1. Field
Aspects of the example implementations relate generally to data management, and more specifically, to managing access and display protocols for sensitive data.
2. Background
Users often utilize “third party” applications and grant permission to sensitive user data (e.g., personal user information such as name, address, phone number, etc.) based on difficult to understand, or noisy permission negotiations. This may result in various applications gaining access to sensitive data that is not needed to provide the promised service to the user. The situation can be further complicated by applications that request a class of user data (e.g., need name to greet user), but then use the user data for nefarious or alternate purposes (e.g., sell name to marketing list).
In an example, the user utilizes an application to conduct an online interaction (e.g., blog comment, liking a social media post, posting a photo, etc.), which is tagged with user information. The online interaction may be hyperlinked back to the user's social media or other account. A web crawler may traverse the online interaction back to the user's account and thereby extract personal information that the user may not have intended to reveal to the application. Further, the application may also extract sensitive data from the user's account from the online interaction.
Consider the related art example of FIG. 1, wherein a user is running a third party application 101 within a social media website in a web browser 100. Another user, “Abel Smith”, initiates an online interaction 102 within the third party application, and inadvertently reveals his account address in a hyperlink 103 associated with his name (e.g., the third party application requiring the information from “Abel Smith” without the information being required to run the application, mishandling of permissions, etc.), such that when a user hovers over Abel Smith's name, his account page is revealed.
The third party application may then traverse Abel Smith's webpage and potentially extract sensitive user data about Abel Smith that was not intended through the online interaction. Further, if the online interaction is generally made public, third party web crawlers may crawl Abel Smith's account page and also extract sensitive user data that was not intended to be made public through the online interaction, or data mining applications can obtain information based on the online interaction (e.g., average age of friends, etc.).