Social Coding Platforms (SCPs) like GitHub have become central to modern software engineering thanks to their collaborative and version-control features. Like in mainstream Online Social Networks (OSNs) such as Facebook, users of SCPs are subjected to privacy attacks and threats given the high amounts of personal and project-related data available in their profiles and software repositories. However, unlike in OSNs, the privacy concerns and practices of SCP users have not been extensively explored nor documented in the current literature. In this work, we present the preliminary results of an online survey (N=105) addressing developers’ concerns and perceptions about privacy threats steaming from SCPs. Our results suggest that, although users express concern about social and organisational privacy threats, they often feel safe sharing personal and project-related information on these platforms. Moreover, attacks targeting the inference of sensitive attributes are considered more likely than those seeking to re-identify source-code contributors. Based on these findings, we propose a set of recommendations for future investigations addressing privacy and identity management in SCPs.
SCPs are rich sources of information about developers’ sociotechnical skills and have helped, to a great extent, characterise current trends in software engineering. However, despite their importance, little attention has been placed on the privacy-related behaviour of SCP users and the threats steaming from unsavvy information disclosure practices. In this work, we provided some empirical insights in this regard with the aim of paving the road for future investigations. Overall, our results suggest the need for further research assessing the usability of the current privacy-enhancing mechanism available in SCPs. That is, to determine whether such mechanisms meet users’ individual and collective goals of transparency, access control, and anonymity.
Developers’ knowledge and perception of privacy threats also call for additional research efforts, as it is critical to assess their (potential) lack of awareness in order to outline adequate cybersecurity training programs. The role of risk awareness in the adoption of privacy-enhancing technologies has been thoroughly studied and documented across the OSN literature (Oukemeni et al., 2019). In future work, we plan to delve into the interplay between risk awareness and privacy-related behaviour in SCPs. Particularly, on developers’ knowledge about potential privacy threats (e.g., secrets sprawl or code re-attribution) and their adoption of cybersecurity best practices (e.g., see Krause et al., (2022)).
@inproceedings{DiazFerreyra2023,
author = {Ferreyra, Nicolás E. Díaz and Imine, Abdessamad and Vidoni, Melina and Scandariato, Riccardo},
title = "{Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms}",
year = {2023},
isbn = {},
publisher = {Association for Computing Machinery},
address = {New York, USA},
doi = {10.1109/CHASE58964.2023.00019},
booktitle = {16th International Conference on Cooperative and Human Aspects of Software Engineering (CHASE 2023)},
pages = {105-110},
numpages = {12},
location = {Melbourne, Australia},
series = {CHASE'23}
}