Trust your social network according to satisfaction, reputation and privacy

Nowadays we are witnessing a massive usage of social networking sites (Facebook, MySpace, etc.). Those systems facilitate user interaction; however, they disregard users' well-being because users are forced to trust the network and to use the system without any guarantees. We consider that this is little satisfactory for systems where the users make the network successful thanks to their interactions.
 In this work, we propose to study how to improve users' trust towards the system in terms of reputation, privacy and satisfaction. Despite former separate studies, we argue that these notions are strongly linked and must be analyzed in a correlated way.


INTRODUCTION
Recently, several sites, built on social networks, are webbased applications that allow users worldwide to publish potentially any kind of information (personal, professional, etc.), and interact with each other through services provided by the applications.Current examples of famous social networking applications include Facebook, MySpace, Twitter, Delicious and LinkedIn.In those large-scale networks, the more users are numerous and the amount of shared information is larger, the more the system is interesting and at-tractive 1 .Users then make the network successful thanks to their interactions.However, actual systems disregard users' wellbeing.In fact, specific individual needs are generally not taken into account.Users are forced to trust the system, without any guarantees.Current systems aim to be considered as trustworthy in terms of efficiency and reliability, but ignore other subjective aspects like users' expectation or privacy of used data and resources.In general, they neglect users' satisfaction in favor of cost saving.
On the other hand, network size endlessly increases.Most of current social networks mainly rely on a client-server communication paradigm through which users (clients) connect to a web site (server, possibly geographically distributed for performance purposes) in order to make use of a wide set of available services.Those kind of systems are good for simplicity of use, deployment and maintenance but data privacy is completely ignored.As this approach currently reaches their bounds, numerous fully distributed solutions are designed and recent outcomes argue for their feasibility [6,10,21].Peer-to-peer (P2P) paradigm facilitates scalability but also brings up some problems.Since peers are heterogeneous, some might be faulty or malicious, and cannot ensure services that provide enough quality.In order to restrain those behaviors, several systems attempt to increase user's trust toward the system by using reputation mechanisms [13,20,24].Those mechanism can be used to help peers to distinguish good from bad partners which eventually enhances the users' satisfaction.
Reputation mechanisms require a size-able degree of sensitive information which can be personal, professional, behavioral, etc.Unfortunately, this goes against the privacy rights of individuals.In fact, the Organization for Economic Cooperation and Development (OECD) provides some guidelines that systems should consider in data privacy management (cf.Section 2.3) [16].
The aim of this position paper is to put down some milestones of a complementary 3-facet analysis (satisfaction, reputation and privacy) to allow users to trust the system.Our objective is to allow the deployment of fully decentralized architectures, which can define different degrees of users' trust towards the system in terms of, mainly, privacy, reputation and satisfaction (global and individual), according to different applicative contexts.Nevertheless, it is obvious that user's trust is not only linked to reputation, satisfaction and privacy, but our work consists in a first step and we have make the choice to start with this focus.This paper is organized as follows.Section 2 introduces the three dimensions of our current work.Then, Section 3 presents the links that we identify between these dimensions.Section 4 presents the objectives of our proposition.We finally conclude and raise some open issues in Section 5.

SOME CONCEPTS TO TRUST THE SYS-TEM
In this section, we briefly introduce the three dimensions used in this work.In the literature, they have been studied separately but we argue that they are intrinsically connected when trusting the system is a main challenge.

Satisfaction
Studying user satisfaction is generally motivated by an attempt to improve information systems.A full satisfaction requires a system which both provides results of good quality and is also usable accordingly to the user needs.For example, in the field of information retrieval, per-query answers relevance measures [8,22,19] provide standardized, repeatable measurements of search result quality while usability studies [5,11] try to measure the user experience in a more direct way.Recently, in the context of query allocation and routing services, users' satisfaction -with respect to the system comportment -has been studied [3,17].It is defined as a long run notion evaluating the capacity of the system to follow the intentions of each participant.For instance, a data provider can be satisfied even if sometimes the system imposes queries he does not intend to treat, or a data consumer is satisfied because "in general" she receives answers from the providers she prefers.Here, quality of results is a private notion that is assumed to be used by a data consumer to decide which providers she prefers.
Intuitively, a participant is satisfied by the system process if the latter meets its intentions in the long term (i.e.matching users' expectations as a way to figure satisfaction).The satisfaction of participants may have a deep impact on the system, because they may decide whether to stay or to leave the system based on it.In [17], a complete model is proposed that characterizes autonomous participants by formally defining the adequacy, satisfaction, and allocation satisfaction of a participant.
Whatever the system (information retrieval, query or ressource allocation, social network, etc.), in order to define her intentions and strategy, a participant needs information about the system itself and its participants.Similarly, the system needs information about the participants to adapt himself to individual intentions and to evaluate participants' satisfaction.So, on one hand, there are needs of information about participants while on the other hand, the principles of privacy require sensitive information not to be disclosed.
As a consequence, a solution has to be built on the core idea of compromize, equilibrium of which may differ from one participant to the other.

Reputation
It is expected that systems remain reliable, efficient and secure even if they evolve or increase.Reputation systems contribute to this goal in systems based on a large-scale network composed by numerous autonomous and potentially untrusted participants.As proposed in [15], a reputation system design can be divided in three main basic blocks: information gathering, scoring and ranking, and response.
Depending on the application context, these blocks can take various states.Application context includes expected user behavior (e.g., churn, reliability, privacy, anonymity) as well as adversarial goals and power (e.g., selfish peers, malicious peers, traitors, whitewashers) or environment limitation (e.g., centralized vs decentralized).
Several decentralized solutions [4,7,13,18,20] have been recently proposed.For instance, among the most cited ones, Eigentrust [13] presents a PageRank-like algorithm that computes a global reputation rating by using transaction reports and the rating of the reporting peer.TrustMe [20] imposes that a transaction certificate be pairwise established before any transaction between involved peers takes place.Pow-erTrust [24] constructs a trust overlay network to model the trust relationships among peers.
All these approaches need potentially sensitive information which can be personal, professional, behavioral, etc. that lead to privacy breaches.Recently, some studies have been proposed in order to ensure efficient reputation mechanisms, under classical anonymous assumption [2,4].These approaches permit to reach an interesting but challenging tradeoff between reputation and privacy purposes.The latter are presented below.

Privacy
Data privacy is the right of individuals to determine for themselves when, how and to what extent information about them is communicated to others [23].It has been treated by many organizations and legislations which have defined well accepted principles.According to the OECD guidelines [16], data privacy should consider: • collection limitation; • purpose specification; • use limitation; • data quality • security safeguards; • openness • individual participation; • accountability.modify her privacy preferences freely.In general, those preferences are defined in "privacy policies" (PP).Inspired form P3P [9], we consider that PPs should consider authorized users, allowed operations, access purposes, access conditions, retention time, obligations and the minimal trust level necessary to allow data access.

Privacy concerns individual choices of human beings, it is thus important to allow each individual to determine and
Efforts are being realized to offer solutions to personal distributed data privacy.In [1], authors propose a privacyenhanced social networking site oriented to satisfy privacy awareness and customization, data minimization and data sovereignty.PriServ [12], is a privacy service for P2P systems that proposes functions to publish and request private data by taking into account the PPs of data owners (in particular, access purpose, operations and authorized users).
Hello World [14], is a distributed social network that focus on authentication, decentralization and security.Their objective is to give the control of their data to data owners by letting them to manage their data privacy.[10] proposes a social networking based on P2P systems.It uses and propose techniques to trust users in the system, anonymization of traffic, pseudonyms, etc. to offer privacy protection to users.

CONCEPT INTERACTIONS
Interactions and dependencies of the three concepts that we are concerned on, can be taken from different points of view.This paper analyzes a first point of view which surely may evolve.
We consider that different levels of users' satisfaction, reputation and privacy have direct repercussion on the trust towards the system.Figure 1 shows some links among those concepts.The center box corresponds to the trust towards the system as it is a main issue.We consider that each user of the system can have her own perception of the level of trust she can have in the system.But also, the system can be considered globally as trusted or not.
The satisfaction notion depends on the objectives/intentions/motivations of each user when using the system.Then, a user can have a satisfaction perception that can be influenced only by its local vision of the system, or by a global one.The global vision means that each user can perceive the interaction of other users in the system even if she is not concerned.
Reputation is constructed from the interaction and feedback of users.The reputation system is supposed to calculate individually the trustworthy level of users and the set of those levels may indicate the trustworthy of the global system.
Privacy concerns the respect of individual PPs.A system may in general respect the user' privacy but eventually some users may be unhappy because they consider that their personal privacy is not respected2 .Guaranteeing PPs' respect has an important influence on the system.Reputation and satisfaction mechanisms may need more or less private information to work efficiently.
Interactions among these three concepts can be complementary or antagonistic, for instance: • the more a user trusts towards the system, the more she is satisfied, and the more she is satisfied, the more she trusts towards the system.
• In the same way, the more the reputation mechanism is efficient, the more users trust towards the system, and the more a user trusts towards the system, the more she contributes honestly to the reputation mechanism.
• Similarly, the more the reputation mechanism is efficient, the more users are satisfied, and the more a user is satisfied, the more the reputation mechanism will be efficient.
• It is possible that the reputation mechanism be efficient and concludes that the majority of users are untrustworthy.In this case, users will not trust the system even if they continue to contribute to the reputation mechanism.
• Concerning privacy, the more information is gathered, the more the reputation mechanism is efficient.And the less a user trusts towards the system, the less she discloses information.Finally, the more a user's privacy is respected, the more this user is satisfied and inversely.

OBJECTIVES
The first issue we are working on is identifying the common, but also the incompatible, properties of the three considered dimensions (cf.left side of Figure 2).Clearly, privacy and reputation are closely related by the quantity/type of shared information.Concerning satisfaction and privacy, one link is the privacy respect which depends on, for instance, the respect of user's PPs.The relationship between reputation and satisfaction can be for instance the efficiency of reputation mechanism.Thus, different levels of privacy and reputation guarantees may lead to different levels of satisfaction.Therefore, reaching a point located in the intersection area of all these dimensions (i.e., Area A in the figure) represents a good tradeoff to attend a high level of trust towards the system.In addition, our main objective is to define a generic metric that takes into account all these dimensions and helps the designer to maximize the users' trust towards the system while respecting the system/application constrains.

Privacy
The right side of Figure 2 illustrates the mutual impact of privacy, reputation and satisfaction in the following terms.
• Privacy.It represents the satisfaction in terms of privacy guarantees which can be the amount of information that it is not necessary to share within the system or the respect of PPs.
• Reputation.It represents the satisfaction of the reputation mechanism in terms of power as reliability, efficiency and most of all, consistency with the reality.
• Satisfaction.In this context, it represents the global users' satisfaction according to the first two axes.
The figure shows that the less the amount of shared information is, the most the privacy satisfaction is.However, that implies a low reputation satisfaction range.Obviously, both dimensions have an antinomic impact.Nevertheless, we can infer that the same global satisfaction can be reached by using different settings, which depend on the applicative context requirements.
Finally, the main aim of our study is to find a method to obtain the right settings in order to maximize the user' trust towards the system.The latter could be reach by finding the best tradeoff between all the proposed dimensions that leads to the point located as far as possible on the right of the satisfaction axis.

CONCLUSION AND OPEN ISSUES
Social networks actually take an important place in our everyday life.However, most of social systems do not take into account user's trust as an aim.In our works, we propose to increase the users' trust towards the system by designing some methods to raise the aforementioned aim in terms of reputation, privacy and satisfaction.In our opinion, these three dimensions are hardly linked and have to be studied in a correlated way.
Nevertheless, it is obvious that user's trust is not only linked to reputation, satisfaction and privacy, but our work consists in a first step and we have make the choice to start with this focus.Moreover, each of these dimensions has to be handled more generally than the preliminary examples presented in this position paper (quantity of shared information, efficiency of reputation system, and so forth).
There is numerous open questions, for example, to identify the common and the incompatible properties of the three dimensions, but also, to define generic metrics that takes into account these dimensions and helps the designer to maximize the users' trust towards the system while respecting the system and/or application constrains.

Figure 1 :
Figure 1: Relationship among the identified dimensions.

Figure 2 :
Figure 2: Spatial representation of our 3-facet characterization and mutual impact of the two main settable aspects on global satisfaction.