article-title":"Design and analysis of a social botnet","volume":"57","author":"Boshmaf","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MNET.2010.5578913","article-title":"Understanding the behavior of malicious applications in social networks","volume":"24","author":"Makridakis","year":"2010","journal-title":"IEEE Netw."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1145\/3017427","article-title":"The evolution of android malware and android analysis techniques","volume":"49","author":"Tam","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_56","unstructured":"Provos, N., McNamee, D., Mavrommatis, P., Wang, K., and Modadugu, N. (2007, January 10). The Ghost in the Browser: Analysis of Web-based Malware. Proceedings of the First Workshop on Hot Topics in Understanding Botnets (HotBots\u201907), Cambridge, MA, USA."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Chaabane, A., Ding, Y., Dey, R., Kaafar, M.A., and Ross, K.W. (2014, January 10\u201311). A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information?. Proceedings of the 15th International Conference on Passive and Active Network Measurement, Los Angeles, CA, USA.","DOI":"10.1007\/978-3-319-04918-2_23"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/12\/114\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:31:23Z","timestamp":1760196683000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/12\/114"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11,22]]},"references-count":57,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2018,12]]}},"alternative-id":["fi10120114"],"URL":"https:\/\/doi.org\/10.3390\/fi10120114","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11,22]]}}}