Towards Privacy-Aware Data Sharing: A Proactive Approach to Risk Analysis

Data sharing across digital services introduces significant privacy and security risks, especially when sensitive information can be correlated across multiple contexts. Traditional techniques of threat modeling approaches often remain manual, fragmented, and lack automated mechanisms to detect such risks in real time. To address these limitations, this thesis applies the LINDDUN Privacy Threat Modeling framework as a methodological foundation for systematically identifying and categorizing privacy threats throughout the system architecture. Building on this systematic order model, this thesis proposes a framework for data sharing that preserves privacy and automated threat analysis, through the integration of Natural Language Processing techniques with risk evaluation based on rules. The solution combines a BERT-based Named Entity Recognition (NER) model with a configurable risk engine and a Chrome browser Extension to perform real time analysis of user input in web applications. The platform detects sensitive entities such as names, email addresses, and financial identifiers automatically, evaluates their risk based on the sharing context (e.g., social media, e-commerce, private messaging), and identifies cross-site correlation threats that can lead to profiling, doxing, or identity theft. The approach has been validated through case studies involving widely used services, including Google Calendar and Facebook. Experiments indicate that automated NLP-driven analysis, combined with context-aware modeling, provides an effective and scalable methodology to analyze and mitigate data sharing vulnerabilities, thereby supporting users in protecting personal information.