Gupta Vivek PDF

VIVEK GUPTA
EDUCATING SOCIAL NETWORKING USERS
Educating Social Networking Users
A thesis submitted to the University of Plymouth in partial fulfillment of the requirements

for the degree of Masters of Science
Project Supervisor: Maria Papadaki

Vivek Gupta
September 2011
School of computing, communications and Electronics

Faculty of Technology
University of Plymouth
VIVEK GUPTA
ACKNOWLEDGEMENT
I would really thank to my supervisor Maria Papadaki, School of Computing, Communications

and Electronics at University of Plymouth, United Kingdom for her valuable time and the
guidance. It would have been really impossible to complete the research without her advice and
help. The ideas discussed in the meetings really helped me a lot in completing the research. Also
she provided me with useful links and resources which were really helpful in the end.
I would also like to thank my parents and all my family members who always supported me and
believed me in completing my masters.
VIVEK GUPTA
INDEX
Chapter 1: Introduction ............................................................................................................... 2
1.1 Justification for the project:................................................................................................... 3
1.2 Aims and Objectives of the project ....................................................................................... 3
1.3 Thesis Structure ..................................................................................................................... 4
Chapter 2: Overview of Social Networking Sites ....................................................................... 6

2.1 What are Social networking sites.
2.2 Threats on social networking sites .. 10

2.2.1 Needs of attackers ......................................................................................................... 10
2.2.1.1 Jokes....................................................................................................................... 10
2.2.1.2 Have a control on others computers ..................................................................... 11
2.2.1.3 Personal Identity .................................................................................................... 11
2.2.1.4 Company Information ............................................................................................ 11
2.2.1.5 Money related attacks ............................................................................................ 12
2.2.2 Different Threats........................................................................................................... 12
2.2.2.1 Breaches from service providers ............................................................................ 12
2.2.2.2 Spam ...................................................................................................................... 12
2.2.2.3 Phishing.................................................................................................................. 13
2.2.2.4 Malware ................................................................................................................. 14
2.2.2.5 Third Party application breaches ........................................................................... 15
2.2.2.6 Worms .................................................................................................................... 15
2.2.2.7 Digital Dossier Aggregation .................................................................................. 17
2.2.2.8 Face Recognition and CBIR .................................................................................. 17
2.2.2.9 Complete Deletion of account is not possible........................................................ 18
2.3 The need for educating social networking users about privacy .......................................... 18
Chapter 3: Literature Review .................................................................................................... 20

3.1 Introduction ......................................................................................................................... 21
3.2 Background ......................................................................................................................... 21
VIVEK GUPTA
3.3 Analysis ............................................................................................................................... 23

3.4 Critical Analysis .................................................................................................................. 26
3.5 Conclusion . 26
Chapter 4: Security Guidelines and Awareness..
28
4.1 Security Guidelines ............................................................................................................. 29

4.1.1 Converging on Microsoft: 12 tips for safe social networking (Ashley, 2008) ............. 29
4.1.2 Cyber security tip: Staying safe on social networking sites (US-CERT,
2011)...
31
4.1.3 National Cyber security Alliance: Social networking (Stay ......................................... 32

Safe online, 2011) .................................................................................................................. 32
4.2 User Awareness ................................................................................................................... 34
4.3 Media Presentation .............................................................................................................. 36
4.4 Security Improvements ....................................................................................................... 36
Chapter 5: Research Methodology &Design of the game ....................................................... 39

5.1 Introduction ......................................................................................................................... 40
5.2 Research Methodology........................................................................................................ 40
5.3 Different Scenarios of the game .......................................................................................... 42
5.3.1 Do not share your SNS password with anyone ............................................................ 42
5.3.2 Avoid adding strangers on SNS.................................................................................... 42
5.3.3 Avoid putting sensitive information and also always customize your privacy settings 42
5.4 Choosing the above scenarios for the game concept... 43
5.5 Design of the game .............................................................................................................. 44
5.6 Game flow ........................................................................................................................... 45
5.7 How the user learns from the game or gets educated by the game 49
Chapter 6: Results and Analysis................................................................................................ 51

6.1 Introduction ......................................................................................................................... 52
6.2 Results. 52
VIVEK GUPTA
6.2.1. Section 1 ...................................................................................................................... 52

6.2.1 Section 2 ....................................................................................................................... 62
6.2.3. Section 3 ...................................................................................................................... 62
6.3 Discussion on the Results.................................................................................................... 66
6.4 Impact Summary ................................................................................................................. 70
6.5 Academic Impact................................................................................................................. 71
6.6 Dissemination and Exploitation .......................................................................................... 71
Chapter 7: Conclusions......................................................................................... .. 72
7.1 Inferences 73
7.2 Limitations.. 74
7.3 Future work.
75
References . 76
Appendix 1 .. 81
Appendix 2 83
Appendix 3 .. 85
VIVEK GUPTA
List of Figures
Figure
Description
Launch of major social networking sites
Problem for Scams
Problem for Phishing
Problem for Malware
Worm spread with support of Adobe Flash
Overview Of Selected Social networking Sites
7a
Game Board
7b
Relationship between time spent and Score
Graph showing concerned users on SNS
Graph showing User Awareness
10
introductory page for the game
11
Start of the game page
12
Page where the user has to enter his credentials
13
The friend uploads a funny photo on the user profile
14
Moral of the story for the game
15
Respondents Gender
16
Respondents Profession
17
Respondents answer on member of SNS
18
Number of SNS used by respondents
19
The most popular SNS used by respondents
20
Time spent on SNS by respondents
21
Information included on SNS by respondents
22
Respondents response on accepting strangers on SNS
23
Choosing password for SNS
24
Criteria used by respondents to choose password
25
Respondents reply on change of password
26
Respondents answer on sharing their passwords with anyone
27
Respondents reply on considering situation on sharing passwords
VIVEK GUPTA
28
Respondents answer for choosing password
29
Selection criteria used by respondents after the game
30
Respondents response on changing their password after the game
31
Respondents reply on the scenario justification
32
Showing what the user will do in a particular situation
33
Showing what the user will do in a particular situation
34
Comparison of Fig 23 & 28
35
36
37a
Respondents reply on sharing their credentials
37b
Respondents reply on justification of the scenario
List of tables
No
Description
Summary of Security Guidelines
Experiences with privacy settings
VIVEK GUPTA
ABSTRACT
Tremendous increase has been noticed in the growth of social networking sites in which millions
of users take part and register their accounts. It is very easy to create a personal profile on the
social networking sites which mainly consists of the personal data. So it is important for each
and every user to keep their personal information hidden from other users on these social
networking sites. Users knowingly or unknowingly disclose their personal data on SNSs which
can be considered as Loss of Personal Data. All social networking sites give an option to their
users to enhance the level of privacy but due to lack of knowledge about it, the users do not
change their privacy settings after creating their account.
In this paper, I am presenting about the risks and privacy issues surrounding the social
networking sites so that the users are much more aware and get educated. It will also focus on
some of the awareness raising programs and some security tips which will help them in keeping
their profile safe. Many examples of incidents will be explained through which the users will get
more educated about the social networking sites. This publication also focuses on the risks of
social networking sites and tries to gain users attention by means of a scenario based game in an
interactive way through which the users get educated. The results that were produced by the
research was very encouraging showing that almost 83% users revealed that they were benefited
by the game and almost 85% users also said that they would never share their credentials with
anyone after playing the game.
VIVEK GUPTA
If you think you are in control, youre fooling

yourself. As soon as you start listening, you realize
youre not in control. And letting go will yield more
and better results.
Charlene Li, author
Page 1
VIVEK GUPTA
Chapter 1
Introduction
Page 2
VIVEK GUPTA
1.1 Justification for the project:

There are millions of users for whom Social networking sites have become a daily routine and
are largely adopted by the users. There are many different social networking sites like Facebook,
Orkut, LinkedIn, MySpace etc. All these social networking sites have different features and
privacy policies but there are some common features which are adopted by almost all of the
social networking sites. Features like constructing a public or a semi-public profile within a
bound system, displaying lists of friends which are networked with the person and also allow the
user to traverse between different profiles based on the bounds. Most of the social networking
sites lack privacy issues which gives detailed information of the profile. Due to this reason there
have been many questions that have been emerged which leads further in research of this paper.
Even with so much of drawbacks there has been a tremendous increase in the use of social
networking sites. There are some social networking sites which give the users an option for their
privacy, but still users just tend to neglect it due to which there are many harms and ill effects of
it. Basically this paper will try to find out the different problems and the main disadvantages of
the social networking sites which cause users many disorders later on. Then it will let the users
know about it and try to create an awareness of the social networking sites.
The main approach that will be undertaken by this paper will be to develop a game in such a way
that it has different stages or levels and has very good graphics and animations which will attract
the users playing the game. This game will be like awareness for the users and will help them
basically in understanding the privacy concerns and issues in social networking sites. There will
be a questionnaire which will be solved by the users before playing the game and then they will
answer the same questions after the game. The evaluation or the test of the game can be easily
determined by comparing the answers of the questionnaires before and after the development of
the game.
1.2 Aims and Objectives of the project

The main aims of the project are as follows:
Explore the existing users perception regarding the social networking sites.
Page 3
VIVEK GUPTA
Exploring and understanding the privacy and security issues in social networking.
The problems that have been faced by the users on these social networking sites.
Review the past research techniques
Investigate the effectiveness of research done on these social networking sites.
The aim of this project is to raise security awareness of social networking users through a
fun and interactive game, and evaluate the success of such an effort.
The objectives of the project are as follows:
Analyze the level of security that has been adopted by the users on SNSs.
Analyze the security tips that have been provided by some of the bodies and calculate the
effectiveness of it on the users.
Create awareness among the users about the disadvantages of SNSs with the help of
different examples.
Also help the users by creating awareness about the social networking sites with the help
of a fun and an interactive game based on the security features.
1.3 Thesis Structure
Chapter 2: Literature review:
This chapter includes work done by previous authors in the field of SNS. It describes about the
background and in depth analysis of the work done by the past researchers which is followed by
a conclusion.
Chapter 3: Overview of SNSs:
This chapter gives an overview of Social networking sites, the threats related to the SNSs and
also the vulnerabilities to which the users are exposed when they log in to these social
networking sites. This section also includes the need for security to users when they get logged
into these social networking sites.
Chapter 4: Security Guidelines and User Awareness:
When it comes to security guidelines, whose responsibility is too aware the users whether the
governing body, the social networking sites or the users themselves? This is a very important
Page 4
VIVEK GUPTA
section which will be looked into depth and also security guidelines will be presented in this
chapter. Even after the awareness had been raised users do not feel it very important to make the
changes where arises another discussion on how users react to these awareness programs. This
will be justified with past surveys on social networking sites. This chapter will also give the
possible solution based on security.
Chapter 5: Research Methodology and Design of game:
This chapter gives you the overview of Flash with the help of which the game is developed. It
will include the different scenarios with the help of which awareness is being raised. It will also
explain the different methodology taken while developing the game. It will also discuss in brief
the design of the game.
Chapter 6: Analysis and Discussion:
There will be a set of questionnaire that will be passed on to the users playing the game. The user
will have to fill the same questionnaires before and after playing the game. An analysis will be
made based on the results of the questionnaires which will show the success of the game. It will
also be followed by a discussion based on the results.
Chapter 7: Conclusion:
The chapter ends with a conclusion in the end which will give a brief summary about the
perception of security and privacy issues which will be followed by a possible solution in short.
It will also include the future work that can be carried out.
Page 5
VIVEK GUPTA
Chapter 2
Overview of Social
Networking Sites
Page 6
VIVEK GUPTA
2.1 What are Social networking sites?

Social networking can be defined as a network where in users are able to listen, communicate,
interact, engage and collaborate with each other (McCabe, 2009). Users use social networking
sites to upload photos, share recipes and ideas among each other. Social network sites can also be
defined as a bounded system where in users are allowed to design a public or a semi-public
profile and also a place where the users are connected to different other users with whom they
share the connection (Boyd & Ellison, 2007).
Social network sites are completely unique because what they tend to do is allow the users to
make their profiles visible to the social network rather than allowing individuals to meet
strangers. In large social networking sites such as Facebook, MySpace etc., and individuals are
not Networking i.e. making new friends but rather they are only extending their current social
profile (Boyd & Ellison, 2007).
Social networking sites have rapidly grown all around the world on a popular basis. The young
generation people have had an upper hand on grabbing opportunities from these social
networking sites. People have uses SNSs to enhance learning, making new relationships and
also present themselves to new users. But with all these advantages in picture, there are many
disadvantages of SNSs as well. Dangers such as privacy loss, bullying, bad contacts and many
more are consistently striking the SNSs (Livingstone and Brake, 2010).
SNSs are used by the job recruiters to recruit people and also it has been found out that 1 out of
every 10 official searches the person on SNS. Sit is always important to use your social
networking profile to great advantage rather than working against you. So it is always better to
upload photos of recent volunteered job rather than any sensitive data. Always remember that
Once posted will never be deleted because even if you try to delete it, some other user might
have saved your content (Hogben, 2007). Social networking sites can always be advantageous or
disadvantageous depending upon what action is performed by the user.
Page 7
VIVEK GUPTA
Fig 1: Launch of major social networking sites (Boyd and Elison, 2007)
Page 8
VIVEK GUPTA
How Risky Social networking sites can be?

Dynamic growth in the field of internet has led to create awareness among the users about its
positive and negative impacts. There are many concerns that have been raised about the youth
who are being either solicited or harassed on the social networking sites. In order to protect the
youth from being solicited and harassed, many lawmakers and politicians are finding a solution
to restrict users to go online (Ybarra, 2007). One of the surveys which were conducted to find
out whether user had been commented by someone very rudely or by being very mean revealed
that around 15% of the user had been sexually solicited out of which 4% was found out in social
networking sites specifically. Also it was found out that 32.5% users were harassed on the
internet like receiving threats, getting bullied etc. 9% were specifically harassed on social
networking site (Ybarra, 2007).
Another survey was carried out to find whether college students use social networking sites for
social searching or social browsing. When a user already knows the person you are looking
for and trying to explore new things about the profile, it is said to be social searching. But when
user is trying to find strangers on social networking site, it is said to be social browsing. It has
been found out that most of the students use Facebook for social searching (Coyle and Vaughn,
2008).
Even though the social networking sites are proved to very risky, it has been found out that
information is provided by the users very willingly. There are different factors which drives the
user in revealing the information. One of them is signaling because the perceived benefit of
revealing data may appear larger than the costs of privacy invasion (Gross and Acquisti, 2005).
The Ups:
Companies are approaching social networking sites to build their business, have an
effective communication and can advertise for free.
SNSs also allows the companies to reach to the new markets where they can be in touch
with the existing customers and also review their products.
A positive feedback on the social networking site can really boost up the companys
performance and then can explore their business in new areas.
Page 9
VIVEK GUPTA
Social networking sites are free to use and does not cost much to the company other than
some valuable time and to maintain the website (GFI, 2011).
The Downs:
Most of the organizations do not have a problem with the social networking site but the
major concern is the employee using SNS at their work station which are the weakest link
and cause major concerns.
Also the employees spend a considerable amount of time sitting on the SNSs which is a
big shame when factors like productivity and salaries come into picture.
Social browsing does not take enough bandwidth but the videos and links that have been
posted on the SNSs occupies a certain amount of bandwidth which is not desirable for
the organization.
Organizations often tend to overlook the problem of malware and a virus on the SNS
which is another concern is because now-a-days attackers are trying to launch attacks on
SNS (GFI, 2011).
2.2 Threats on social Networking Sites
As there has been a tremendous rise in the field of social networking, there has been an increase
in the number of threats that have been posted to the social networking sites. The users are
somewhere not aware of such threats on these social networking sites. So this section will clearly
explain the major threats that are attached to social networking sites and what and how the
attackers want from these social networking sites.
2.2.1 Needs of attackers
It has been seen that the threats posted on to the social networking sites are similar to one that
have been posted on the internet. The main purpose of the attackers is to spread malicious
contents and virus and also to obtain personal information such as username and passwords. This
can be explained with some common needs that the attackers are looking for.
2.2.1.1 Jokes
Page 10
VIVEK GUPTA
This is the most common attack that the attackers are always looking for on social networking
sites. There are some users who just like to play with other user by creating jokes and just show
that they are the most reputed or also satisfy them thinking that they are the best. Such type of
attacks will not really hamper the user but sometimes makes the user bored and also create
network congestion.
2.2.1.2 Have a control on others computers
The attackers are always looking to be on the top of the users by gaining control over their
computers which is very dangerous. After gaining control, these attackers can do whatever they
wish to do and the user has to face adverse effects. Such attackers combine all these accessed
computers and create a botnet which is used to target the users with a DDOS attack. It is been
said that the service providers are the biggest attacker on these social networking sites. They
have access to the entire users information, private or public. Also these service providers can
share such private information with big companies, used for government surveys and also
research groups (Beato et al., 2010).
2.2.1.3 Personal Identity
There are some social networking sites which provide the user with privacy settings which the
user can use so that they can keep their personal information private. But according to a survey it
has been found out that in spite of the privacy settings being provided; between 55% and 90% of
the users keep their default privacy settings which can be easily used by strangers to view
information (Claburn, 2009). So the users have to blame themselves for being attacked by the
attackers. Once the attacker gains personal information about the users, they can easily attack the
users and commit crimes.
2.2.1.4 Company Information
Social networking site such as LinkedIn consists of users who are business professionals which
mean that there is a lot of personal information which is being revealed on social networking
site. So it is very easy for the attackers to add such business professionals on social networking
site and gain personal information. After gaining some trust over the user, the business
Page 11
VIVEK GUPTA
information can easily be revealed by the users and the attackers can attack the companys
infrastructure and financial secrets.
2.2.1.5 Money related attacks
There have been number of attacks which are being carried out for different purposes but the
main concern in modern day is to gain access over the bank accounts and many more financial
driven. So this is the major concern for the users on the social networking sites and they should
be very aware of it.
2.2.2 Different Threats

2.2.2.1 Breaches from service providers
All the various online social networking sites reveals that the user has to always trust the service
providers because they upload many personal information. So when it comes to disclosing this
data, the service providers can easily do that just for marketing, advertising etc. There have been
many questions and concerns that have been raised by the researchers in order to find a perfect
solution (Gao et al., 2011).
2.2.2.2 Spam
Traditionally the spam used to spread via e-mail, but due to the large social networking sites it
has become very easy for spammers to spread malicious code (Luo et.al, 2009). As the number
of people has started increasing on social networking sites, the factors like trust and believe
comes into existence which is used by the spammers (Symantec, 2009). There are various
reasons why spammers love social networking sites to spread malicious contents. They are as
follows:
There are number of users continuously logging into the social networking sites. Due to
such large audience, it becomes very easy for the spammers to spread the malicious
contents even if there is a small group of users participate in it.
Page 12
VIVEK GUPTA
Social networking site like Facebook refuses to review the applications before they are
put on the site. So it becomes easy for the spammers to trick the users and gain personal
information from them.
On social networking sites, users trust the post that has been updated by the friends
resulting in many applications such as who viewed your profile etc. So the spammers
only have to gain users trust and curiosity.
Also it is quite easy for the spammers to spread variety of spams on social networking
sites by making users add to a group or any other fan page (Walsh, 2011).
Fig 2: Problem for Scams (Sophos, 2011)

According to a survey report, there has been a rise in spam attacks. As seen in the figure above,
more than double the proportion was found when compared to last 2 years (Sophos, 2011).
2.2.2.3 Phishing
In social networking sites, the major factor is trust. If you find a way to gain someones trust,
you can easily make your moves. For strangers , it is very easy to gain trust on these social
networking sites because the SNS,s have grown to huge extent and users are willing to accept the
invitation from strangers which is what the attackers want. The attacker can easily behave as a
legitimate user and post some links on the page. The users are so very eager to click on the link
and when they do that, all the malicious contents and credentials can be lost (Luo et.al, 2009).
One of the latest phishing attacks that have been found out is the one on the Facebook called
FBaction messages that spread all over the Facebook. It contained a link to a message that was
actually sent by a friend. So if the user wanted to look at the message, they had to click on the
link which would take them to a different login page same as Facebook and the user used to log
Page 13
VIVEK GUPTA
in with their credentials. Once the user entered their credentials, the attacker gained a hand on the
profile (Cole, 2010).
Fig 3: Problem for Phishing (Sophos, 2011)

The phishing attack has been twice in Dec 2010 as compared in April 2009 which is really very
scary (Sophos, 2011).
2.2.2.4 Malware
Attackers are always looking to target those ways which are very effective and the speed of
spreading is relatively high. So in order to spread viruses/ malwares, it is very easy for attackers
to make use of social networking sites because of the large audiences. These malwares can be
spread to the users on the SNS,s in a very effective manner and also to a unsuspicious audience.
There have been many examples of social networking sites where the attackers have taken
advantage to spread viruses like MySpace Trojan, Orkut worm and also the Secret crush
Facebook widget (Marshal, 2008). With so many users on the social networking sites, the
attackers always think that someone will be a victim. There would be an extra advantage for the
attackers if the user is accessing the PC from their work station. This is the case when the user
thinks that something is appearing from a friend and they tend to lower their defense.
Page 14
VIVEK GUPTA
Fig 4: Problem for Malware (Sophos, 2011)

2.2.2.5 Third Party application breaches
With the rise in social networks, there has been also been a tremendous increase in third party
applications because the users are always excited to know something new on these platform. It is
important to know that these applications are built by the third party even though they reside on
the social networks. The user has to give away their personal information in order to install the
application. For example, to check out the horoscope application, it is important for the user to
enter the birth date (Gao et.al, 2011).
It is really necessary to note that when the users install such applications revealing the personal
information, it is quite important o they know that which application needs which kind of
information. But on these social networks, it is found out that neither the service providers nor
the user are aware of which information is necessary for the application (Gao et al., 2011). Such
information is then misused by the applications. An application on Facebook Compare Friends
assured users that the privacy will be maintained over their reaction on friends which was later
on then sell into the market (Gao et.al, 2011). So it is really very important for the users to be
quite aware of what they are trying to do on social networks. All the data which are revealed on
different applications on the social networks can easily be aggregated into one single attack
which can really be very devastating (Narayanan and Shmatikov, 2009).
2.2.2.6 Worms
The attackers are always eyeing on the social networking sites as a means of launching their
malicious attacks. The users of Facebook and MySpace have been targeted on a larger node
(Bilge et.al, 2009). The attackers use the old methods such as sending love letters which used the
contacts that are present on the users outlook express to spread. But as this method is intensively
Page 15
VIVEK GUPTA
used, so the users are much more suspicious when they look at such types of messages (Bilge
et.al, 2009).
It is also important to note that when you receive an e-mail with attachments, it is always
undergoes through a series of scanning and Bayesian filters so that all the unsolicited contents
are properly sorted out. So it is a bit of meaningless for the attackers to launch malicious
contents. But on the other hand it is found out that the social networking sites do not undergo any
sort of scanning which is the main advantage for the attackers to send malicious contents here
(Bilge et.al, 2009).
A major worm on Facebook called the Koobface infected many users systems. This type of
attack used to post with some link on the wall of the infected user or to all of the friends stating
that Check out the funny video. The link contained all the funny photos and videos (Yonts,
2011). When the user clicked on the link, they used to get a link opened in you tube which stated
that the plug in or the codec is missing and needs to be installed as shown in the figure. When the
users try to install it, it infects the users PC or the system.
Fig 5: Worm spread with support of Adobe Flash (Yonts, 2011)

Page 16
VIVEK GUPTA
2.2.2.7 Digital Dossier Aggregation

Users create profiles on social networking sites and it is very easy for the third party as well as
the other party to download such profiles and store it in some place. There are certain terms and
conditions which the service providers have to follow but it has been found out that profiles are
being used for various other purposes. Also the decreasing price of the disk storing capacity had
let the attackers to take regular snapshots dossier the profile. Another vulnerability on social
networking sites could be using the search engine where in more private attributes can easily be
searched (Hogben, 2007).
So it is quite important for the users to be quite safe and informative about the risks of the social
networking sites and also the attacks that are being launched. It was found out that the most
popular site in Germany named meinVZ aggregated around 1074574 profiles within 4 hours
clustering of about 10 computers. So it is very easy for the attackers to have a collection of
personal data on social networking sites (Huber et.al, 2010),
2.2.2.8 Face Recognition and CBIR

As the technology is emerging there are many various other technologies that are striking the
social networking sites. The face recognition software has emerged over a time and there have
been many concerns which are related to face recognition. This software tries to scan the photo
that has been uploaded on the social networking sites and tries to match it with the friends and
then suggest username for it (Espiner, 2011).
The most famous social networking site Facebook has an in-built and default settings which are
used by the users to recognize it. There are various obvious reasons for this technology to be in
doubt and it is very necessary for the users to know whether they want to use such technology. In
Facebook, this is default setting and the user must make the settings if they dont want such
technology to tag them. Also the information Commissioner Officer of the UK data protection
authority is in taking terms with Facebook to aware users about such technology (Espiner, 2011).
Context based Image retrieval is an emerging technology which is somewhat on the same line of
Face Recognition. In this type of technology, the attackers can identify any pattern of drawing
Page 17
VIVEK GUPTA
such as painting, design etc. against a set of large number of databases. The main risk of this
technology is that it might just open up the location of users home which can lead to many other
attacks like blackmailing, theft and many other which can result in a great harm to the user
(Hogben, 2007).
Both, Face recognition and CBIR go hand in hand and can cause a wider and broader means of
threatening users. There is a link in between them which provides unforeseen inferences which
can be any sort of personal information (Hogben, 2007).
2.2.2.9 Complete Deletion of account is not possible
There are many users on social networking sites who try to upload sensitive photos and post
some comments and then after a particular time wants to delete their account. When they try to
do so, it is quite possible that they may end up deleting their account, but it is somewhat
impossible to delete the secondary information like commenting on somebodys post can never
be deleted (Hogben, 2007). So it is very important for the users to be active on the social
networking sites when uploading something.
There might be a number of risks even after the deletion of account (Hogben, 2007).
Comments which have been made will never be deleted which will result in Digital
Dossier effect.
Also the users will not have enough fundamental rights to access their own personal
information.
2.3 The need for educating social networking users about privacy
Internet has become a major means of connecting to new people for college students. As found,
Internet has grown very rapidly and so does the capability for interaction between users has
grown. Social networking sites are being used by these students on a regular basis which creates
a huge confusion in the minds of the user regarding what is private and what is not which leads
them to a very undesirable situation (Timm & Duven, 2008).
Privacy can be defined as something that the individual find it very important and would like to
keep it secret from the general public (Richard, 2007). Looking at all the views of issues of
Page 18
VIVEK GUPTA
privacy, there are mainly two considerations that often comes to mind which are the intent of the
information shared and also the expectation they have that the shred information will remain
private (Hodge, 2006). The user when shares a certain amount of personal information on the
social networking site, it might not be his/her intent to share the information with the rest of the
world but that is what actually happens (Meredith, 2006). In this way the privacy is also
hampered unknowingly which makes the user very sensitive.
The most popular social networking sites, Facebook and MySpace clearly states to its users
about the limitations of its SNS which cannot protect any shared information that has been
posted on its profile. So it is important for the user to know what they are trying to share on the
social networking site because the operators are not responsible for any third parties who reads
your post (Timm & Duven, 2008). It has also been revealed that Facebook will try its level best
to protect the post that has been posted on the site but does not guarantee users to protect it from
the unauthorized users reading it.
A survey revealed that 74% of users are aware of the term My Privacy and the rest 26% of
them are not aware. Out of the 74% of users 62% of users used the Privacy feature and the rest
38% did not use it which is a huge proportion of users. This concludes that these 38% of users
think that revealing their personal information and allowing unauthorized users to see it might
prove something benefit which is a real shame (Jones & Soltren, 2005). It showed that 91% of
users have never read the private policies which show that the users are really not much
bothered. Also the important thing to note is that 47% of users think that the social networking
site does not share your information in the market which totally contradicts because it can share
the information to companies for advertisement and other purposes (Jones & Soltren, 2005).
Page 19
VIVEK GUPTA
Chapter 3
Literature Review
Page 20
VIVEK GUPTA
3.1 Introduction
In the recent past years, social networking has had a tremendous rise. Users have started
accessing social networking sites to make online friends, making profits for organizations and
getting in touch with older friends etc. Basically these users are some where lacking the
knowledge of security and it is very important to make such users aware of the risks of social
networking sites which can harm them in a great effect. So this section I have tried to research on
some of the work done in the past to ensure that users are technically aware of the security that
needs to be followed while accessing such social networking sites. There are different ways to
aware users such as writing blogs, tutorials, interactive games etc. All such methods of raising
awareness will be explained in this chapter. Also an example of game which is been developed
by a student in the University of Plymouth called Security Pursuit.
Following this will be a background section which will explain about the social networking sites
and also the threats that are related to these social networking sites. In the analysis section, there
will a report on the past research carried out in the field and also how the game helped in
creating awareness among the users. Following this will be a critical analysis that will be done
on the game including what influence the game had on the users. Finally the conclusion will be
summarized stating the main and importance of the project.
3.2 Background
There are many social networking sites where in privacy and trust is the major concerns and the
users are not aware of it. So it is highly necessary for the users to know about the problems in the
social networking sites. The very first social networking site Friendster described hoe users
create their own profile with an intention that they can pass their information to others. As every
other different social networking site, Friendster creates a profile and allows users to send links
to others to connect to them. Supposing you have a friends profile which is causing you
embarrassed, what are the security measure that you can carry out. A user can surely changes her
or her profile but cannot help make changes in their friends profile. There were some crude
pictures that were posted on the profile which caused a huge concern for the teacher when her
Page 21
VIVEK GUPTA
students asked her to friend her. This incident raised concerns over the privacy issues and risks in
social networking sites (Dwyer et al, 2007).
Facebook is another popular social networking site which was a great focus on college and
universities. But due to the increasing demand of Facebook, it has now been used in high schools
and other organizations and starting to be a huge concern in social networking world. One of the
surveys reveals that Facebook reveals a lot of private information and are not aware of the
privacy options in the site or users who can view their profile which is again a very big question
mark in the world of social networking sites (Acquisti and Gross, 2006).
There are still millions of people who are joining social networking sites just to have an
interaction with different profile. Since there are many cases that have been updated by the social
media about the social networking site, the reputation of it has been diminished which brings
another privacy question mark to the networking sites (Dwyer et.al, 2007). When users join such
social networking sites where there are millions of people connected, is it very easy to trust all of
the users which is something unrealistic.
Due to the emergence of social networking sites, there have been great advantages as well as
disadvantages in handling these networking sites. Social networking has helped users in the field
of education, knowing people all around the world etc. But the major concern of social
networking sites is the security which is complacency on the part of users. Social Networking is
also done in individuals, but it is mainly followed online. The main dangers associated with the
networking sites are the virus and the thefts and also the individuals claiming to be someone but
they are some other individual (Salles, 2011).
It has been noted that the popularity of social networking sites have been exceptional. There are
number of users who are still joining social networking sites. MySpace was reported as the
highest membership leader among all the social networking sites but due to the emergence of
Facebook in 2004, it has been noted that there are nearly 100000 users everyday joining
Facebook (Cain, 2007). Facebook has been used by college students and nearly 80%-90% of the
US students are registered on Facebook and is the sixth most visited website out of all the social
networking sites. Also most of the users joining Facebook were of the age between 18-25 years
and the average visit per day was approximately 6 times (Cain, 2007).
Page 22
VIVEK GUPTA
After considering all the factors of social networking sites, the question arises that how the
operators of SNS create revenue from the customer value. This is the most important factor that
the users should know (Enders et.al, 2008). The table below shows some of the revenue methods
used by social networking sites.
Fig 6: Overview Of Selected Social networking Sites (Enders et.al, 2008)

Looking at the above table, the users come must come to know that most of the social
networking sites make revenue by advertising and a small part of them is collected by either
transaction fees or subscription fees. It has also been found out that these social networking sites
sell information to the market to make money. So it is very important to know for the user that
should always be aware and not post any kind of social information on SNS.
3.3 Analysis
There are many threats to social network sites which are addressed in this report and the main
aim of this report is to provide countermeasures to these risks which would be very beneficial to
the users using these social networking sites. There have been a number of tests and surveys
which have been carried out in order to check out how many users are aware of posting personal
Page 23
VIVEK GUPTA
information on the internet. The other reason behind this was to check out whether the users are
updating the information required to make friendship or information such as year, month , DOB,
phone number, e-mail, occupation, education, location where you live etc. There have been many
cases which have led to many problems. A British man had killed his wife just because of a
reason that she had changed her relationship status from married to single on Facebook. The
European commission also warned the users stating that they might be risking their privacy on
Facebook and other social networking websites. The users are unaware of the fact that whatever
information they pass on the social networking sites could harm them in the near future (Nagy
and Pecho, 2009).
MySpace was attacked by a worm called Sammy and this created a danger in social network
sites. This worm used to find loopholes in the networking site and used to spread very fast.
Sammy, the worm did not actually looked into users information but it still did a lot of damage
on the operation of MySpace. Twitter was also attacked in the month of April 2009 by a worm
called Mikeyy. This worm used to modify the users pages by inputting any crap messages. Even
Mikeyy did not affect the users information same as Sammy. The most popular social
networking site Facebook was also attacked in May 2009 by a worm called Koobface. Koobface
used to flitch personal information like password from the users profile and later on it spread in
all social networking sites which became a bit serious and much harm were brought into
consideration. After all this disadvantages attackers were more focused on social networks
because they were able to know the drawbacks as well as finding it easy to launch attacks on the
social networking sites (Acquisti and Gross, 2006). Attackers can easily access to ones profile
and can gain information of corporation and commercial secrets.
A survey conducted by SOPHOS revealed that 62.8 percent of companies are concerned about
the fact that the employees reveal too much information on the social networking site and 66
percent of companies think that if employees continue to use social networking sites then it is
going to be a major disadvantage for the corporation (Luo et al, 2009). Cybercriminals have also
unnoticed the growing popularity on the social networking sites which have become a major
center for malwares and spams.
Page 24
VIVEK GUPTA
In order to create awareness among the users through a game, an analysis is being done on the
game called Security Pursuit. This game was developed for raising awareness of social
engineering. It is explained as shown in the figure:
Fig 7a: Game Board (Newbould and Furnell, 2009)

The game was designed in such a way that it consisted of 32 squares which were of 4 different
colors. Each color represented different attacks which were phishing, free fraud scam, spam and
other attacks. Depending upon the extent of threat each color appeared on the board (Newbould
and Furnell, 2009).
The author decided to keep multiple choice questionnaires because according to them that would
be much more interesting. When the user rolls the dice at the start of the game, all the squares are
dimmed. The number when obtained highlights two squares and the rest of them are dimmed.
Depending upon the right or the wrong answer, the square gets deactivated and puts a right or a
wrong answer accordingly. To keep the users interest in the game, the score would be updated at
the end of the game or when the user quits the game (Newbould and Furnell, 2009).
Page 25
VIVEK GUPTA
3.4 Critical Analysis

The game was sent to 35 users out of which only 21 responded to the game. 14 of them were
males and 7 females who responded to the game. The game asked the users to read the online
material and then play the game and provide their scores. More the time the user spends on
reading on internet, more will be the score (Newbould and Furnell, 2009). This is what happened
in the game as shown in the figure below.
Fig 7b: Relationship between time spent and Score

The survey revealed the following conclusions (Newbould and Furnell, 2009)
29 % of the users were quite aware of the dangers and also relaxed to deal with the
problem themselves.
38 % of the users were aware of the dangers and were also looking forward to learn more
new things.
19 % of users were quite happy about the awareness but did not want to learn more
things.
And 14 % claimed that they did not feel aware and suggested that nothing was new to
them.
3.5 Conclusion
Whenever there is any innovation in technology, it has been either a boon or a curse to the users.
Technologies always are linked to advantages as well as disadvantages depending on how the
Page 26
VIVEK GUPTA
users use the technology. In other words problem starts when, what, where etc. and the purpose
of technology where it is applied. Everyone knows that there is always a huge amount of debate
on any new technology innovation. In such a way even social networks have its pros and cons
depending on how the users use it. There are lot of privacy issues and concerns on the social
networking sites. If the users themselves learn about the privacy risks, then there will be hardly a
problem that could be identified on social networking sites.
There are some users who are not aware of such issues and they use social networking sites just
for fun sake. For such kind of users it is necessary to create awareness about the social
networking sites. There are many awareness programs that have been carried out and constantly
running in order to meet the security level. Hope this report will help users to understand the
concepts of social networking sites and educate users about the cons of it.
Page 27
VIVEK GUPTA
Chapter 4
Security Guidelines and
awareness
Page 28
VIVEK GUPTA
4.1 Security Guidelines:

When it comes to aware people about the security, it is very important that they are presented
with some up to date security guidelines. The users should be able to reduce the risk of
disclosing their personal and confidential information on the social networking sites. There are
many websites, whitepapers and companies that offer the best security guidelines that must be
followed by the users in order to be safe on these social networking sites. Even though there are
many websites and companies which offer security guidelines, it is very important that it should
reach the home users otherwise they are of a big waste. So here comes the role of the media and
also the awareness programs on how they make the security tips available to the users. The main
aim behind presenting security guidelines to the users is to minimize the risks of protecting
users computer, confidential and personal information. It is always essential that the legislation
and the governing bodies should make sure that the security guidelines are up-to-date which are
then presented to the users about the present vulnerabilities. If all such security guidelines are not
reaching home users, then they are useless and should be then tactically presented. There are
three security guidelines which are presented in this thesis. All these guidelines are the best and
up-to-date and can be very effective for the users. The reason behind choosing all these security
guidelines are that it covers most of the risks of social networking sites. There might be some
important feature in each of the guidelines which are not covered in the other which makes all
the three guidelines very effective. The combination of all these security guidelines can easily
educate the users and are the best security tips for being safe on social networking sites.4.1.1
Converging on Microsoft: 12 tips for safe social networking (Ashley, 2008)
Beware of too much information what you share:
Social networking means making new online friends and sharing information. But
sometimes sharing too much of information can lead you in trouble like identity theft and
online safety. So its better not to share information like birthday, hometown etc. Some
social networking sites offer users to restrict who can view their profile but many of the
social networking sites dont offer. So it is better that you should never share such
personal information.
Customize privacy options:
Page 29
VIVEK GUPTA
Most of the social networking sites allow users to customize their own privacy setting
which is very important because it allows the user the option of who can view their
profile and who cant. The users should not keep the default privacy settings which have
been provided to them by the social networking site. New settings are always added up,
so it is very important that the user should update it.
Limit work history details on LinkedIn:
It is not recommended that the user must provide their full resume online because it then
becomes very easy for attackers to access your personal information.
Dont trust, just verify:
The user should always be aware that the profile they are viewing is a fake account. If the
user thinks that this profile doesnt sound as same as his friends, it is always better to
verify from your friend whether it is his account.
Control comments:
It is often found out that some users leave their contents under someone elses name
which is very wrong. So it is better to contact the admin and ask them to remove the
impersonated comment.
Avoid accidentally sharing your personal detail:
Users have a tendency to update their location on social networking site which is very
wrong resulting in thefts and other calamities. Updating your location gives a clear
indication to the attacker that where exactly you are.
Search yourself:
It is always a good practice to Google yourself which will give you a result of where you
exactly stand, what information is viewed by others. Based on it, make your privacy
settings changed and hide your private information.
Dont violate your companys social networking policies:
Page 30
VIVEK GUPTA
It is always better not to comment on the companys reputation on social networking sites
because it gives a clear indication to the attackers about the companys profile which can
result in data loss and private information of the company.
Learn how sites can use your information:
Most of the social networking sites make money by advertising the users profile by
either selling to the market or to some other companies. So it is always recommended that
you should review the sites privacy policy and make the privacy settings that you can
control.
Create a smaller social network:
Bigger the networking site, larger the extent of the problem. So it is always better to
create a small network which will help users in being away from spam messages and loss
of personal identification.
4.1.2 Cyber security tip: Staying safe on social networking sites (US-CERT, 2011)
Always limit the amount of personal information that should be posted on the social
networking site.
You should never forget that internet is a public resource and once you have posted on
the internet, it cant be taken back.
When you chat with an unknown person on the social networking site, it should be noted
the amount of information that has been shared with him/her. So always be aware of
strangers.
The users should be quite aware of the fact that whatever information that has been
posted or read online is not always correct. So always be skeptical by verifying the
connection and then taking suitable action.
Page 31
VIVEK GUPTA
The most important thing is privacy. It is always recommended that the users should be
up to it and make their own privacy settings as in who can view their profile and many
other applications.
Always use strong passwords so that the attackers cannot guess it very easily. If an
attacker has an access to the password, then he/she can easily pretend to be you on the
social networking site.
It is always important that the web browser you are using is always up to date so that the
attacker cannot find the known vulnerability which is the main line of attack. Also the
softwares must be up to date.
Attackers always send spam messages and phishing attacks on social networking sites.
When the user click on the link, the viruses automatically generated into the users
system and can affect your system. So it is always recommended to update your antivirus.
4.1.3 National Cyber security Alliance: Social networking (Stay
Safe online, 2011)
Always learn the privacy settings on social networking site because it exists for a
particular reason.
You should always think twice before you post anything online on social networking site
because if it is once posted, it can never be deleted.
It has been found out that keeping your online reputation always keep your profile in
front of the recruiters.
It is also necessary to differentiate your most trustful friends from your online friends
(friends you add on social networking site) because all of them cannot be treated equally.
Keep your personal information up to your real friends.
Page 32
VIVEK GUPTA
If you have been harassed, bullied or threatened by someone on the social networking
site, always block them and report it to the site administrator.
Always make sure that you are comfortable what has been posted by your friend on the
social networking site. If you arent then it is advisable to talk to your friend and let him
know that you are not happy and vice-versa.
The table below shows the summary of all the three security guidelines which covers almost all
the important security Guidelines. It can be easily observed from the table the importance of all
the three security guidelines to help users to be safe on social networking sites.
Criteria
Microsoft
US-CERT
Customize Privacy settings
Dont trust strangers
Beware of sharing personal
Beware of uploading too
Stay Safe
X
much of information
Information
companys
Learn how sites use your
Dont
violate
profile
information
Always use strong passwords
Regular updates should be
maintained
Always keep in mind that
once
posted,
cannot
be
deleted
Keep good online reputation
for recruiters
Table 1 : Summary of Security Guidelines
Page 33
VIVEK GUPTA
4.2 User Awareness

The most important concern for the awareness raising is that there are many resources
and ways that are available on the internet still the users is unaware of it. So there should
be awareness programs in such a way that each and every user knows about it and
information which has to be passed is being acknowledged by the users. Many surveys
show that users are really very concerned about their security on the social networks
(Schrott, 2011). There are many other security concerns which have to be considered
from the survey which are as follows (Schrott, 2011):
33% of the users had never changed their passwords since they had joined the
social networking site.
Also 15% of the users had changed their password one year ago.
20% of the users had never changed their privacy settings
And only 19% of the users have changed their privacy settings once a month or
might be quite often which is really shocking.
It also revealed that 87% of the users are quite concerned about their security
which included privacy, fake profiles and other.
Fig 8: Graph showing concerned users on SNS (Schrott, 2011)

Page 34
VIVEK GUPTA
Another research carried out by the AVG conducted an interview which revealed many
important factors and threats that are hitting the social networking sites very hard. There were
250 students who were interviewed and the following results were found out (AVG, 2010):
55% of the users had faced phishing attacks.
There were 21% of users added people on social networking sites who they didnt
recognize.
52% of the users let their friends access social networking sites on their machine which
is a concern.
64% of them clicked on links shared in the community and 26% shared file within social
networking sites.
Also 47% of them were infected by malwares which was accompanied by 20% theft.
Fig 9: Graph showing User Awareness (AVG, 2010)
This results clearly shows that even some much of awareness going on around the
websites and other programs, there are many concerns which has to be sorted out by the
government bodies and by the users themselves.
Page 35
VIVEK GUPTA
4.3 Media Presentation
Social networking sites have had a tremendous rise in the past few years. There are
debates on the advantages of social networking sites but on the other hand there have
been many questions that have been raised by the researchers about its issues. As we have
seen that there are n number of sites which have security awareness programs, security
guidelines and tips on how to be safe on social networking sites.
Even though there are many websites publishing information, it is important that this
information reach the users managing SNSs. Here comes the main role of the media on
how they make this awareness information available to the open world. It has been seen
that most of the websites are non-interactive and users do not want to spend their time
reading it (Newbould and Furnell, 2009). So it is important the information published is
very informative, interactive and at the same time very productive.
All the small issues related to social networking sites must be presented in a very good
manner to the outside world and they should always be updated. Mediums such as TV,
Internet and many other applications can be used to make users aware about the issues. A
fun and an interactive game (Newbould and Furnell, 2009) and comic strips can be very
useful to alert people.
The other effective way could be publishing the information in bold letters in the front
page of the newspaper and also in many other magazines. So the media is somewhere
responsible for creating a meaningful awareness among users.
4.4 Security Improvements
In this part, I have tried to make my own set of awareness raising ideas which can be
really very beneficial to the users and also the government and other bodies who can
implement these ideas to raise awareness among the people. What I have tried to do is to
divide the users based on their age group and based on their age what would they enjoy
doing the most can be used as the medium which can be thought of raising awareness
among the people. School children will enjoy reading comics, watching cartoons and the
Page 36
VIVEK GUPTA
more aged people will love reading newspaper, magazines etc. Here is what I have done.
I have divided the age groups into three:
12-17 years are school going children
18-35 years are college students, employed people and
35+ years are mixtures of employed and old age users.
For the age group of 12-17 years:

These sets of users are usually school going children. So it is necessary to use some
innovative ideas in which they get aware about the risks of social networking sites.
School going children always love to read comic books, watching cartoons etc. Hence the
following method can be adopted to educate them.
Comic Books: The government or any awareness bodies can make an effort to print some
useful comic books based on social networking sites which at the end can give a moral of
the story related to it. The effort should also be taken to distribute some free books so that
users who cannot buy it, at least gets educated with the means of these free comic books.
Cartoons: The government can try to develop an episode based cartoon which shows the
risks of social networking sites. But it is important that it should be very interactive and
the users must love watching it.
Blackboards / Notice Boards: There are number of users who lack the knowledge of
understanding some words like phishing, malware etc. (Sophos, 2011). So the school or
the institution can put synonyms of the words and make it simpler for the students. These
words can always be put on the notice boards, black boards and also made on charts and
put it on the walls. It can also be followed by entering a thought of the day at the top of
the black/white board.
For the age of 18-35 years:

These are actually college going students and also employed people. So these people
always have a cell phone, e-mail account, travel using government transport etc. These
set of users can be educated in the following manner.
Page 37
VIVEK GUPTA
SMS:
The government should take some power so as to send an awareness message to each and
every user daily. What they can also try to do is to also collect awareness programs going
on around and can message users to join those awareness programs for free if they wish
to. This can be a bit tedious but can aware users to a maximum extent.
Television and newspaper:

These users are also interested in watching television news and reading newspaper. So
the awareness bodies and government can mention such risks of social networking sites
in the news and also in the newspaper which can be really helpful.
Government Transport:
The government can use their facilities to a great extent by putting up posters and
drawings on the government transport like buses, trains etc. This can really aware those
users who are not even trying to read any books or magazines and news and can just look
at these posters while they are using the transport like buses and trains.
Distribution of free Magazines:

The government should take some effort and try to distribute some free magazines so as
to aware people. Even this can be very tedious but if it comes out good then it can be a
huge bonus.
For the age of 35+ years:

Basically this set of users are mostly interesting in watching news or reading some sort of
magazines and newspaper. The main slogans should be put in bold letters in the
newspaper so that is it very much visible to the users and also the news channel must take
some effort to try and manage some awareness session during the news.
These ideas can be very helpful in reaching out each and every people and they get
educated via such awareness raising programs.
Page 38
VIVEK GUPTA
Chapter 5
Research Methodology &
Design of the game
Page 39
VIVEK GUPTA
5.1 Introduction
This chapter includes the research methodology and also the design of the game in which it is
constructed. The research methodology shows how the research is carried out explaining in a
very detailed manner. The design of the game includes the ways in which the game was actually
thought, how it was developed and also the way in which it needs to be played.
5.2 Research Methodology
The most important criteria and the aim were to develop an interactive game which could aware
users about the risks of social networking. It is very important that the message is passed on to
each and every user spending their time on social networking sites. The steps carried out for
research methodology are as follows:
Analyzing the common mistakes that users carry out on social networking sites which
lead them to security threats. Also analyzing what can happen if they commit such
mistakes.
Carrying out a research on previously developed work in the field of social networking
sites and then comparing which is the best method for awareness among the users. Also
justifying why the adopted method is the best.
Research on how the game should look like and create a rough outline on how it will
proceed which is necessary for any development. Flash CS3 is used to design and
develop the game.
After deciding the steps on how the game has to be developed, designing of the game will
take place which will have all the scenarios. To carry out the test and evaluation of the
game, a set of questionnaires will be developed.
These set of questionnaires will be answered by the users before and after playing the
game which can be easily compared and found out the success of the game.
The questionnaires will be provided to the users with a link before and after playing the
game and the responses will be collected.
The users will also be asked to provide a feedback for the game which will really help in
future development of the game.
Page 40
VIVEK GUPTA
Basically the research is carried out in three sections which contain the link for the survey. There
are three links which are provided to the users which they have to follow in order to complete the
survey. The section are divided are as follows;
Section 1:
This section is provided with the first link where in the users have to answer a set of
questionnaires in order to check the level of awareness they have. The questionnaires include
some participants details and an overview of security questions on passwords which the user has
to answer. The main aim of including participant details is find out whether the research has been
followed by males and females and also to check out the background to which they belong.
Section 2:
This section is provided with a link which on clicking by the user will appear with a game on the
screen. The users are provided with the rules and also the required time which will be needed to
complete the entire survey. If the user is quite happy, then he/she can click on the Proceed
button to start the game. It is clearly mentioned that users above 18 years of age can only
participate in the game. On clicking the start button, the game will start for the users.
Section 3:
Again this section is being provided with a link which the users have to answer the questions
after the game has been played. This set of questionnaires includes all the questions that are
related to the knowledge which they have gained from the game. They are also asked about the
justification of the game as in whether they have been beneficial playing the game.
The answers gathered from section 1 and section 3 will be compared to evaluate the success of
the game. The comparison will be discussed in the analysis section in the next chapter which will
be justified comparing with different survey results. The results for all the questions were
collected via survey site Survey Gizmo. All the answers from the survey will be explained with
demographics in the next chapter for better understanding and evaluation of the game.
Page 41
VIVEK GUPTA
5.3 Different Scenarios of the game

The game consists of different scenarios which the users have to play and at the end of every
scenario they will be presented with the moral of the story which will really educate them at the
end of the game. The different scenarios are as follows:
5.3.1 Do not share your SNS password with anyone
This scenario clearly shows that the user using these social networking sites must never ever
share their password with anyone because if they share their password they are causing problems
for themselves. So in this scenario it clearly shows that the user has already shared his password
and his friend uploads a funny picture in the users account. These scenarios will aware users that
when they share their password with any other users; they are exposed to various kinds of
threats.
5.3.2 Avoid adding strangers on SNS
This is one of the most important and the worst mistake that the users commit while accessing
social networking sites. When they strangers on the SNS, they almost trust the users and when
the stranger posts some link, the user automatically clicks on it which can result in many threats
like malware, spams, phishing site etc. So with this scenario the user will get educated when add
such strangers on the SNS which cause them many threats.
5.3.3 Avoid putting sensitive information and also always customize your privacy settings
This scenario will help educate users in such a way that when they try to add sensitive data on
the SNS and do not customize their privacy settings then third parties can easily store their
profiles on some other place. It will also aware the users about the risks that can occur when they
upload very sensitive photos which can hamper their privacy. At the end of the scenario, the user
again will be provided with the moral of the story which will educate them.
So these are the scenarios that will be developed to aware the users about the risks of social
networking sites.
Page 42
VIVEK GUPTA
5.4 Reasons for choosing the above scenarios for the game concept
It has been observed that there has been tremendous increase in the use of social networking sites
where the users are trying to create a vast network and especially adding strangers (Acquisti and
Gross, 2005). Privacy being one of the most important part of any social networking sites must
be customized by the users. So it is necessary to educate the users about privacy and also let
them know the different risks of social networking sites if privacy settings are not customized.
Most of the social networking sites provide the users with the privacy settings but it needs to be
changed when first started. The users must be educated about the different ways that they can be
safe on social networking sites and differentiating between public and private information. Also
there is always a risk that even the private information could be leaqued, hence the users must
think before posting any information on the social networking site (Kaspersky, 2011).
Table 2: Experiences with privacy settings (McIntoshs, 2011)

The table clearly shows that there are concerns of privacy settings. The above table shows the
experiences with privacy settings of Facebook which is one of the most popular social
networking site.
Page 43
VIVEK GUPTA
Also the scenario for sharing your passwords is important because the users tend to give it to
their friends and also other relatives which cause them trouble. It is important to pass some basic
information to the users just because they take it very lightly and share their passwords of social
networking sites. Cases like people calling over the phone stating themselves as the tech support
try to gain access to the social networking sites by asking their passwords to the users (SANS,
2011). So the users must be quite active to not reveal their passwords to anyone. In short the
scenario is a basic step for the users to let them know the consequences if they share their
password.
All the scenarios are quite different from the threats that have been mentioned in the earlier
chapters. But these are the basic threats and users must be educated about it at earlier stage.
When the user first logs on to the social networking site, the first things he/she needs to do is
customize their privacy settings and this research basically tries to educate the users the risks
associated with the following scenarios.
5.5 Design of the game
This section will give a brief summary on how the game was developed. First of all it was
necessary to understand the objective of the project and based on that the game is developed. To
develop any game, it is necessary to first think on the story line and also the characters and
environment i.e. the background. I first developed rough sketches of the characters and
environments and based on their respective roles were defined. Once I had finished the rough
development, it was time to proceed with the animation in flash. Basically the first scenario
contains two scenes which are as follows:
Scene 1 starts right from the initial point to the play button which contained
approximately 20 layers.
Scene 2 begins from where the Scene 1 stops till the last and contains 50 layers.
In all there are around 955 frames in all. The animation has been prepared using graphic
symbols, movie clips and animations. Also interactivity has been added in flash in the beginning
and for some set of questions which has been implemented using Action Script. Sound has been
imported to the game clips as and when necessary.
Page 44
VIVEK GUPTA
Action Script for the Proceed, Play, Log In and questions:

Script for Proceed button:
on (release) {
gotoAndPlay("5");
}
Script for Play button:
on (release) {
gotoAndPlay("Scene 2", 1);
}
Script for log in button and questions:
on (release) {
gotoAndPlay("b");
}
5.6 Game flow

This part of the research contains all the different sections of the game or the game flow which
will be followed by the users. It is as follows:
At the start the user will be briefly introduced on the research that is carried out and will
be asked to continue the game if they were happy to proceed and carry out the survey.
Page 45
VIVEK GUPTA
Fig 10: introductory page for the game

After this they will be asked to start the game on clicking the Play button as shown in the
figure.
Fig 11: Start of the game page
Page 46
VIVEK GUPTA
When the user starts the game, a scenario is presented in such a way the user playing the
game is entering into his friends house. And there is discussion among them about some
topic related to social networking site.
Fig 11: Conversation between the user and his friend
After the discussion, the users friend asks the user to enter his credentials. This is what
the user does and enters his credentials on this desktop.
Fig 12: Page where the user has to enter his credentials
Page 47
VIVEK GUPTA
After this, the user leaves the place saying to his friend that he will be right back after
drinking some water. The users friend takes advantage of this and just for fun sake
uploads a monkey photo on his profile stating that its me i.e. the user. This is as shown
in the figure.
Fig 13: The friend uploads a funny photo on the user profile
So at the end it is necessary to educate the wrong thing that the user commits related to
his SNS and should be educated at the end which is done as shown in the figure below.
The users are given the moral of the story which will help them to get educated.
Fig 14: Moral of the story for the game

Page 48
VIVEK GUPTA
5.7 How the User learns from the game or gets educated by the game
This is the most important part as in how the user will learn or which learning style the user
adopts to get educated. There are different forms of learning styles like auditory, visual,
kinesthetic, cognitive etc. which the user adopts to carry out their process. So it is necessary to
include in the research as in which type of learning style the user is adopting to get educated. The
main and the core learning style that the user has to adopt are as follows:
Cognitive Learning:
Cognitive learning is a learning style where the user learns by different actions like listening,
watching, touching, reading experiencing and then remembering the information which is being
passed on to them. So in this game the scenario clearly asks the user to commit different actions
like experiencing, watching, listening and then remembering the information which is being
passed on to them as a moral of the story (Think Quest, 2011).
Experiential Learning
This type of learning can be explained with a simple example of when everyone starts to learn
something new like riding bicycle, operating a computer, dance etc. we learned all these
activities by taking an action, watching the consequences of the action depending on which we
either continued or learnt some new action (Conner, 2011). To be effective learners it is
necessary to
Perceive information
How it will reflect
Compare with our own experiences
In this game as well, the user playing the game is presented in such a way that he is trying to
commit a mistake which results in bad consequences. So when the next time the user tried to do
the same thing, he/she will be quite aware of the consequences and this is what is called as
experiential learning i.e. learning from past mistakes. Also it is necessary to know that the game
should be interactive which can be defined as an activity where the user himself is presented with
a scenario and has to work on it to achieve the goal. The interaction should always be served to
the users with a purpose which will always keep the user interested (Schone, 2011).
Page 49
VIVEK GUPTA
This game is a mixture of cognitive learning nd experiential learning which tries to educate the
users about the risks of social networking sites.
Page 50
VIVEK GUPTA
CHAPTER 6
Results and Analysis
Page 51
VIVEK GUPTA
6.1 Introduction
This chapter purely contributes to the outcomes of the game which is used to create awareness
among the users and also to know the amount of awareness they already are. At the end, the
success of the game is to be evaluated which will be done as mentioned in the research
methodology.
Both the survey links and the link for the game were e-mailed to the participants with an
invitation message. The user had to answer to one link of the questions before the game, then
play the game and based on what knowledge and awareness they had obtained from the game,
they had to fill in the questions in the last link. This methodology will clearly evaluate the
success of the game and also the impacts it had on its users. A total of 25-35 participants were
required to evaluate the success of the game. In all 42 participants were send the invitation, out
of which only 34 participated in the game.
The demographics showed in the results below contains responses of all 34 participants who
participated in the survey before the game had to be played and the link to the survey after the
game also contains responses for 34 respondents. All questions were made compulsory, so all the
respondents have answered each and every question.
Also the research required the ethical approval from the committee in order to send the game to
the users and collect the results. After sending the approval form and going through a series of
paper work, this research finally got the ethical approval for the game and the results are
collected as shown.
6.2 Results
The results were collected from 34 users and all the pie charts and bar charts consist of results
from all the 34 users. Also all the questions were made compulsory which states that all the 34
users have attempted each and every question in the survey .The results from the all the section
have been collected and presented section wise. The results are as follows:
6.2.1. Section 1
This section consists of 13 questions that have been presented as follows:
Page 52
VIVEK GUPTA
Sex
Fig 15: Respondents Gender

This figure clearly shows that out of all the 34 users, 61.8% of the users were male and only
38.2% of the users were female. This result proves that there was an imbalance between the
proportion between the males and the female users. So the predominate users in the survey were
mostly male users.
Profession
Fig 16: Respondents Profession

Page 53
VIVEK GUPTA
This question was asked to the users in order to find out the background to which they belong. It
is always necessary for any research to reach each and every user so that are aware of each and
every risks. As the users invited were mostly friends and colleagues, most of them were students
and also colleagues who were employed full-time or part-time. So the survey clearly shows that
55.9% of the users were students and a small proportion of part-time and full-time employed
users participated in the game.
Are you a member of Social Networking Site?
Fig 17: Respondents answer on member of SNS

It has been proved earlier that there are millions of users who are connecting to the social
networking sites for various purposes. Also the risks that are associated with it are numerous. So
this survey question clearly justifies that the users are connecting to social networking site. The
survey yielded 100% response from users that they are connected to social networking site.
If Yes above, how many?
This question was interconnected to the previous question. It was to know that how many social
networking sites are used by the user in their daily life. As the above question revealed that there
were 100% users who were connected to the social networking site, all the 34 users had to
answer this question which revealed that the majority of users i.e. 78.8% users used between 2-5
social networking sites which is really a concern and also a small proportion of users i.e. 21.2%
Page 54
VIVEK GUPTA
of
users
were
connected
to
only
one
social
networking
site.
Fig 18: Number of SNS used by respondents

Which Social Networking site do you use most often?
This was one of the most important question in this section because this reveals the important
social networking site that is the most popular among the users. Also this question was interrelated with the previous question. Also this question was provided with a check box option
where in the users were allowed to tick multiple answers.
Fig 19: The most popular SNS used by respondents
Page 55
VIVEK GUPTA
It is quite important to note that in the previous question, 7 users used only 1 social networking
site. In this survey question, it can be concluded that all the seven users only use 1 social
networking site i.e. Facebook. The survey clearly shows that all the users at least use Facebook
and the rest of 20.6% users also used different social networking site. Since the introduction of
Facebook in 2004, there has been always a steep rise in Facebook users which clearly proves
looking at the above results.
On Average, how much time do you spend daily on social networking site?
Fig 20: Time spent on SNS by respondents

The result shown above is justified because of the increasing demand of social networking sites.
47.1% users revealed that they log on to the social networking sites for at least 30-59 minutes.
The 23.5% users who are online for less than 10 minutes might be the employed users where the
social networking sites are banned in the organizations. Also there are approximately 21% of
users who are logged on to the social networking sites for more than an hour which is really a
concern.
Please include what information you include on social networking profile.
As the number of threats are increasing on the social networking sites, it is very important to
know what are the reasons behind it as in what information revealed by the users are attracting
the attackers to attack on social networking sites. The users reveal too much of information on
Page 56
VIVEK GUPTA
the
SNS
due
to
which
they
are
attracted
towards
the
attackers.
Fig 21: Information included on SNS by respondents

This question carried out in the survey proves why privacy is a big concern on the social
networking site. As seen in the figure above among all 34 users, 82.4% of them share and upload
photos on SNS, 76.5% of users share their e-mail addresses, 73.5% mention their home town and
city and a small proportion of users also include their mobile numbers. Only 2.9% of users do
not share the above information which is surprisingly not wrong. So this is a bit of concern on
the SNS which needs to be sorted out.
Have you ever accepted strangers on the social networking site?
Fig 22: Respondents response on accepting strangers on SNS
Page 57
VIVEK GUPTA
The major concern for SNS is adding up strangers on their profile. But looking at the above
figure and most of them are students; they might know the disadvantages of adding up strangers
on the Social Networking site. So the above result found is really not shocking but if the survey
would have attracted users from non IT background, the results might have been a bit different.
How do you choose passwords for all the social networking sites?
It is important to know from the users that how do they manage to choose passwords for the
SNS. This question arises because if the user has the SNS with same passwords, then it becomes
very easy for the attackers to gain access to the different SNS if they have access on one of it. So
the
selection
criteria
need
to
be
important
while
choosing
password.
Fig 23: Choosing password for SNS

As most of the participants are from the IT background, the results are fairly correct which
shows that 52.9% and 23.5% users have passwords which have different passwords or few which
they keep alternating. A small proportion of 17.6% user needs to be educated because they have
the same password for all the social networking sites.
Page 58
VIVEK GUPTA
Which is the most important criteria when selecting a new password?
Fig 24: Criteria used by respondents to choose password
This question was linked with the previous question and is one of the important questions of the
survey. It is important to remember that the selection criteria for password should be in such a
way that it is not guessed by anyone very easily. As seen in the past result, even here 50% of the
user had quite a good knowledge which shows that they might be from the IT background.
Approximately 44% of the users constituted of a password which is very easy to remember and
very funny which is a concern on the SNS. The attackers can cause more threats and gain access
to the SNS profile if the password is easily guessed. So it is important that each and every user
must have a password which is very hard to guess.
How often do you change your password?
The respondents were asked about the time period they take to change their password. It is
always recommended to change your password on the SNS to be safe. But it is about the users
who need to know this information which is very important.
Page 59
VIVEK GUPTA
Fig 25: Respondents reply on change of password

The report shows that 50% of the users do not often change their password which is a big
security concern. Almost an equal proportion of users change their password in every month or
three months respectively. Only 11.8% users are aware to change their SNS password every
week.
Have you ever given your SNS password to anyone in the past?
Fig 26: Respondents answer on sharing their passwords with anyone
Page 60
VIVEK GUPTA
This question was put in the survey to analyze whether the users are quite aware about the risks
of social networking sites. It was basically to know whether the users are concern about their
privacy on the SNS. But the result yielded facts that was quite shocking because approximately
45% of the users had given away their passwords of SNS to their friends, System admin and
office colleague respectively. So this is a huge concern because the result shows that users are
not quite up to their mark in securing their privacy.
Considering any worst situation would you ever share your SNS password with
anyone?
Fig 27: Respondents reply on considering situation on sharing passwords
This was basically to know what the user will do considering any worst situation on the SNS.
The result was not quite surprising because an equal proportionate of users would have either
shared their password or vice-versa. This might have got struck on the situation considering how
worst it can be. So there is no justification for it.
Page 61
VIVEK GUPTA
6.2.1 Section 2
After collecting all the results about the knowledge the users had about the SNS and the risks
that are associated with it, it was time for the users to introduce to the game through which they
can seek knowledge based on which answers were to be provided in section 3. This game was
basically having some security features which the users had to follow in order to protect their
privacy.
6.2.3. Section 3
This section consists of the third link for the survey question which was provided after the game
had been played. It consist of 5 questions which was somewhat linked in the section 1 and it also
consists of two scenarios which the user had to answer after the experience in context to the
game.
How will you choose your password for all the social networking sites?
Fig 28: Respondents answer for choosing password
After looking at the scenario, out of all the 34 users, 61.8% users would like to have different
password which is good and also 29.4% users believed in alternating same passwords for all
Page 62
VIVEK GUPTA
social networking sites which is encouraging when compared to 8.8% users who want to use the
same password for all the SNS.
Which are the most important criteria when it comes in selecting a new password?
This time the results show cases something different which shows that 72.7% users wanted to
keep their SNS password very hard i.e. the strength of the password should be difficult in order
that no one can easily guess their password. Still approximately 27%users wanted to keep their
SNS password as either very easy or funny which is a concern.
Fig 29: Selection criteria used by respondents after the game
How often will you change your password?

This survey question is somewhere related to security which the users must decide
themselves. Looking at the answer provided by the users after playing the game, the
percentage of users changing their password in every week and in a month have
tremendously gone up which shows that the game has at least some sort of awareness among
the users which is a good sign. But there is still a bit of concern among the 17.6% users who
do not change their password quite often.
Page 63
VIVEK GUPTA
Fig 30: Respondents response on changing their password after the game
Is the scenario justified and beneficial to you in some way?

This question was put in the survey to get a feedback from the users because it is necessary to
evaluate the success of the game which means the level of awareness or impact the game had
on the users. Looking at the above answer, almost 83% users were quite happy to play the
game and were benefited by it. A small proportion of users were still not quite happy and the
scenario did not benefit them in any ways. For such users, the feedback will be collected and
the game would be more enhanced in the future work.
Fig 31: Respondents reply on the scenario justification
Page 64
VIVEK GUPTA
Scenarios
Scenario 1: If you are sitting at a friend's place and logging on to the social networking site
on his desktop. If there is tick on a "Remember me" check box and asking you to enter the
personal details. What will you do?
This question was put up in the survey to check out whether the users were benefited after
looking at the scenario. It was important to know the impact it had on the user and what action
would they take if they were put in a similar scenario. The results are as shown.
Fig 32: Showing what the user will do in a particular situation
This result clearly shows that the game had a huge impact on the users which can be justified as
seen in the results. Approximately 68% users revealed that their privacy is important for them
and then will uncheck and then proceed which is the right thing to do. But at the same time there
are also some users who think that their privacy will not be hampered because he is his friend
which is a wrong assumption. Also around 9% users were unsure and neglect the situation and
proceed which again can hamper their privacy.
Scenario 2: Considering a situation where in you are not able to access the internet and
your friend calls you up and says that he/she has posted some arrogant link on your profile
Page 65
VIVEK GUPTA
and asks you to have a look at it and delete it. But you cannot, so will you share your social
networking credentials with your friend and ask him to do the needful. Remember the line
of the scenario which was developed to aware.
This scenario based question was asked to the users in the same fashion as the previous one. The
users had to answer this question after looking at the game to check the awareness of the game.
The result as shown in the figure below clearly shows that the game has made some sort of
awareness
among
the
users.
Approximately
71%
of
Fig 33: Showing what the user will do in a particular situation

the user respondents were concerned about their privacy and answered that they will go home
and then take appropriate action which is the right thing to do when compared to 20.6% users
who would share their credentials. It is always important to maintain your privacy which is the
most important for any social networking site.
6.3 Discussion on the Results
This section contains the discussion based on the results that have been found out. As mentioned
earlier, the comparison between the questions would be the best idea to evaluate the success of
the game. The discussion is as follows:
Page 66
VIVEK GUPTA
Ways to choose a Password

The results when compared with from the two section clearly shows that there has been an
increase in the number of users who will have different passwords or some passwords which are
alternated which is a really encouraging. Also the number of users who responded before the
game that they have same passwords for all the SNS has been reduced to almost half of its ratio.
This clearly shows that the game had positive boosts on the user. The comparison can be seen
as shown in figure 34 below.
Fig 34: Comparison of Fig 23 & 28

Criteria for choosing a password
The result found in this case shows that the number of users has increased which has gone to
72.7% as compared to what was only 50% in keep their password very strong. Also a small
percentage of users who revealed that they keep their password using middle name or first name
have disappeared after playing the game. The number of users who answered that they keep their
password very easy has also been decreased. All these signs clearly show that the game had
encouraging results on the users. The comparison can be seen in fig 35 below.
Page 67
VIVEK GUPTA

Time length for Change of password
This result when compared showed positive sign which can be seen. Previously, before the
game, 50% users revealed that they do not change their SNS password very often which changed
dramatically after the game was played which was reduced to 17.6% users. Also the number of
user who answered that they change their password every week increased to 38.2% when
compared to only 11.8% before the game was played. Fig 36 illustrates the following
comparison.
Page 68
VIVEK GUPTA
Will you ever share your password looking at the scenario?
Fig 37a: Respondents reply on sharing their credentials

This question was put up in the survey just to know that whether they would have committed the
same mistake even after looking at the scenario. Approximately 85% users responded that they
will never share their SNS password with anyone which is the best and effective way to maintain
your privacy. Privacy should never be hampered and each and every user must never forget this
by committing the same mistakes again and again.
Is the scenario justified and beneficial to you in some or the other way?
After playing the game, it was necessary to ask users whether they were quite happy to play
the game and also were they benefited with it. This section is very important because after
carrying out any research it is always advisable to ask the users whether it was advantageous
for them and if no, what else they expected in the game to be very attractive. The figure
below is illustrated as shown in the figure below. It clearly shows that approximately 82.4%
users were quite happy and gained something from the game which is really encouraging. A
small proportion of users were not benefited because these might be the users from the IT
background who might have already known this.
Page 69
VIVEK GUPTA
Fig 37b: Respondents reply on justification of the scenario

6.4 Impact Summary
As everyone knows that the use of Internet and Social networking sites has increased
tremendously. With the increasing use of technology, the security risks involved with it also
increases. So this research can have a huge impact on the users in increasing awareness about the
risks of social networking sites. This game acts as a base for all the risks such as when you share
your password, any huge risk can occur or if you add a stranger that means the user trusts him
and if he sends the user a link which might be any sort of attack like phishing, scam, malware
etc. and if the user clicks on the link, he might be at high risk. These are just simple examples
which can really be very dreadful after for the user if he/she commits such small mistakes. So
this research will surely have a huge impact for the users in defending themselves from major
risks. There also have been many instances where in the user has suffered from attacks like cyber
bullying, harassment, threats, identity thefts etc. So after playing the game, the victims will
surely be reduced to a huge extent.
Also there has been many cases in the organization where in the users reveal so much of
information on the social networking site that the organizations have had to face many attacks
like loss of information, theft etc. Most of the users are not aware of their privacy, which leads to
disclosure of too much of information on the social networking site. After playing the game by
Page 70
VIVEK GUPTA
such users, a level of awareness will be created about the importance of privacy which needs to
be maintained in the SNS. Also the organizations will be relieved in maintaining their security
and also no loss of information or disclosure of the organization. So in a positive way, this
research can prove more than handful in creating awareness among the people. Also it is
necessary that each and every Internet user using social networking sites must be aware and
looking at the present situation of Internet, the risks will always be climbing and hence the
researchers can carry out the extended work from where this research ends.
6.5 Academic Impact
This research has undergone the previous work that has been done in the field of social
networking sites. So after analyzing them, this game can be a huge advantage to the new
researchers to continue carrying out research in the same field. This can be served as the base for
new awareness method and can be fruitful to some extent. The game can also be carried out as
survey method by and government body to check the level of awareness before the game has
been played and comparing it with the impact it had after the game was played.
There are number of end users who are not aware about the risks of social networking. For such
users, it is important to know the drawbacks of social networking and this game can play a huge
favor in knowing the risks. Also this research can be carried out in the school among children as
an e-safety program which will help students to learn and gain knowledge of how to make use of
social networking sites to their advantage. Due to the animated characters used in the game,
many more school children will be attracted in playing it.
6.6 Dissemination and Exploitation
This research can play a very important role in the field of social networking awareness. This
chapter clearly contains all the results which have been obtained from the user before and after
playing the game. This research could be very useful in creating awareness for school children
and also by government to provide and understanding of the risks of social networking sites. This
game can really help users in providing awareness among the end users who are not from IT
background which is a huge advantage. The game can give a lot of information about security on
SNS to the users from any background which adds to the advantage of it.
Page 71
VIVEK GUPTA
Chapter 7
Conclusion
Page 72
VIVEK GUPTA
7.1 Inferences
This research was very beneficial in many ways like knowing users perception in the field of
social networking sites. It was also better in a sense that it comes to know about the awareness
level of the users about passwords. Due to the time constraint to complete the research, the game
could not be built up all the scenarios as mentioned in the design chapter and only the password
scenario was developed. The survey carried out for this scenario revealed many things about the
level of awareness.
The survey carried out before the game clearly showed that there were huge insights and
mistakes that were committed on the social networking sites. The main debate over this is that if
there are many sources available over the Internet, then why the users are not being aware. This
proves that only writing text and books will not attract people to read stuff because it is very
boring and also users are quite reluctant to search for books or articles. The main concern in the
results above was that around 30% of the users had accepted strangers on the social networking
site. This amount of users is quite sufficient for the attackers to launch their attacks. The above
results means that out of 100 users, 30 users would accept strangers which means that the
attackers can easily launch phishing, malware, spam attacks to these 30 users which is more than
enough for the attackers. Also the other concern over the social networking site is that
approximately 80% users share their Home town, e-mail address and photographs on social
networking sites which are again a real shock. The users must be made aware about the risks of
uploading such information on social networking sites because as mentioned earlier in the threat
section, the attackers can easily save their information in some other place and also there are
many tools available to identify the place and profile looking at the photos. So what this means is
there are users who are still not aware on the risks of social networking sites.
The main aim of the project was to educate users of social networking sites through a fun and
interactive game. It was also necessary to check out the level of awareness that the users already
had in the field of social networking sites and also through a game concept educate the users
about their mistakes. The research carried out here constituted overall 34 users which was more
than enough to evaluate the success of the game. Also the survey carried out in the research was
very easily passed by means of e-mail invitation. This survey that has been carried out after the
game was played clearly shows that the game had some positive impact on the users.
Page 73
VIVEK GUPTA
Approximately 82% users revealed that they were benefited from the scenario. Also the majority
of respondents revealed that would not share their credentials in the results carried out. At the
end, it is necessary that each and every user must be educated about the risks rather than ignoring
it and this research has somehow succeeded in achieving it.
7.2 Limitations
As every research has some limitations and drawbacks, this research had a quite a few
limitations. Firstly the time given to complete this research with the development was very less
which means that all the scenarios mentioned in the design chapter could not be completed
which is major drawback. Secondly since all the scenarios could not be built up, the present
game does not give the full flow of a game which is a drawback. If all the scenarios were built
up, the story would have been something else. Also the survey that needed to be carried out
could only contain questions related to password and in the end it became very difficult in the
analysis section to gather too much of data. This is why no too much of data could be compared.
The questionnaires that were passed on to the users to carry out the research could not be
concluded that the game was very useful in raising awareness among the people. The biggest
limitation behind this was the quality of questions based on the scenario. As in social networking
sites, the biggest threat is privacy and that scenario could not be built up just because of the time
window available. If that scenario could have been built up, then the quality of the questions
would have easily fetched more data from the users through which the conclusion could have
been more encouraging. Also because of this the research could not divide people into sets of IT
background and non IT background which would have given more appropriate results. Just
because of these limitations, the testing phase and the results could not be 100% effective. It is
always important that the game must be fun loving to attract more users. So there can be a funny
sound which can be added to the game in order to make it fun loving and also the game could be
added with additional features like points based, extra lives, cash reward or can be a clap sound
which will always keep the user attracted and interested. Also the game can be embedded with
different interesting and comic graphics which will attract more users. The biggest limitation in
this research could be the evaluation part. Evaluating success of the game cannot be calculated
by asking questions to the users before and after the game. So to prove this the questions can be
embedded in the game with the scenarios and then ask the users to answer what will they do in
Page 74
VIVEK GUPTA
the current scenario. This can be pretty handful and the results would be much more
appreciating. These limitations can be easily overcome in the future work.
7.3 Future work

In the near future, the first thing to do will be to complete all the scenarios that is mentioned in
the design chapter which are the common and the most important risks of social networking
sites. Also the survey questions can be enhanced and can contain more questions based on
privacy as well. This game can be used by other researchers to modify the different aspects of the
game like screen name, extra points, including questions in the game etc. to enhance the game
and attract more user. More the attraction, more number of users will get educated. In this way
the game could easily be modified with extra features in the near future.
Page 75
VIVEK GUPTA
References:
Acquisti, A., & Gross, R. (2005). Information Revelation and Privacy in Online
SocialNetworks. Proceedings of the 2005 ACM workshop on Privacy in the electronic society.
Alexandria, Virginia, USA. [Accessed on 25th January 2011 ]
Acquisti, A., and Gross, R. (2006). Imagined Communities: Awareness, Information Sharing
and Privacy on TheFacebook. Proceedings of the 6th Workshop on Privacy Enhancing
Technologies, Cambridge, UK, 2006. [Accessed on 6th August 2011 ]
Ashley, M (2008), Converging on Microsoft: 12 tips for safe social networking. Available:
http://www.networkworld.com/community/tips-for-safe-social-networking?page=0%2C2
[Accessed on 1st August 2011]
Atkinson, S., Furnell, S., & Phippen, A. (2009). Securing the next generation: enhancing esafety awareness among young people. Computer Fraud & Security, Plymouth, UK. Available:
http://www.sciencedirect.com/science?_ob=MImg&_imagekey=B6VNT-4WW268D-C1&_cdi=6187&_user=10104504&_pii=S1361372309700880&_origin=&_coverDate=07%2F31
%2F2009&_sk=979909992&view=c&wchp=dGLbVzWzSkWl&md5=fc12bd3276429d235e0e6ca445303d25&ie=/sdarticle.pdf [Accessed on 7th August
2011 ]
AVG, (2010). SOCIAL ENGINEERING: DECEIVING PEOPLE, NOT MACHINES.
AVAILABLE:
http://www.avg.com.au/news/avg_smb_social_engineering_deceiving_people_not_machines/
[Accessed on 14th August 2011 ]
Beato, F., Kohlweiss, M., Wouters, K. (2010). Enforcing Access Controls in social networking
sites. Available: http://www.cosic.esat.kuleuven.be/publications/article-1240.pdf [Accessed on
14th August 2011]
Bilge, L., Strufe, T., Balzarotte, T., Kirda, E. (2009). All Your Contacts Are Belong to Us:
Automated Identity Theft Attacks on Social Networks. Track: Security and Privacy / Session:
Web Security. [Accessed on 3rd August 2011]
boyd, d., and Ellison, N. (2007). Social Network Sites: Denition, History, and Scholarship.
Journal of Computer Mediated Education, 13(1), pp. 210-230. Available:
http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2007.00393.x/pdf [Accessed on 22nd
July 2011]
Cain, J. (2008). Online Social Networking Issues Within Academia and Pharmacy Education.
American Journal of Pharmaceutical Education, 72(1). [Accessed on 27th January 2011]
Page 76
VIVEK GUPTA
Claburn, T (2009),Social Networks Leak Personal Information. Available:

http://www.informationweek.com/news/internet/social_network/219401268 [Accessed on 7th
August 2011]
Cole, E. (2010). Enabling Social Networking Applications for Enterprise Usage. SANS (2010).
Available: http://www.wyoming.gov/pdf/SANS_taming-the-social-network.pdf [Accessed on
21st July 2011]
Connew,
M.
(2011).
Learning
from
experience
online
Available:
http://agelesslearner.com/intros/experiential.html [Accessed on 15th Septmeber 2011]
Coyle, C, & Vaughn, H. (2008). Social Networking: CommunicationRevolution or Evolution?

Bell
Labs
Technical
Journal,
13(2).
Available:
nd
http://onlinelibrary.wiley.com/doi/10.1002/bltj.20298/pdf [Accessed on 22 July 2011]
Dwyer, C., Hiltz, S., Passerini, K. (2007). Trust and Privacy Concern Within Social
Networking Sites: A Comparison of Facebook and MySpace. Americas Conference on
Information systems. [Accessed on 21st January 2011]
Hogben, G. (2007). Security Issues and Recommendations for Online Social Networks. ENISA
Position Paper No.1. Available: http://fredstutzman.com/papers/ENISA2007.pdf [Accessed on
27th June 2011]
Ender, A., Hungenberg, H., Denkr, H., Mauch, S. (2008). The long tail of social networking.
Revenue models of social networking sites. European Management Journal, 26(1), pp. 199-211.
[Accessed on 21st June 2011]
Espiner, T. (2011). Privacy watchdog probes Facebook facial recognition. ZDNet UK. Available:
http://www.zdnet.co.uk/news/security/2011/06/09/privacy-watchdog-probes-facebook-facialrecognition-40093048/[Accessed on 6th August 2011]
Fogel, J, & Nehmad, E. (2009). Internet social network communities: Risk taking, trust, and
privacy concerns. Computers in Human Behaviour, 25(1), pp. 153-160. Available:
http://www.sciencedirect.com/science?_ob=MImg&_imagekey=B6VDC-4TDYNXD-11&_cdi=5979&_user=7173283&_pii=S0747563208001519&_origin=&_coverDate=01%2F31%
2F2009&_sk=999749998&view=c&wchp=dGLzVzzzSkWz&_valck=1&md5=c10307de8619de0d521cbbb8e25e8f36&ie=/sdarticle.pdf [Accessed on
11th August 2011]
Gao, H., Hu, J., Huang, T., Wang, J., Chen, Y. (2011). Security Issues in Online Social
Networks. IEEE Internet Computing. [Accessed on 11th August 2011]
Page 77
VIVEK GUPTA
GFI (2011). Social networking at work: Thanks, but no thanks? Available:

http://www.gfi.com/whitepapers/Social_network_concerns.pdf [Accessed on 2nd August 2011]
Huber, M., Mulazzani, M., Weippl, E. (2010). Social Networking Sites Security: Quo Vadis.
IEEE International Conference on Social Computing / IEEE International Conference on
Privacy, Security, Risk and Trust. [Accessed on 8th August 2011]
Hodge, M. J.(2006). Comment: The Fourth Amendment and Privacy Issues on the New
Internet. Facebook.com and Myspace.com. Southern Illinois University Law School Journal,
2006, 31, 95122. [Accessed on 27th July 2011]
Hogben, G. (2007). Security Issues and Recommendations for Online Social Networks. ENISA
Position Paper No.1. Available: http://fredstutzman.com/papers/ENISA2007.pdf [Accessed on
15th August 2011]
Jones, H., Soltren, J. (2005). Facebook: Threats to Privacy. Available:
http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-papers/facebook.pdf
[Accessed on 6th August 2011]
Kaspersky.
(2011).
Social
Networking
safety
online
available;
http://www.kaspersky.com/threats/social-networking-safety [Accessed on 16th September 2011]
Livingstone, S & Brake, D. (2009). On the Rapid Rise of Social NetworkingSites: New
Findings and Policy Implications. Children & Society, 24(1), pp.75-83. Available:
http://onlinelibrary.wiley.com/doi/10.1111/j.1099-0860.2009.00243.x/pdf
[Accessed on 7th
August 2011]
Luo, W., Liu, J., Liu, J., Fan, C. (2009). An Analysis of Security in Social Networks. Eight
IEEE International Conference on Dependable, Autonomic and Secure Computing. [Accessed on
15th June 2011]
Marshall (2008), Social Networking: The pros, the cons and the Solution. Marshall
Whitepaper.
Available:
http://www.zdnet.co.uk/i/s/ads/whitepapers/Marshal/WhitePaper_SocialNetworking.pdf
McDowell, M (2011), US-CERT Cyber Security Tips ST06-003 Staying Safe on Social
Networking Sites. Available: http://www.us-cert.gov/cas/tips/ST06-003.html [Accessed on 28th
July 2011]
McIntoshs,
.(2011).
62
posts
categorized
Safety.
Available:
th
http://edu.blogs.com/edublogs/safety/ [Accesssed on 15 Septmeber, 2011]
Page 78
VIVEK GUPTA
Meredith, P.(2006). Facebook and the Politics of Privacy. Chronicle of Higher Education,
Sept.14, 2006. Available: http://chronicle.com/. [Accessed on 9th August 2011]
Nagy, J.; Pecho, P.(2009).Social Networks Security. 2009 Third International Conference on
Emerging Security Information, Systems and Technologies. [Accessed on 15th June 2011]
Narayanan, A., & Shmatikov, V. (2009). De-Anonymizing Social Networks. 30th IEEE
Symposium on Security and Privacy. University of Texas, Austin. [Accessed on 24th July 2011]
Newbould, M., Furnell, S. (2009). Playing Safe: A Prototype Game For Raising Awareness of
Social Engineering. Australian Information Security Management Conference, Perth, Western
Australia. [Accessed on 14th June 2011]
Richards, D. V. (2007). Posting Personal Information on the Internet: A Case for Changing the
Legal Regime Created by S 230 of the Communications Decency Act. Texas Law Review,
2007, 85, 13211322. [Accessed on 10th August 2011]
Salles, M. (2011). 6 Habits for Highly Effective and safe Social Networking. [ONLINE]
Available:
http://smartenterpriseexchange.com/blogs/TalkingBits/2011/05/20/6-habits-forhighly-effective-and-safe-social-networking [Accessed on 1st February 2011]
SIAF.
(2011).
Social
NetworkingGeneral
Risk
Assessment.
th
http://www.siaf.co.uk/resources/SIAF_snrisks.pdf [Accessed on 28 August 2011]
Avaiable:
Schrott, U. (2011). Survey Reveals Chasm between Users Concerns and Behaviour. ESET
Ireland. Available: http://esetireland.wordpress.com/2011/07/04/monthly-threat-report-june2011/ [Accessed on 14th August 2011]
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E. (2007),
Anti-Phishing Phil : The Design And Evaluation Of A Game That Teaches People Not To Fall
For Phish, cups.cs.cmu.edu/soups/2007/proceedings/p88_sheng.pdf , (Accessed 10th September
2011)
Sophos (2011). Sophos Security Threat Report reveals increase in social networking security
Threats. Available: http://www.sophos.com/en-us/press-office/press-releases/2011/01/threatreport-2011.aspx [Accessed on 2nd August 2011]
Symantec. (2009). Spammers target social networking sites to spread spam. [Online]
Available:
http://www.symantec.com/en/uk/about/news/release/article.jsp?prid=20090608_01
Page 79
VIVEK GUPTA
ThinkQuest. (2011). Cognitive Learning Available: http://library.thinkquest.org/26618/en5.5.3=cognitive%20learning.htm [Accessed on 15th September 2011]
Tim, D., & Duven, C. (2008). Privacy and Social networking sites. New Directions for Student
Services, 2008(124). Available: http://onlinelibrary.wiley.com/doi/10.1002/ss.297/pdf [Accessed
on 2nd August 2011]
Tuunainen, V., Pitknen, O., Hovi, M. (2009). Users Awareness of Privacy on Online
SocialNetworking Sites Case Facebook. AIS Electronic Library, BLED 2009 Proceedings.
Walsh, S (2011), Top 5 Reasons why Spammers Love Social Networking. Available:
http://www.allspammedup.com/2011/08/top-5-reasons-why-spammers-love-social-networking/
Ybarra, M, & Mitchell, K. (2008). How Risky Are Social Networking Sites? A Comparison of
Places Online Where Youth Sexual Solicitation and Harassment Occurs. Pediatrics Official
Journal of the American Academy of Pediatrics, 121(1), pp. 350-357. Available:
http://pediatrics.aappublications.org/content/121/2/e350.full.pdf+html [Accessed on 27th July
2011]
Yonts, J. (2011). Malicious Social Networking: Koobface Worm. SANS. Available:
http://www.sans.org/security-resources/malwarefaq/koobface-worm.php [Accessed on 5th
August 2011]
Page 80
VIVEK GUPTA
Appendix 1 Section 1
Page 81
VIVEK GUPTA
Page 82
VIVEK GUPTA
Appendix 2 Section 3
Page 83
VIVEK GUPTA
Page 84
VIVEK GUPTA
Appendix 3 (SIAF, 2011)
Page 85
VIVEK GUPTA
Page 86

Gupta Vivek PDF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Gupta Vivek PDF

Загружено:

Авторское право:

Доступные форматы

VIVEK GUPTA

EDUCATING SOCIAL NETWORKING USERS

Educating Social Networking Users

A thesis submitted to the University of Plymouth in partial fulfillment of the requirements

Project Supervisor: Maria Papadaki

School of computing, communications and Electronics

EDUCATING SOCIAL NETWORKING USERS

I would really thank to my supervisor Maria Papadaki, School of Computing, Communications

EDUCATING SOCIAL NETWORKING USERS

Chapter 2: Overview of Social Networking Sites ....................................................................... 6

2.2 Threats on social networking sites .. 10

Chapter 3: Literature Review .................................................................................................... 20

EDUCATING SOCIAL NETWORKING USERS

3.3 Analysis ............................................................................................................................... 23

Chapter 4: Security Guidelines and Awareness..

4.1 Security Guidelines ............................................................................................................. 29

4.1.3 National Cyber security Alliance: Social networking (Stay ......................................... 32

Chapter 5: Research Methodology &Design of the game ....................................................... 39

Chapter 6: Results and Analysis................................................................................................ 51

EDUCATING SOCIAL NETWORKING USERS

6.2.1. Section 1 ...................................................................................................................... 52

EDUCATING SOCIAL NETWORKING USERS

Launch of major social networking sites

Problem for Scams

Problem for Phishing

Problem for Malware

Worm spread with support of Adobe Flash

Overview Of Selected Social networking Sites

Relationship between time spent and Score

Graph showing concerned users on SNS

Graph showing User Awareness

introductory page for the game

Start of the game page

Page where the user has to enter his credentials

The friend uploads a funny photo on the user profile

Moral of the story for the game

Respondents answer on member of SNS

Number of SNS used by respondents

The most popular SNS used by respondents

Time spent on SNS by respondents

Information included on SNS by respondents

Respondents response on accepting strangers on SNS

Choosing password for SNS

Criteria used by respondents to choose password

Respondents reply on change of password

Respondents answer on sharing their passwords with anyone

Respondents reply on considering situation on sharing passwords

EDUCATING SOCIAL NETWORKING USERS

Respondents answer for choosing password

Selection criteria used by respondents after the game

Respondents response on changing their password after the game

Respondents reply on the scenario justification

Showing what the user will do in a particular situation

Showing what the user will do in a particular situation

Comparison of Fig 23 & 28

Comparison of Fig 24 & 29

Comparison of Fig 25 & 30

Respondents reply on sharing their credentials

Respondents reply on justification of the scenario

Summary of Security Guidelines

Experiences with privacy settings

EDUCATING SOCIAL NETWORKING USERS