WIXLIB

Complex & Intelligent URVEY AND STATE OF THE ARTOnline social networks security and privacy: comprehensive reviewand analysisAnkit Kumar Jain1· Somya Ranjan Sahoo2 · Jyoti Kaubiyal1Received: 1 March 2021 / Accepted: 19 May 2021 The Author(s) 2021AbstractWith fast-growing technology, online social networks (OSNs) have exploded in popularity over the past few years. The pivotalreason behind this phenomenon happens to be the ability of OSNs to provide a platform for users to connect with their family, friends, and colleagues. The information shared in social network and media spreads very fast, almost instantaneouslywhich makes it attractive for attackers to gain information. Secrecy and surety of OSNs need to be inquired from variouspositions. There are numerous security and privacy issues related to the user’s shared information especially when a useruploads personal content such as photos, videos, and audios. The attacker can maliciously use shared information for illegitimate purposes. The risks are even higher if children are targeted. To address these issues, this paper presents a thoroughreview of different security and privacy threats and existing solutions that can provide security to social network users. Wehave also discussed OSN attacks on various OSN web applications by citing some statistics reports. In addition to this, wehave discussed numerous defensive approaches to OSN security. Finally, this survey discusses open issues, challenges, andrelevant security guidelines to achieve trustworthiness in online social networks.Keywords Online social network · Security and privacy · Social threats · Cyberbullying · Cyber groomingIntroductionWhen the internet became popular in the mid-1990’s itmade it possible to share information in ways that werenever possible before. But a personal aspect was still lacking in sharing information [1]. And then in the early 2000s,social networking sites introduce a personal flavor to onlineinformation sharing which was embraced by the masses [2].Social networking is the practice of expanding one’s contactwith other individuals mostly through social media sites likeFacebook, Twitter, Instagram, LinkedIn and many more [3].It can be used for both personal and business reasons [4]. Itbrings people together to talk, share ideas and interests andmake new friends. Basically, it helps people from differentgeographical regions to collaborate [5]. Social networkingplatforms have always been found to be easy to use. This is* Ankit Kumar Jainankit.jain2407@gmail.com1National Institute of Technology Kurukshetra, Kurukshetra,India2Vellore Institute of Technology Andhra Pradesh, Amaravati,Indiathe reason social media sites are growing exponentially inpopularity and numbers. Figure 1 shows the basic constituents of social networks and the fields in which it is playinga major role [6]. As the figure shows, social networking canbe used for entertainment, building business opportunities,making a career, improving one’s social skills, and forging relationships with other individuals [7]. Facebook andMyspace are among the most preferred social networkingsites Since a large chunk of the online population utilizesocial media platform, it has become a significant mediumto promote business, awareness campaign.Since people consider social media as a personal communication tool, the importance to safeguard their information stored in these social networking sites is often takenfor granted. With the passage of time, people are puttingmore and more information in different forms on social networks which can lead to unprecedented access to people’sand business information. The amount of information storedin social networks is very enticing for adversaries whoseaim is to harm someone. They can create havoc worldwidewith this huge amount of information in hands. Moreover,social media has become a great medium of advertisementfor marketers and if they do not take social media security13Vol.:(0123456789)

Complex & Intelligent SystemsCareerSocial skillsBusiness OpportunityRelationshipEntertainmentSocial NetworkFig. 1  Constituents of online social networksSocial ConnectionMultimedia sharingSocialNetworkingsitesProfessionalDiscussion ForumsFig. 2  Types of social networking sitesissues seriously enough, they make themselves vulnerableto a wide variety of threats and put their confidential dataat risk. Also, social network can be classified into manytypes based on their uses. Social networks can be classified into four broad classifications namely, ‘social connections’, ‘multimedia sharing’, ‘professional’ and ‘discussionforums’. This section discusses the types of social networking sites and vulnerabilities and instances of phishing thathave occurred on said classifications. Current problems arealso stated with an emphasis on malicious content-basedphishing attacks. Figure 2 shows different types of socialnetworking sites can broadly be classified into.In Social connection, People use this network to connectwith people and brands online. Although there are othertypes of social networking sites available online, this typecertainly defines social media now. Sites that come underthis category are ‘Facebook’, ‘Twitter’, ‘Google ’, ‘Myspace’. Although there are advantages of using these sites, ithas some disadvantages also. These sites are vulnerable to13phishing attacks in numerous ways. An intruder can makea portal that looks identical to a Facebook page. And thenmay lure users into entering into their credentials in differentways. Some of these methods are:(a) Sending fake messages which states that their Facebookaccount is about to be disabled in a few days.(b) The user may be tricked into clicking a link from thepersonal message sent by his friend stating that someone has uploaded personal pictures of the user in thegiven link.(c) Some attackers send a message claiming that the user’saccount needs to be updated to use it further. And alink is given to download that update which containsan address of the malicious site.Also, multimedia sharing networks are used to sharepictures, videos, live videos, and other media online. Theygive an opportunity to users and brands to share their mediaonline. Sites under this category are ‘YouTube’, ‘Flickr’,‘Instagram’, ‘Snapchat’. Nowadays every social media hasan “inbox” feature where anyone can send messages to theirfriends and chat with them. Recently, YouTube has alsoreleased this feature. This gives the attacker a great opportunity to phish his target. He can send a shortened URL in themessage which redirects the user to a malicious website [8].Since it is not easy to recognize a shortened URL, whetherit is legitimate or not, attackers take advantage and obfuscate their malicious content in shortened URLs. Professionalsocial networks are developed to provide career opportunities to their users. It may provide a general forum or maybe focused on specific occupations or interest dependingon the nature of the website. ‘LinkedIn’, ‘Classroom2.0’,‘Pinterest’ are some of the examples of professional socialnetworking sites. Since these social networking sites contain all professional information of the user including emailid, an attacker can use these details to send a victim a personalized mail. These emails may be like emails claiming

Complex & Intelligent Systemsprize-money which contains the malicious link. Similarly,in discussion forums, people use these networks to discusstopics and share opinions. These networks are an excellentresource for market research and one of the oldest formsof social network. ‘Reddit’, ‘Quora’ and ‘Digg’ are someexamples of popular discussion forums. In these forums,people also share links related to their research so that userscan get more information about their topic of research. Someillegitimate users share malicious links to lead astray usersto some phishing websites. In this way, phishing can also bedone in discussion forums.The lasting part of our paper is incorporated as follows.We present different statistics for OSN security in "Statisticsof online social network and media" section. Segment 3 particularizes the positive and negative impacts of online socialnetworking. In Segment 4, we depict different threats thataffect the user behavior in OSN platform. We describe thereason behind the OSN security issues in-depth in Segment5. In "Solutions for various threats" section, we discuss thedefensive solutions for various threats. For user awarenessin "Security-guidelines for OSNs user" section, we portraycertain security rules to protect your system, account, andinformation. In the following section, i.e. in "Open researchissues and challenges" section, we portray the open researchissues and challenges for OSN users. At last, we concludeour work in "Conclusion" section.Statistics of online social network and mediaNear about 4 billion users exist in the online internet landscape [9]. Out of the total population on the internet, thereare 2.7 billion monthly dynamic clients on Facebook, 330million active users on Twitter, 320 million active users onPinterest, as of Dec 30, 2020 [10]. Figure 3 illustrates thenumber of users on different social networking platforms[11]. According to a report from Zephoria, there is a 164000NO. OF USERS IN MILLIONSFig. 3  Number of users ondifferent social networkingplatforms3500percent increase year over year in monthly active users ofFacebook. Seven new profiles are created every second[12]. Users uploaded a total 350 million pictures per day.On average 510,000 comments are posted in every 60 s onFacebook, 298,000 statuses are updated, and 136,000 photos are uploaded. Since a huge amount of data is uploadedon Facebook, there is a high chance of having securityrisks. Anyone can post malicious content hidden insidemultimedia data or with shortened uniform resource locators (URLs). There are around 83 million fake profileswhich can be of illegitimate users or of professionals doingtesting and research. Around 1 lakh websites are hackeddaily [13].As per the data depicted in Fig. 4, the use of social networking sites has amplified exponentially such that thereis a large amount of data and information available onthese sites which has increased risks of information leakage and has opened doors for several cyber-crimes likedata interception, privacy spying, copyright infringement,and information fraudulence. Although some Social Networking Sites like Twitter do not allow disclosing privateinformation to users, some experienced attackers can inferconfidential information by analyzing user’s posts and theinformation they share online. The personal informationwe share online could give cybercriminals enough to getour email and passwords. We have taken cognizance ofpopularity and narrowed down the list of networks to keepthe scope of study feasible. By extension, the chosen socialnetworks employ state-of-the-art defence strategies. Thus,any possible attacks on these networks would employstate-of-the-art techniques. Transitively, the analysis holdsrelevance for other social networks as well.Insights in Fig. 5 presents a positioning of the mostbanned sorts of hacking. It is as indicated by the reaction ofadults to a survey in the United States during January 2021.It reports around 44% of the respondents accept that digitalsecret activities ought to have the most severe 05000FacebookTwitter300200LinkedInPinterest YouTube WhatsApp InstagramSOCIAL NETWORKING PLATFORMS100Tinder13