Skip to Main Content
Social sites frequently ask for rich sets of user identity properties before granting access. Users are given the freedom to fail to respond to some of these requests, or can choose to submit fake identity properties, so as to reduce the risk of identification, surveillance or observation of any kind. However, this freedom has led to serious security and privacy incidents, due to the role users' identities play in establishing social and privacy settings. In this paper, we take a step toward addressing this open problem, by analyzing the dynamics of social identity verification protocols. We use a game theoretical framework to describe a simple two-player general sum game describing the behavior of a server system (like Face book) that provides utility to users. Users can choose to register a new identity using the true information, false information or no information (and remain anonymous). Likewise, the server may choose to believe and add the prospective social user, believe and yet fail the registration, or do nothing. We show criteria on the relative payoff of providing no information (anonymity) that produce various Nash equilibria. We then show that in the presence of a binding agreement to cooperate, most players will agree to share information. This result is consistent with reality, and suggests that sites that require users to authenticate with identity information should be prepared to provide strong guarantees on privacy in order to ensure that a social contract is maintained and the sites are not damaged. To the best of our knowledge, this is the first time an analytical model is developed to study the dynamics underpinning users' registration is social media.
Date of Conference: 9-11 Oct. 2011