Technological Forecasting & Social Change

The proliferation of social platforms and the enhanced connectivity have led people of di ﬀ erent age groups, ethnicity, social or economic status to reveal a great deal about themselves online. Data collected from online social networks (OSN) provides social, economic, and cultural information which can be utilized by governments, policy makers, authorities and even commercial industries to better understand market trends and behavioral patterns, that can in ﬂ uence the individual dynamics through open data sources. OSN constitute a breeding ground for the spread of several risks and threats to privacy and security that a ﬀ ect participation and quality of life in smart cities. Although the aspects of privacy and security, and individuals' behavior in social networking are important for the successful development of smart cities, they have not been adequately discussed. To this end, this study aims to address this issue by revealing the risks, threats and individuals' behavior on OSN as an attempt to enhance privacy and security, and boost community's engagement in smart cities. Furthermore, a novel model which outlines the relationships between privacy and security threats, along with some e ﬀ ective countermeasures for the protection of OSN users in smart cities are proposed.


Introduction
Demographic, environmental, economic and technological trends in combination with urban sustainability have led to the design and development of smart cities (SC), which are expected to be able to address recent and future challenges by taking advantage of Information and Communications Technologies (ICT) (Anthopoulos, 2017;Nokia, 2016).The acquisition of urban knowledge, which comes from the exploitation of urban data, helps cities to identify local weaknesses and opportunities and determines decision-making and smart service deployment, while they concern major prerequisites for transforming a typical city to a SC (Moustaka et al., 2018a;Nuaimi et al., 2015).In this regard, a wide variety of fixed or portable devices (e.g., sensors, cameras, meters, actuators and RFID, etc.), the so-called Internet of Things (IoT), and applications (e.g., OSN, web platforms, mobile applications, etc.) has been developed and utilized to capture different aspects of life in cities (Moustaka et al., 2018a).Recent facts have revealed that 4.9 billion objects became Internet-connected in 2017, while this number is expected to reach or exceed 50 billion in 2020 (Marr, 2017).
In addition, smartphone penetration has led to the rapid expansion and increased use of OSN, the users of which it is estimated that exceeded the population of 2.46 billion in 2017 (Statista, 2018).A huge amount of heterogeneous urban data streams, generated from the aforementioned data sources, result to the transition from "data-informed urbanism" to "data-driven urbanism", as aptly pointed out by Kitchin (2016).
Whilst data is a valuable asset for cities, its collection and processing methods, ownership regime and the purpose of their use raise serious ethical issues, which must be addressed by the SC stakeholders (e.g., policy makers, researchers, companies and utilities, etc.) (Bianchini and Avila, 2014;Cobb, 2016;Kitchin, 2016).In several cases, the collected data for public benefit was, ultimately, exploited by both public and private organizations for their own purposes (e.g., mass control, market dominance, dataveillance, etc.), violating the privacy rights of individuals and overshadowing the vision of SC (Bianchini and Avila, 2014;Cobb, 2016;Greenfield, 2013;Kitchin, 2014;Kitchin, 2016;Townsend, 2013).Excessive zeal and efforts to record and monitor activities within cities, and vulnerabilities of ICT infrastructures have https://doi.org/10.1016/j.techfore.2018.10.026Received 10 May 2018; Received in revised form 30 September 2018; Accepted 29 October 2018 raised numerous security and privacy concerns, and in many cases have annoyed citizens (Elmaghraby and Losavio, 2014;Zoonen, 2016).Critics argue that the implementation of SC will have negative implications on individuals' freedom and privacy as they trade off the convenience offered by smart services with the provision of sensitive and personal information (Ahmed et al., 2014).Hence, these privacy and ethical issues have a negative impact on the involvement of citizens in SC development, as they feel they are constantly being monitored and their fears about privacy and security are emerging (Zoonen, 2016;Kirby, 2014).
Several researchers have dealt with privacy and security issues in SC in order to develop ethical and safe cities that will respect and protect their citizens from malicious attacks and data breaches.(Bianchini and Avila, 2014;Kitchin, 2016;Zoonen, 2016).The majority of them focused on cyber-security and privacy-issues related to ICT infrastructure (e.g., IoT, networks, databases, etc.) and SC applications (Bartoli et al., 2011;Beltran et al., 2017;Elmaghraby and Losavio, 2014;Martinez-Balleste et al., 2013;Mazhelis et al., 2016;Solomon et al., 2016;Zoonen, 2016).Specifically, Bartoli et al. (2011) highlighted the need to impose high security requirements on IoT technologies used in SC to avoid third-party abuse, and the dissociation between urban and personal data.Furthermore, Beltran et al. (2017) have developed the IoT-Architecture Reference Model (IoT-ARM) and its app to empower citizens to use their IoT and feel safe that their privacy is protected.A twolevel privacy architecture was also proposed by Mazhelis et al. (2016), which aims to protect sensitive personal information from smart applications, while Solomon et al. (2016) conducted a comparative assessment of three encryption-based techniques regarding smartphone applications that offer close proximity detection preventing any location information leak.
In contrast to infrastructure and applications, research on privacy and security issues related to OSN activities in the SC context is incomplete (Moustaka et al., 2018b).To the best of our knowledge, only a few works deal with the study of privacy and security of OSN in SC.Specifically, Martinez-Balleste et al. (2013) attempted to define citizens' privacy by proposing the "5D privacy model in SC", which concerns all urban data sources used in SC, while Zoonen (2016) has proposed the "2 × 2 privacy protection framework" that involves, among others (e.g., IoT and apps, etc.), privacy concerns on OSN, aiming to help policymakers understand and review issues related to the protection of privacy in SC.
The conceptual model of Giffinger and Gudrun (2010), for instance, analyzes SC in the following six dimensions: i) smart mobility, ii) smart economy, iii) smart environment, iv) smart governance, smart people and iv) smart living (Anthopoulos, 2017;Batty et al., 2012;Moustaka et al., 2017;Moustaka et al., 2018a).The performance of these dimensions and their sub-dimensions can be evaluated by the Key Performance Indicators (KPIs), which have been introduced by the ITU1 SC Focus Group and adopted by ISO/TR 37150 (ISO/IEC, 2015; ITU-T FG-SSC, 2014).According to Moustaka et al. (2018a), scholars have focused on smart mobility and IoT, while a few studies have dealt with security issues and individuals' behavior in SC.Taking into account this gap in conjunction with the lack of studies on the secure and constructive use of OSN in SC, as previously discussed, this article aims to shed light on the privacy and security issues related to the OSN use in SC, via investigating behavioral patterns on OSN.These patterns will reveal individuals' vulnerabilities and help SC stakeholders (policy makers, local authorities, companies, researchers, etc.) designing, adopting and applying the appropriate policies for the cultivation of smart people who will participate responsibly and safely in OSN in SC.More specifically, this article aims to provide with answers the following research questions: RQ1.What vulnerabilities lie behind individuals' activities in OSN in SC that threaten individuals' privacy and security?RQ2.What are the individuals' behavioral patterns in OSN that could be exploited by SC stakeholders, with the purpose of adopting and applying the appropriate policies aiming at enhancing protection of individuals during social networking and encouraging their participation in SC?Both these questions are important to be answered, since more and more SC services are being deployed, which interact and collect data in combination with OSN.Moreover, citizens' ICT literacy concerns a significant SC driver and it is not necessarily at the appropriate level in all SC cases.
In order to answer the above research questions, this article initially highlights the usefulness of OSN in SC, and discusses corresponding potential privacy and security risks.Particular emphasis is given on threats targeted to children who concern a sensitive SC user group, which will play significant role with regard to the future development of SC.Then, smart people and smart living dimensions, which are linked to privacy and security and individual's behavior over OSN, are analyzed and their interaction regarding privacy and security issues on OSN is discussed.The behavioral patterns on OSN are also explored, with the aim of identifying and addressing individuals' vulnerabilities to turn them into smart people who will be actively involved in the implementation of SC.Finally, a novel relationship model which specifies the borderlines between privacy and security threats along with some appropriate measures to protect and enhance social networking are proposed, aiming to cultivate smart people, to address the challenges of privacy and security of OSN in SC, and create safer and more ethical cities.The proposed model is tested and validated by an empirical study which concerns evidence from the SC of Trikala.
The contribution of this article is twofold: i) it studies how privacy and security on OSN interact and affect smart people and smart living dimensions, identifying the borderlines between them, and ii) investigates behavioral patterns of individuals on OSN and discusses some indicative measures, with the aim of transforming them into smart people and enhancing their significant engagement in SC through social networking.Furthermore, the proposed relationship model of security and privacy threats can become a useful tool for SC stakeholders who utilize OSN as urban data source and care about individuals' security and engagement in SC.
The rest of this paper is structured as follows: Section 2 deals with OSN, which are one of the main sources of urban data, and their potential vulnerabilities that endanger privacy and security of their users.Section 3 investigates the interactions among smart people and smart living dimensions with regard to privacy and security issues on OSN, while Section 4 reveals the behavioral patterns of individuals on OSN.Section 5 proposes the relationship model of privacy and security threats and presents some countermeasures regarding data protection and OSN that can lead to the development of safer and more ethical cities by improving the dimensions of smart people and smart living.An empirical study, which proves the proposed relationship model is presented in Section 6, while the paper concludes with Section 7, which contains some conclusions and future perspectives.

OSN impact on smart cities
This section presents the conceptualization of SC and discusses the exploitation of OSN in SC and their privacy and security risks, which undermine their significant contribution as urban data sources.

Smart city: a system of subsystems
Several definitions, conceptual architectures and models that approach SC from various perspectives have been proposed by SC scholars (Anthopoulos, 2017;Giffinger and Gudrun, 2010;Batty et al., 2012;Albino et al., 2015;Komninos, 2013) and standardization organizations (e.g., the International Standards Organization,2 the International Telecommunications Union (ITU), etc.), with the purpose of clarifying organizational and implementation issues (ISO, 2015).For the purposes of our research, a technical model proposed by British Standard Institution (BSI, 2016) was selected, as it highlights the value of data, IoT and OSN in the SC implementation.According to BSI's model, SC is a system that consists of several subsystems (infrastructure-based sectors and service-based sectors), which interact via ICT (Fig. 1).In this model heterogeneous data is produced and collected via sensors from different hard facilities (energy, water, transport and waste) or in service-based sectors (health, education, safety and OSN); it is stored in city data storages; analyzed; and displayed on city dashboards.Embedded networks of sensors and devices in the physical space of cities and the new capabilities offered by OSN, Web 3.0 applications and crowdsourcing are expected to create a real-time spatial intelligence with a direct impact on the services that cities offer to their citizens (ISO/JTC, 2015).

OSN as sensors of urban dynamics
OSN (e.g., Facebook, Twitter, Foursquare, Instagram, etc.), as derived from the BSI's model, are one of the service-based sectors' subsystems that interact with other subsystems and contribute to the development and implementation of SC (BSI, 2016).These interactive computer-mediated technologies contribute to collective intelligence through crowdsourcing platforms, mashups, web-collaboration, and other means of collaborative problem solving (ISO/JTC, 2015).According to ISO/CD 37122 (ISO/TC 268, 2017), OSN are an excellent tool for the interaction between citizens and local authorities, as strengthen citizens' engagement and improve the management of nonemergency situations (e.g., complaints registration, brain storming for local issues, etc.).Examining their impact on e-government and e-participation, Dameri and Ricciardi (2014) concluded that OSN significantly contribute to: i) service delivery, ii) governance participation, and iii) smartness awareness.
In addition, OSN behave as "human sensors", which record human activities and preferences (e.g., sentiment, political beliefs, social interactions, human mobility, presence in specific events, likes etc.) in cities (Moustaka et al., 2018a).Compared with sensor-based data collection methods, OSN offer: i) volumes of heterogeneous data, ii) reduced costs, iii) interoperability, and iv) dependability (Doran et al., 2014).The specific technical feature of OSN is that they offer the possibility of geolocation/check-ins, which facilitates the recognition of location based postings, expressions of interest and interactions, and by extension, the extraction of urban patterns that are useful for urban traceability and management.For instance, Aiello et al. (2016), extracted sound-related words from geo-referenced OSN content, which were retrieved by Freesound3 and geo-tagged photos from Flickr, investigated the relationships between emotions and soundscapes for the cities of Barcelona and London and based on their findings characterized the areas of these cities as chaotic, monotonous, calm, and exciting (Fig. 2(a) and (b)).Also, Falher et al. (2015), used geo-tagged data (check-ins) from Foursquare and Twitter and discovered neighborhoods with similarities (e.g., areas with fashion shops, parks, government buildings, expensive residences, etc.) across cities in Europe and the USA, while Yang et al. (2018) have investigated human mobility at the community level in Wuhan with the analysis of geo-tagged data from Weibo (Fig. 3).
Twitter holds a prominent position among OSN as it offers: i) realtime update, ii) flexibility, as a user can track someone else's post without being friends, iii) ability to harvest huge amounts of data through its APIs, and iv) potentiality for future situations prediction (Bright et al., 2014;Hutchinson, 2016).With the use of geo-tagged data from Twitter, Doran et al. (2014) recognized and visualized various geographic, social, cultural and political characteristics that have led to the extraction of citizens' perceptual patterns in a large city.Efstathiades et al. (2015) identified users' key locations (i.e., home and work places) in Netherlands, city of London and Los Angeles county, while Gkatziaki et al. (2017) extracted urban social activity patterns and interactions, by modeling New York, London, and San Francisco cities into "dynamic areas" which are evolving over the time.Moreover, Kumar and Ahmed (2016) and Giatsoglou et al. (2015) exploited Twitter for traffic event detection and community detection, respectively.
Due to their advantages, OSN have already been widely utilized for the implementation of SC either independently or complementary to IoT (Doran et al., 2014;Martinez-Balleste et al., 2013;Mazhelis et al., 2016;Moustaka et al., 2018a;Solomon et al., 2016;Vakali et al., 2013).SC with interconnection of mobile devices that support the use of OSN and applications and IoT can collect and analyze data and improve the ability to extract patterns, and, forecast and manage urban flows and events.

OSN privacy risks & security threats
Despite the fact that OSN is a useful tool for SC stakeholders that exploit local data, many privacy and security concerns can be generated.Individuals increasingly register and share personal information (such as date of birth, email address, telephone number, home address, photos, videos, etc.) on OSN and their content can be used in many ways exposing them to danger.In many cases, individuals' activities on OSN (e.g., social interactions, sentiments, personal preferences, location, etc.) are recorded and analyzed in their absence in SC (Martinez-Balleste et al., 2013;Rizzo et al., 2016;Luo et al., 2016).For the purpose of investigating the privacy and security concerns raised in the SC context, at this point, we will clarify the terms of "privacy" and "security", which are often confused.
Privacy concerns the protection of individuals' personal information from the illegal disclosure and use by third malicious parties and it is directly related to the individual's online behavior and privacy preferences (Zhang and Sun, 2010;Martinez-Balleste et al., 2013;Patsakis et al., 2014;Kitchin, 2016).Recent studies have revealed that individuals' belief that their privacy is more protected than that of others, and the degree of their trust in other users, compromise their privacy (Baek et al., 2014;Bergström, 2015).According to Solove's taxonomy, the privacy breaches and harms in SC occur and fall into the following four processes: i) information collection, ii) information processing, iii) information dissemination, and iv) invasion (Solove, 2006).Zhang and Sun (2010), in their work, have shown that individual's privacy οn OSN is distinguished in three parts as follows: 1. Individual's identity anonymity: concerns the protection of the user's identity, so that it is not easily detected on the Internet; 2. Individual's personal space privacy: refers to access control on user's profile, in particular on the information and content that it is posted on it; 3. Individual's communication privacy: concerns the protection of information related to the connection network (e.g., IP address, location, etc.) and the user's navigation activities (e.g., friends, messages sent, online preferences, etc.).
On the other hand, security refers to the protection of OSN users from threats caused either by inside attackers (i.e., other OSN users) or by external attackers (i.e., individuals who do not participate but can commit attacks on the OSN system) who exploit the unawareness and naivety of their potential victims (Zhang and Sun, 2010).
Many research efforts have focused on identifying and dealing with risks and threats affecting OSN (Fire et al., 2014;Patsakis et al., 2014;Zhang and Sun, 2010).According to Fire et al. (2014), OSN threats can be divided into the following four main categories, the subcategories of which are presented in Fig. 4.
1. Classic threats: threats that occurred when the Internet was created and spread, and referred as malware, phishing, spam or cross-site scripting attacks.Although these threats have been addressed in the past, due to the spread of OSN, they are becoming more viral and spreading through their users and their friends.2. Modern threats: threats related to OSN and target the individual's personal information and the personal information of their friends.
Information and location leakage, fake profiles, identity clone attacks and face recognition are just some of these threats.3. Combined threats: threats which are the combination of classic and modern threats to create more effective threats.4. Threats targeting children: threats directed exclusively at children and adolescents.Online predators, cyber-bullying and children's risky behaviors, when they communicate online with strangers and publish private information and photos on OSN are the most risky of these threats.
OSN users are also exposed to risks by their share multimedia content, many of which are indirect or often ignored by the majority of them.The most dangerous from these risks are: i) multimedia content, ii) lack of policies, iii) platform vulnerabilities and iv) open access.The individual's sensitive and personal content is stored, daily, as multimedia files on OSN, which are software platforms vulnerable to the bugs and malicious third parties.The recent data scandal of Facebook and Cambridge Analytica that hit 78 million users is a prime example of the inadequacy OSN privacy and security settings, and the leakage and abuse of individuals' personal data (BBC, 2018;Groth, 2018).Additionally, the lack of policies to govern every possible privacy issue or to allow fine-grained user customization and the existing "freemium" model, which allows individuals to register quite easily, contribute to the creation of multiple and false accounts complicating the detection of malicious actors (Patsakis et al., 2014).
The most peculiar and dangerous threats mentioned above are threats targeting children.These threats, which can be extended to adults, are usually caused by psychological factors and occur both in real life and in online life.Online predators and cyber-bullying attacks are booming nowadays.Adults or minors in order to satisfy their fantasies and to erase their frustration and anger, often, sexually harass or intimidate their potential victims (Fire et al., 2014).Parents cannot fully protect their children whose critical ability and online defense on OSN are limited, while in many cases adults are sharing sensitive personal information and photos on OSN regarding to their children, exposing them to privacy and security risks (Minkus et al., 2015).The Canadian Centre for Child Protection4 has revealed that children under 12 years old were depicted in 78.30% of the images and videos assessed by their team.Furthermore, recent surveys have revealed that cyberbullying5 occurs mainly through OSN, while more than 82% of online sex crimes related to sexual predators6 and online sexual offenses originate from OSN that predators use to gain insight into their victims.These threats can have disastrous and irreversible effects (e.g., suicides), as they greatly affect children's behavior and psychology (Fire et al., 2014;Minkus et al., 2015).

Social dimensions vulnerabilities and interactions
Since OSN are directed and used by people and they influence life and security in cities, our study focus on smart people and smart living dimensions which are related to the social perspective of SC (Albino et al., 2015;Batty et al., 2012).The ISO/CD 37122 (ISO/TC 268, 2017) document concerns the Sustainable Development of Communities in SC and defines KPIs for the evaluation of these dimensions, the most relevant to our research of which, are presented in Table 1.With the purpose of focusing on the specific sub-dimensions of these two dimensions, which relate to privacy and security issues, we have exploited the appropriate smart people and smart living KPIs, which have been introduced by the ITU SC Focus Group.These KPIs comprehensively cover all aspects of life in SC in conjunction with ICT including safety and security issues such as the information security (ISO/ IEC, 2015; ITU-T FG-SSC, 2014).

Smart people
People are recognized by many researchers as the main SC strength for SC infrastructure and service utilization (Bird, 2017;Giffinger and Gudrun, 2010;Marinaro, 2016;Nam and Pardo, 2011).In this regard, smart people SC dimension is being measured by the following indexes: i) human factors, which are creativity, flexibility, social learning and education, level of qualification, and ii) social factors, such as social and ethnic plurality, open-mindedness and individuals' participation in public life (Batty et al., 2012;Giffinger and Gudrun, 2010;Nam and Pardo, 2011).According to the ITU SC Focus Group, smart people fall into the dimension of equity and social inclusion.The degree of their "intelligence" can be measured by the corresponding KPIs, which evaluate: i) education and training, ii) openness (i.e., international communication and cooperation via ICT) and iii) participation in public life (ISO/IEC, 2015; ITU-T FG-SSC, 2014).
Individuals share their opinions, feelings and content on OSN, generate data with personal IoT devices (e.g., wearable, smart meters in their homes, health applications etc.), and in some cases participate in surveys and crowdsourcing activities (e.g., SEN2SOC 7 platform, CrowdFlower 8 platform, etc.).This data becomes a crucial city asset, since it can be transformed to valuable knowledge and helps decisionmaking (Moustaka et al., 2018a).If KPI values regarding education and training are high, it is expected that individuals possess advanced digital skills and to be responsible with OSN use and their personal data, which influences the local quality of life accordingly (ISO/IEC, 2015; ITU-T FG-SSC, 2014).Privacy, which is primarily personal responsibility, is ensured by the proper use of OSN privacy settings and can lead to security protection and improvement, as individuals cease to be vulnerable to malicious third parties.Mazhelis et al. (2016), in their work, have claimed that individuals' engagement can be enhanced, if they feel safe and convinced that their personal data, which are being recorded by the various devices and applications are fully protected and that they control the purpose of its use.Consequently, the feeling of security and confidence on OSN, encourages individuals to engage in social issues and this response increases the corresponding KPI values  (i.e., openness, participation in public life), while it enhances service cocreation with local authorities (Lee and Lee, 2014;Zoonen, 2016).
On the contrary, low KPI values in smart people dimension (i.e., due to the lack of education and training, are expected to depict that individuals' OSN behavior is vulnerable to privacy and security threats (Cecere et al., 2015;Fire et al., 2014).Thus, malicious actors have an increasing opportunity to perform cyber-attacks, degrading OSN security and threaten OSN users.Moreover, user concerns regarding privacy violations and improper data tracing and use by third parties, discourage their OSN engagement and lead to registration of inaccurate and even wrong data (Kantarci and Mouftah, 2014;Zoonen, 2016).As a parallel effect, user participation in social issues is impacted and corresponding KPI values can decrease too.

Smart living
Smart living SC dimension depicts the local quality of life (Anthopoulos, 2017;Batty et al., 2012;Giffinger and Gudrun, 2010;Moustaka et al., 2018a) and it is being measured by the following indexes: i) cultural facilities, ii) health conditions, iii) individual safety, iv) housing quality, v) education facilities, vi) touristic attractivity and vii) social cohesion (Giffinger and Gudrun, 2010).ITU SC Focus Group has associated smart living with three of the six KPI dimensions, which are i) equity and social cohesion, ii) quality of life and iii) physical infrastructure, which are being measured by corresponding indexes (ISO/ IEC, 2015; ITU-T FG-SSC, 2014).The proposed KPIs cover a wide range of services, from network and information facilities to health and education services.
Due to this SC dimension's broad scope, large amounts of urban data are required to understand local needs and develop and manage smart services (Anthopoulos, 2017;Moustaka et al., 2017;Moustaka et al., 2018a).Since the urban data that is collected from all the available data sources is circulated rapidly, new privacy and security concerns can emerge, which affect smart living KPI values regarding safety and security, and more specifically information security (ISO/IEC, 2015).Potential cyber-attacks to SC resources (e.g., databases, IoT networks, applications, etc.) and OSN (as it was described in Section 2) affect public security and privacy, as well as, openness and social participation, and in this respect they reduce corresponding smart living and smart people KPIs (Ahmed et al., 2014;Bartoli et al., 2011;Beltran et al., 2017;Elmaghraby and Losavio, 2014;Martinez-Balleste et al., 2013;Mazhelis et al., 2016;Solomon et al., 2016;Zoonen, 2016).

Table 1
Association between smart people and smart living KPIs, focusing on security and social issues.Consequently, the smart living KPI values demonstrate the levels of information security, openness and participation in public life, and determine the quality of life and citizen participation.

Individual privacy VS global security
In recent years, several standardization bodies (e.g., ITU, ISO, etc.) and scholars, approaching SC from different perspectives, have proposed sets of KPIs for the assessment of their performance.KPIs that indicate the level of smart people and smart living in terms of protecting their privacy, security and participation in public life are presented in Table 1.The International Standard ISO/CD 37122 (ISO/TC 268, 2017) proposes a set of specific indicators for the evaluation of city services, such as culture, governance, telecommunications, etc. Indicators on education, culture and telecommunications services reflect "education and capacity building" issues and contribute to "social cohesion", "well-being", "resilience" and "attractiveness" purpose of the city as defined in ISO 37101 (ISO/TC 268, 2017), while urban planning and governance services reflects "empowerment and engagement" issues and contribute to "social cohesion", "attractiveness" and "resilience" purpose of the city.Finally, indicators for economy and recreation reflect "living together" and "living environment and working" issues and contribute to "social cohesion", "attractiveness", "resilience" and "well-being" purpose of the city (ISO/TC 268, 2017).Although ISO/CD 37122 (ISO/TC 268, 2017) introduces KPIs for education and capacity building, engagement and social cohesion issues, it does not provide indicators for assessing information security.On the other hand, the indicators proposed by SC scholars are suitable for understanding the SC dimensions, but are generic and overlapped by the official KPIs of the standardization bodies.Finally, the KPIs proposed by ITU SC Focus Group, which refer to all SC services from a technical point of view, with particular emphasis on ICT, were considered the most suitable for our research.The matching of these KPIs to privacy and security threats in OSN and the interactions between them are demonstrated in Fig. 5, in which red and green beats indicate direct and indirect interactions respectively.
According to the aforementioned two subsections and existing studies (Moustaka et al., 2018b), it appears that there is a strong interaction and correlation between smart people KPIs and smart living KPIs (i.e., information security, openness, public participation).Privacy protection at individual privacy levels can affect global security levels in cities and vice-versa, as it is depicted in Fig. 6.More specifically, the level of local education and training, and of openness determines their behavior and attitudes towards data provision and privacy concerns, while it affects positively or negatively information security in SC.
Moreover, data that is generated by participation activities is transformed into valuable knowledge for cities, which in turn leads to the development of new services; to the improvement of the quality of life and, finally, the enhancement of smart living.
On the other hand, in a "closed" SC, citizen attitudes and privacy concerns are influenced by the prevailing public perceptions and the level of information security, openness and quality of life.Individuals often lose their online trust, due to both their private and public concerns with regard to personal data trace and misuse, as it is depicted in Fig. 6.Mistrust and suspicion towards OSN discourage social participation and favors the entry of fake data, which in turn affects social engagement and decreases the corresponding KPIs.On the contrary, appropriate training activities, policy-making and campaigns can be undertaken by local governments, while the development and dissemination of privacy protection tools, can lead to behavior patterns social participation (Zoonen, 2016).

Behavioral patterns and phenomena over urban OSN
The determination of OSN behavioral patterns can become a useful tool for the realization of corresponding user activities.In this respect, and in an attempt to enhance OSN users' behavior and empowerment of smart people, as well as to revise the OSN operational context (e.g., privacy and security settings, data management, etc.), relevant empirical studies, which explore -from different perspectives-the participation motivations, the concerns and the behavior of different users in social networking are presented.Literature findings show that individuals' behavior on OSN can be organized in four stages, as follows: i) Stage 1: factors that motivate involvement; ii) Stage 2: privacy concerns; iii) Stage 3: individuals' behavior when using OSN; and iv) Stage 4: individuals' behavior when facing privacy and security risks.These stages are described in the following subsections.

Stage 1: involvement incentives on OSN
Social Web and its applications have revolutionized the Internet and they change the communication methods radically, while they enable dynamic interactions between users and organizations.It is remarkable that Facebook Messenger and WhatsApp alone handle more than 60 billion messages per day (Smith, 2016).Beyond direct communication (mobile messaging), Social Web delivers services that fulfill a rich variety of social and commercial needs, such as information crawl,  publishing, sharing, networking, collaborating, etc., as it is depicted in Fig. 7.In this figure, Facebook, Twitter and Google are located in the center of the social ecosystem, as all the online services are being evolved around them (Cavazza, 2017).Recent records have revealed that approximately 510,000 comments are posted, 293,000 status changes are registered, and 136,000 photos are uploaded on Facebook every 60 s; 500 million Tweets are sent every day; 3.5 billion likes/day are taken place on Instagram; and 56 million blog posts are published on Wordpress every month (Smith, 2016;ZEPHORIA, 2017).Although the use of OSN for commercial (Bertot et al., 2012;Kim et al., 2015) and governmental purposes (Hanna et al., 2011;Schivinski and Dabrowski, 2016) is comprehensible, questions arise with regard to the reasons and incentives of the increasing involvement of individuals on OSN.
The direct, multimedia, and cost-effective way of communication, appears to be a profound reason, but only for users that eagers them to create and share content, and sometimes valuable private information on OSN.There are more complex reasons that justify this behavior (Yin et al., 2015;Gangadharbatla, 2008;Kisekka et al., 2013;Ball et al., 2015).Yin et al. (2015) explore the key factors that affect users' continuous intention of using OSN and they discovered that fear of missing out (FoMO) and fun positively affects a continuous OSN use.These findings were verified by a recent social research which, focusing on investigating and identifying the 10 most popular reasons for using the OSN, revealed that 42% of Internet users use them to "stay in touch with what their friends do", while other popular reasons are real-time updates, free time spending, social networking, and content and opinion sharing (McGrath, 2017).The same survey also showed that people of 16-24 year-olds use social media to fill up spare time, users among 25-34 year-olds to stay in touch with their friends, and users among 34-44 year-olds to stay up-to-date with news and current affairs.Therefore, the reasons for using OSN and users' expectations vary depending on their age.The same conclusion is reached by Kisekka et al. (2013), who, after adopting the Communication Privacy Management (CPM) theory and using a sample size of 488 adult Facebook mobile phone users, have investigated the differential impact of age on the extent of Private Information Disclosure (PID).Their findings demonstrate that i) likelihood of PID was less for three groups of users: females, individuals who use smartphones to access their accounts, and individuals with more than one active OSN account; ii) usability affected older and younger adult users differently; and iii) an increase in social networking involvement does not increase the likelihood of PID.
Findings vary with regard to the role of gender too.A few scholars have claimed that gender does not influence individuals' practices (Furnell, 2008;Levy and Ramim, 2009), while others such as Fogel and Nehmad (2009) argued that gender affects individuals' online personal information sharing practices.The above findings justify that the reasons, which motivate individuals to use OSN are determined by demographic factors such as age, gender, and education.Focusing on psychological factors, Internet self-efficacy, need to belong, and collective self-esteem all have positive effects on individuals' attitudes towards OSN.Specifically, the individual's attitude towards OSN mediates the relationship between his willingness to join OSN and i) Internet self-efficacy and ii) need to belong, while the mediation is only partial between his willingness to join and collective self-esteem (Gangadharbatla, 2008).Furthermore, Ball et al. (2015), assessing and comparing the influence of individuals' personal information sharing awareness (PISA) on their habits (PISH) and practices (PISP) on OSN, has demonstrated that individuals' habits were determined to have the strongest influence on their practices and information sharing activities, while the awareness was not significantly influencing them.

Stage 2: individuals' privacy concerns
OSN are very popular as more and more people spend more or less time on them.Despite widespread warnings regarding dangers of poor online security practices, a surprisingly high percentage of users remain still very naive about security on OSN (Jang-Jaccard and Nepal, 2014; Sundar and Marathe, 2010).Since incentives for OSN use differ, privacy concerns, trustiness and individuals' behavior towards them also vary.A lot of individuals take into account OSN risks and adhere to necessary security settings, while other individuals are clueless and exposed directly to underlying risks.According to "privacy paradox", individuals with high level of privacy concerns are more vulnerable to personal data disclosure, while there is inconsistency between privacy concerns and privacy settings (Acquisti, 2010;Acquisti and Gross, 2006;Norberg et al., 2007).Of particular interest are the findings of Hoadley et al. ( 2010) who ascertained that easy information access and "illusory" loss of control on Facebook prompted by the introduction of News Feed features trigger privacy concerns to its users.Actually, individuals' privacy perceptions and concerns are affected by various socio-demographic, psychological and cultural factors.Acquisti and Gross (2006) and Cecere et al. (2015) found that males are less concerned than females regarding online privacy, Jensen et al. (2005) claimed that women are more hesitant than men, while other empirical studies revealed that there is no significant difference between two genders (Sheehan, 2002;Yao et al., 2007).Moreover, Yao et al. (2007) revealed that beliefs in privacy rights, as well as psychological needs for privacy are the main influences on online privacy concerns.With regard to age and education, relative studies have concluded that both of them have positive impact on individuals' privacy concerns (Bellman et al., 2004;Brown and Zukowski, 2007;Cecere et al., 2015;O'Neil, 2001;Sheehan, 2002).Finally, Cecere et al. (2015) the level of individuals' privacy concerns is determined by both cultural and socio-demographic factors.Specifically, analyzing data from a survey drawn up for EU, they found that Northern and Eastern European countries are less concerned about the misuse of personal data than Central and Southern European countries, while at the individual level, the results demonstrate that women, highly educated and middle-aged individuals are more concerned about potential personal information misuse than other individuals' groups.

Stage 3: individuals' behavior on OSN
The individuals' behavior on OSN is often unpredictable and reflects both their privacy concerns and their personalities.Several studies have concluded that different types of information have different levels of sensitivity, while individuals are less likely to disclose more sensitive information.Consolvo et al. (2005) and Lederer et al. (2003) both Fig. 7. Social Media Landscape (Cavazza, 2017).
found that individuals are more willing to share vague information than specific personal information, while Gross and Acquisti (2005) identified incomplete information, bounded rationality, and systematic psychological deviations from rationality as three main challenges in privacy decision making.Moreover, Knijnenburg et al. (2013) claimed that individuals' disclosure behavior is in fact multi-dimensional as different people have different tendencies to disclose various types of information, while Norberg et al. (2007) have considered that most OSN users share content and personal information much more freely than expected based on their attitudes.
OSN offer users the ability to manage the information they disclose and protect their privacy through their privacy settings (Kuczerawy and Coudert, 2011).Since the right implementation of privacy and security settings is user-dependent and indicates individual's behavior on OSN, several studies have been conducted to investigate the suitability and reliability of privacy settings, as well as individuals' behavior regarding their proper selection and use (Hugl, 2011;Kuczerawy and Coudert, 2011;Li et al., 2015;Madejski et al., 2011;Stross, 2009).According to Kuczerawy and Coudert (2011) and Stross (2009) only 25% of Facebook users have changed their privacy settings, while the majority of Facebook users are not properly informed about them.Li et al. (2015), by examining representative OSN including Facebook, Google, and Twitter, discovered that there are conflicts between privacy control and OSN functionalities, so that the effectiveness of privacy control may not be guaranteed as most OSN users expect.Moreover, Luo et al. (2011) in their work have quantified the disparity between the desired and actual privacy settings and found that users' privacy settings match users' expectations only 37% of the time, while often they share more information than expected.Madejski et al. (2011), evaluating the actual preferences and behavior of Facebook users, found that there is a lower limit of the inconsistencies between users' sharing intentions and their privacy settings.In some cases individuals, depending on privacy settings of their online friends, can make their friends and the network of their friends vulnerable on Facebook risks (Gundecha et al., 2011).Additionally, Netter et al. (2013) studying the privacy settings on OSN with the use of a novel approach based on profiles content of Facebook users, have indicated a mismatch between perceived, preferred, and actual settings due the lack of users' awareness and control.Finally, Aljohani et al. (2016), conducting a survey on OSN users' privacy settings and information disclosure and investigating users' behavior on Facebook, Twitter, Instagram, and Snapchat, found that huge amounts of personal information are revealed at different levels between OSN, and actually, the socio-demographic factors such as gender, age, and education significantly affect information disclosure and privacy settings use.Therefore, the existence of privacy settings does not guarantee individuals' protection on OSN, but their proper use is required, which depends on individuals' online behavior determined by their background.
Of particular interesting are two comprehensive studies that explored the personal (i.e., education, experiences, maturity, awareness, etc.) and psychological factors that affect individuals' behavior on OSN.Shillair et al. (2015) using the protection motivation theory (PMT), a model within the class of social cognitive theories (SCT), investigated the interaction among user knowledge, personal responsibility, and training techniques for the purpose of encouraging online safety behavior.Their findings have shown that the above factors interact with each other as follows: enhancing individuals' sense of personal responsibility can lead to the adoption and implementation of appropriate and effective internet security measures, but it is not always sufficient.The measures taken and the training of individuals should match their level of knowledge in order to improve their online behavior.On the other hand, Dong et al. (2015), performing two common scenarios, information requests and information sharing, investigated the main psychological factors that influence privacy-making on OSN.The study outcomes are summarized as follows: i) information sharing is affected by the audience, while information requests depend on the requester as he/she determines the receiver's trust and the final privacy decisionmaking outcome, ii) individual's privacy decision-making on OSN depends mainly on the tradeoff between privacy and self-presentation, iii) sensitivity varies with audience, iv) contextual information should be taken into account for privacy decision-making, and v) individuals tend to share information or receive requests when conditions permit.

Stage 4: individuals' behavior when facing privacy and security risks on OSN
The individuals' behavior when they are confronted with privacy risks on OSN, as expected considering the above analysis, varies.An empirical study, conducted by Saridakis et al. (2016), aiming at investigating how individuals' online activity and perceptions of personal information security on OSN are related to their online victimization, has revealed that the latter is affected positively by: i) high OSN use, ii) low perceived risk, and iii) high risk propensity; and negatively by: i) high perceived control over information, and ii) high computer efficacy.Additionally, it was found that use of multipurpose OSN (e.g., Facebook, Google+, etc.) have a negative impact on individuals' victimization in contrast with OSN for knowledge exchange (e.g., LinkedIn, Blogger, etc.) which affect positively online victimization.Shin ( 2010) has also attempted to examine security, trust, and privacy concerns with regard to OSN among consumers, developing a novel model of trust-based OSN acceptance.His findings have revealed that: i) individuals are concerned about the vulnerability of security and privacy breaches when they use OSN, ii) perceived security and perceived privacy are directly associated with trust in OSN use, and iii) perceived security affects much more the individuals' attitude than perceived privacy.Moreover, Rauniar et al. (2014) investigated the individuals' attitudes towards OSN use proposing a revised Technology Acceptance Model (TAM) framework, and ascertained that perceived usefulness and trustworthiness of an OSN site determine the individuals' use intention of OSN, which in turn, affect the individuals' actual behavior on OSN.
The work of Angulo and Ortlieb (2015) is one of the very few efforts, which aims to reveal and identify common online privacy panic situations that individuals experience.The authors have investigated individuals' expectations and models of appropriate auxiliary mechanisms that could lead them towards a security solution, calming their anxiety, and preventing similar future situations, using a "virtual" privacy panic button.Their findings have shown that individuals are more concerned about potential harm to their finances or fear of discomfiture as well as third-parties knowing information regarding their personal life.Account hijacking and personal data leakage are the most frequently self-reported panic stories, while individuals are also worried about the loss of their mobile devices and their online data, the identity theft, etc.Finally, if the deployment and use of a virtual panic button was feasible, individuals would like the help provided to be immediate and effective.

Individuals' behavior formulation in SC
The previous analysis (Sections 2, 3 and subsections 4.1-4.4)and the assumption that individuals (users) are the main focus of privacy and security in OSN and SC (Marinaro, 2016;Bird, 2017) have led us to the design of Fig. 8.As shown, individuals are at the center of the circle, and their overall online behavior, which consists of four stages depicted in a different color, is determined by the current privacy and security conditions in OSN and SC.Fig. 8 combined with subsections 4.1-4.4can be used as a useful tool for those who are interested in understanding the individuals' behavior on OSN, cultivating smart people and exploiting their contribution in SC.As revealed by the summary of subsections 4.1-4.4,the participation incentives, the individuals' concerns about security and privacy, and ultimately, the behavior of individuals on OSN, are determined by: i) psychological (personal) factors (e.g., level of individual's education, habits, self-esteem, self-presentation, personality, etc.), ii) demographic factors (e.g., age, gender, etc.), and iii) socio-political factors (e.g., legislation related to privacy and security protection, level of public education, city's or country's culture, etc.).Therefore, the level of information security, privacy and quality of life of SC is responsible for shaping the online behavior of individuals in all four stages, and for participating in public life through social networking.The openness and participation of individuals in public life (two of three smart people KPIs), regarding OSN exploitation, are influenced and determined by the level of their education and training (third smart people KPI), as well as by the smart living KPIs, discussed in Section 3. As a consequence, when the values of smart people and smart living KPIs are high, individuals' behavior on OSN is expected to be responsible and prudent, and beneficial to SC.

Dealing with privacy and security challenges in smart cities
Since civic engagement and exploitation of OSN are vital for SC shaping, particular attention should be paid to addressing privacy and security challenges related to OSN, with the aim of developing safe and ethical SC where people will feel protected, and cultivating smart people who will be actively involved in SC.Smart people KPIs and smart living KPIs, especially those related to education and training, openness and information security, are indicative of the level of privacy and security in a city.The achievement of high values of KPIs, which will lead to the enhancement of cities' and people's intelligence, requires: a) identifying and understanding the factors that affect individuals' behavior on OSN and SC (Section 4); b) the understanding of differences between privacy and security threats to identify vulnerabilities that facilitate the abuse of private data; and c) taking necessary measures (e.g., revision of privacy and security legislation, software tools, specialized training and education, etc.) to prevent and deal with them.

OSN privacy risks vs OSN security threats
The exploitation of existing literature (Fire et al., 2014;Minkus al., 2015;Patsakis et al., 2014;Zhang and Sun, 2010) on privacy and security threats on OSN in conjunction with the identification of interaction among smart people KPIs and smart living KPIs regarding privacy and security in SC (discussed in Section 3), have led us to understand the differences between privacy and security threats and define the borderlines between them (Fig. 9).As demonstrated in Fig. 9, individuals' privacy on OSN is threatened by risks associated with their identity, profiles' content, and communication network information (Zhang and Sun, 2010).Moreover, risks that threaten children's privacy, which are a special case, have been also added.The security threats (Fire et al., 2014) caused by third parties and degrade the information security and life quality in cities, were analyzed and their relations with the aforementioned privacy threats were defined.The proposed relationship model of privacy and security threats is based on the analysis of the security attacks presented by Fire et al. (2014) and how these attacks are correlated with the privacy threats (Zhang and Sun, 2010) presented in subsection 2.2.
The proposed model that specifies the relationships between the potential privacy and security threats on OSN can be a useful tool for SC stakeholders who utilize OSN as an urban data source and care about individuals' security and engagement in SC.For instance, they can develop novel smart and specialized tools, software and applications to protect or educate individuals and children on OSN, improving both smart people KPIs and smart living KPIs.

Boosting participation on OSN
The excessive exposure of individuals especially children to ICT and OSN, the failure of OSN to protect effectively their users, and the lack of adequate and revised legislation increase the privacy and security risks and attacks in cities. (Li et al., 2015;Minkus et al., 2015;Patsakis et al., 2014;Shillair et al., 2015;Zhang and Sun, 2010).The adoption and implementation of new and appropriate measures are vital to protect the online activity of individuals and boost their engagement in SC.Some of the measures proposed by the existing literature, which need to be further enforced and enriched, are discussed below.

Education and training for secure behavior
Dealing with privacy and security threats depends mainly on individuals' personal background (e.g., personality, experiences, education, skills, etc.) (Cecere et al., 2015;Conteh and Schmick, 2016;Gangadharbatla, 2008;Saridakis et al., 2016), despite the fact that human factor is usually neglected in information security (Luo et al., 2011).As Conteh and Schmick (2016) have pointed out, individuals' vulnerability to cyber risks and attacks lies in human behavior and psychological predisposition, which can be influenced through education.In additions, Patsakis et al. (2014) have claimed that education combined with user awareness raising through applications'  2013) have designed and proposed a cybercrime prevention programme addressed to students, which can be used to foster the effective learning of cybercrime prevention.Finally, the work of Notar et al. (2013), a review of the literature for the period 2005-2013, summarizes all countermeasures developed and implemented in schools (e.g., public school sponsored programmes, curriculum based programmes parent programmes, online programmes, applications, etc.) for cyber-bullying intervention and prevention.

Tools and software for privacy and security protection
Beyond training, education and appropriate awareness, a variety methods and tools have been proposed and developed aiming at increasing the protection of privacy on OSN and "awakening" individuals (Li et al., 2015;Patsakis et al., 2014).Fire et al. (2014) in their work discussed OSN operator, commercial and academic solutions (e.g., OSN privacy and security settings, MinorMonitor, Defensio, socware detection, phishing detection, etc.), while Patsakis et al. (2014) presented possible solutions for the protection of multimedia content on OSN (e.g., watermarking, steganalysis, storage encryption, etc.).With regard to threats targeting children, despite their complexity, effective tools have been developed.Various add-ons have been developed to help parents block pornographic or inappropriate content (e.g., FoxFilter 9 ), and empower individuals to protect their photos online (e.g., Cryptagram) (Tierney et al., 2013).A new browser-based architecture that aims to protect minors, and not just, from malicious attacks on OSN is also designed and developed in the ENCASE Project 10 context.The proposed user-centric architecture leverages the latest advances in usable security and privacy aiming to form an effective protective net against cyber-bullying and sexually abusive (Tsirtsis et al., 2016).

Data privacy legislative framework
Since targeted education and training and the development of appropriate tools are necessary but not sufficient conditions for the achievement of full protection of individuals on the Internet and OSN, the revision and enforcement of strict legislation to safeguard the privacy and security of individuals is required (Li et al., 2015;Minkus al., 2015;Patsakis et al., 2014;Shillair et al., 2015;Zhang and Sun, 2010).Certainly, the legal framework and its implementation vary between different countries and geographical or federal unions such as the European Union (EU), the United States of America (USA), etc., but globalization and the lack of borders on the Internet lead to the need for overlaps between the relevant laws for the purpose of developing a unified international framework for trade and privacy protection (Robinson et al., 2009;O'Connor, 2018;Parsons, 2017).
Existing privacy laws have proved inadequate as they have not been able to prevent privacy violations and left many issues unregulated (Cobb, 2016;O'Connor, 2018;Parsons, 2017;Robinson et al., 2009).The European Data Protection Directive 95/46/EC, although considered to be an ideal reference model for the protection of personal data inside and outside the European Union, has exposed weaknesses in addressing: i) globalization, ii) the rapid evolution of technological capacity, and iii) the ways and purposes of personal data use (Robinson et al., 2009).With regard to the USA, Cobb (2016), conducting a review of the current US data privacy legislation in his work, concluded that US data privacy legislation tend to defend the trade interests as well as those of state security agencies and not the privacy interests of individuals.Finally, the Asia-Pacific region (APAC), trying to follow the rapid technological advancements and face the privacy and security risks, has proceeded with legislative reforms to revise existing legislation in 2016 (Parsons, 2017).
The EU, listening to the needs of an increasingly data-driven world, for the purpose of protecting all EU citizens from privacy and data breaches, has established the General Data Protection Regulation (GDPR), replacing the Directive 95/46/EC.The new regulation, which Fig. 9. Borderlines between privacy and security threats. 9https://addons.mozilla.org/en-us/firefox/addon/foxfilter/. 10 http://encase.socialcomputing.eu/. is expected to become the "gold standard" all over the world and will come into force on 25 May 2018, is the first law that directly regulates the privacy of individuals by defining explicitly the context of processing and movement of personal data inside and outside the EU (EDPS, 2018;EU GDPR Portal, 2018).Compared with the previous Directive, the GDPR has broadened the territorial scope, has clearly defined the penalties and has strengthened the terms and conditions of consent.Moreover, the GDPR clearly defines the rights of individuals (subjects), which are: (i) notification of personal data breach, (ii) access to the data gathered and the manner and purpose of its use, (iii) right to delete data, (iv) data portability, and (v) data protection during collection and processing processes; while introduces and establishes Data Protection Officers (DPO), who are obliged to notify their data processing activities to local Data Protection Authorities (DPA) (EU GDPR Portal, 2018).The GDPR also places particular emphasis on the protection of minors by introducing for the first time the requirement of parental consent for the processing of personal data of children under the age of 16 (unless national laws set a lower age threshold which cannot be lower than 13) when information services are offered (Macenaite and Kosta, 2017).
The new European regulation is expected to form the basis for revision of the legislation on data privacy protection in other countries, on the one hand because it is comprehensive covering all privacy issues, on the other because it determines the compliance framework of foreign companies operating in the EU (Cobb, 2016;Parsons, 2017;Robinson et al., 2009).Notwithstanding the impact that the new regulation will have on the data exploitation for urban knowledge acquisition, it will certainly enhance individuals' privacy and security and will lead to the development of safer and more ethical SC in Europe (SCC Europe Staff, 2018;Valerio, 2018).
The study on exploring the privacy and security issues arising from individuals' social networking activities in the SC context let to the answers to research questions RQ1 and RQ2.The proposed model that specifies the relationships between the potential privacy and security threats on OSN, revealing individuals' vulnerabilities during their social networking activities, is the answer to RQ1.Behavioral patterns resulted from a brief literature review of empirical studies, which is presented in Section 4, are the answer to RQ2.Individuals' behavior on OSN is unpredictable as it determined by psychological, demographic and socio-political factors.SC stakeholders, leveraging these patterns, can better understand the individuals' multidimensional behavior in OSN in order to adopt and apply both personalized (e.g., education, tools, etc.) and universal (e.g., legislation, etc.) privacy and security protection policies in SC.

Research methodology: the smart city of Trikala
The proposed relationship model is tested and validated in this section.More specifically, an empirical study is performed, which concerns evidence from the SC of Trikala.Trikala is a typical mediumsized city that is located in the center of Greece, which became the first Greek digital city in 2004 and entered the list of 21 top SC in the world lately, (The Guardian, 2018).The city, adopted an architecture that follows the BSI model (Fig. 1), which consists of the following four Layers that interact with each other (Fig. 10): • 1st Layer: Physical Environment; • 2nd Layer: Telecommunications and Electronics (hard ICT facil- ities); • 3rd Layer: Information Technologies (soft ICT facilities); • 4th Layer: Infrastructure-based sectors and service-based sectors (end users and applications).
The first Layer concerns the physical environment and the utilities (i.e., people, buildings, vehicles, networks of electricity or water, etc.).The second Layer includes telecommunications and electronic infrastructures (i.e., CCTV systems, IoT, etc.), which are necessary to collect and store data, while the ICT infrastructure (i.e., databases, Geographic Information System (GIS), Cisco Smart and Connected Digital Platform (Kinetic), etc.) are located in the third Layer, where the data storage, process and control of (all coming from the second and fourth layers) are carried out.The fourth Layer includes all the smart services that have been deployed in the city: such as e-KEP (citizen selfservice center); metro WiFi with a simple social logger; city's official App (TrikalaCheckApp) (i.e., for complaints registration and information retrieval); smart lighting and smart parking systems; tele-care services, etc. are only some of the available smart services in the testing case (Smart Trikala, 2018).OSN (e.g., Facebook, Youtube, Instagram, etc.,) are being used by the municipality as an alternative channel to connect with the citizens and they are also mentioned in the fourth Layer.Data flow occurs between all the architecture layers.
These smart services and applications are being used frequently and some privacy and security threats concern the following three usecases: • 1st Use Case -TrikalaCheckApp: user registration requires personal information sharing (e.g., name and email) or alternatively, users can authenticate with their OSN profile.User registration and authentication are necessary to ensure the Municipality for complaints' validity, but the process collects data for various purposes such as, statistics, urban insights, municipal response, quality of service measurement, etc. Privacy risks, which threat individual's identity anonymity, personal space privacy, and communication privacy, occur in this service (Layer 4) as the user's name and electronic/ social identity are disclosed.
• 2nd Use Case -metro WiFi Access: the city offers free-of-charge Wi- Fi accessibility, which requires user registration and authentication with a similar to the previous process.Personal data (social profile) is being stored on the Wi-Fi Data Logger that the city collects and analyzes for safety (cyber-attack avoidance) and even marketing reasons.Similar to the previous use-case's privacy and security threats can be considered too.
• 3rd Use Case -Malicious Attacks on IT Infrastructures and Services: These attacks, which may affect any of Layers 2, 3 and 4, come from malicious third parties and fall into security threats (see Subsection 2.3).Therefore, citizens (individuals) are responsible for the protection of their privacy in the first two use-cases, while the city is responsible for protecting the infrastructure and its citizens from the attacks of malicious third parties in the third case.
The Municipality of Trikala respects these risks, since the loss of privacy through smart service execution can affect citizens' participation and in order to establish a high level of information security in IT infrastructures and smart services, has undertaken the following training actions that address user skills: • A branch of "Tech Talent School", 11 with the support of the Mi- crosoft YouthSpark initiative has been setup and offers courses that enhance digital skills for adults and unemployed; • A branch of Cisco Certified Local Academy has been founded, which offers several certification programs to professionals; • Numerous competitions and workshops take place in the city, such as CodeGirl, 12 EducationRobotics, 13 Datathon, CodeWeek, etc., to inform, engage and train children; • The ICT infrastructure and the smart services are being monitored by a control room in the Town Hall where data collection and 11 http://techtalentschool.gr/en/information/. 12 https://trikalacity.gr/to-prototypo-programma-codegirls-sta-trikala/. 13http://www.trikalarobotics.gr/.processing is performed; • Municipal services operate in compliance with the GDPR regulation.
The above brief presentation of the smart Trikala case, shows that the city pays significant attention on the smart people KPIs, which reflect the individuals' engagement, openness and education, as well as the smart living KPIs referring to life quality and information security.

Conclusions & future perspectives
This article deals with security and privacy issues on OSN and investigates how these affect and relate to smart people and smart living dimensions, with the purposes of: i) encouraging the use of OSN as an urban data source in the SC context, ii) helping the transformation of individuals into smart people, and iii) contributing to the formation of safer and more ethical SC.The proposed relationship model along with behavioral patterns, which provide with answers to RQ1 and RQ2 and it is demonstrated by an empirical study on the Trikala city, is expected to be beneficial to privacy and security protection over OSN use in SC.
The completion of the study led to the answers to the research questions RQ1 and RQ2.Specifically, answering to RQ1, the main vulnerabilities that lie behind individuals' activities in OSN in SC are the risks that threaten individual's identity anonymity, individual's personal space privacy and individual's communication privacy, as well as the security threats caused by third parties (i.e., classic threats, modern threats, etc., − discussed in Subsection 2.3).These vulnerabilities significantly affect the smart people and smart living KPIs that are indicative of each smart city's performance.With regard to RQ2, SC stakeholders aiming at enhancing the protection of individuals during social networking and encouraging their participation in SC in order to design and implement appropriate policies should take into account the four stages of individuals' behavior on OSN presented in Section 4. Psychological, demographic and socio-political factors are crucial for the formation of the individuals' behavioral patterns in both social networking and in SC.
The analysis has demonstrated a strong interaction between smart people KPIs and smart living KPIs, as the degree of privacy protection determined by the level of education and training and openness affects the security levels in SC which in turn determines the degree of individuals' participation in public life.Consequently, privacy protection at individual privacy level (smart people) can drive to global security level (smart living) in SC, and vice-versa.Moreover, the study of users' behavior on OSN has revealed that individuals' behavior is often unpredictable, while the chaotic nature of the Internet and OSN combined with new threats emerging by skipping the protection tools, which have already been developed, expose individuals to privacy and security risks, degrading information security, and their participation is public life.The exploitation of behavioral patterns in social networking and of proposed relationship model which specifies the borderlines between privacy and security threats, along with some appropriate measures and the enforcement of GDPR expected to lead to the successful treatment of privacy and security issues and cultivation of smart people, who will contribute effectively to improvement of life quality in cities.The limitation of this work is that the current empirical study investigates only three use-cases, concerning security and privacy threats to demonstrate the model and interactions between smart people and smart living KPIs and threats in OSN.Nevertheless, they are representative use-cases that normally occur in all SCs around the world.
Some future thoughts concern that we plan to expand our work by designing and proposing smart people KPIs, which will be appropriate for measuring and evaluating the level of digital education and behavior of individuals regarding OSN and IoT use in the SC context.These KPIs, along with existing indicators that assess individuals' participation in public life, will provide an overview of the level of smart people maturity regarding the exploitation of ICT for knowledge acquisition and smart services development in SC.Another future thought is the accurate measurement of the correlations between the aforementioned smart people KPIs and the smart living KPIs, with regard to the information security, in order to enable the objective evaluation, comparison and ranking of cities.Finally, it would be of particular interest to study the privacy and security issues that are related to children's life in the SC context, as they are a sensitive age group of smart people,

-
ISO/CD 37122 (ISO/TC 268, 2017) Scholars(Giffinger and Gudrun, 2010;Nam and Pardo, 2011;Batty et al., 2012) ITU SC Focus Group (ITU-TFG-SSC, 2014)Culture-Number of library book titles per 100,000 population -Number of library e-book titles per 100,000 population -Active library users as a percentage of total population Percentage of local businesses contracted to provide city services which have data communication openly available -Percentage of labour force employed in the ICT sector Education -Number of online databases available through public libraries per 100,000 population -Number of computers, laptops, tablets, or other digital learning devices available per 1000 primary school students -Number of computers, laptops, tablets, or other digital learning devices available per 1000 secondary school students Governance -Annual number of online visits to the municipal open data portal per 100,000 population -Number of datasets offered on the municipal open data portal per 100,000 population -Percentage of municipal datasets available to the public -Percentage of city services accessible online -Average response time to relevant inquiries made through the city's nonemergency inquiry system (days) Recreation -Percentage of public recreation services that can be booked online -Number of municipal smart kiosks installed per 100,000 population Safety -Annual number of social media posts by municipal public safety officials per 100,000 population Telecommunications -Percentage of the city population with access to computers or other electronic devices with internet access in libraries and other public buildings -Percentage of the city population with access to sufficient speed broadband -Percentage of city area with publicly available internet connectivity Urban planning -Annual number of citizens engaged in the planning process per 100,000 population