Abstract
In this paper, we introduce a navigation privacy attack, where an external adversary attempts to find a target user by exploiting publicly visible attributes of intermediate users. If such an attack is successful, it implies that a user cannot hide simply by excluding himself from a central directory or search function. The attack exploits the fact that most attributes (such as place of residence, age, or alma mater) tend to correlate with social proximity, which can be exploited as navigational cues while crawling the network. The problem is exacerbated by privacy policies where a user who keeps his profile private remains nevertheless visible in his friends’ “friend lists”; such a user is still vulnerable to our navigation attack. Experiments with Facebook and Google+ show that the majority of users can be found efficiently using our attack, if a small set of attributes are known about the target as side information. Our results suggest that, in an online social network where many users reveal a (even limited) set of attributes, it is nearly impossible for a specific user to “hide in the crowd”.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Acquisti, A., Gross, R.: Imagined communities: Awareness, information sharing, and privacy on the facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)
Acquisti, A.: An experiment in hiring discrimination via online social networks. Berkeley (April 2012)
Acquisti, A., Gross, R., Stutzman, F.: Faces of facebook: Privacy in the age of augmented reality. BlackHat USA (2011)
Adamic, L., Lukose, R., Puniyani, A., Huberman, B.: Search in power-law networks. Physical Review E 64 (2001)
Aiello, L.M., Barrat, A., Schifanella, R., Cattuto, C., Markines, B., Menczer, F.: Friendship prediction and homophily in social media. ACM Transactions on the Web (TWEB) 6 (2012)
Backstrom, L., Boldi, P., Rosa, M., Ugander, J., Vigna, S.: Four degrees of separation. In: Proceedings of the 3rd Annual ACM Web Science Conference (2011)
Chaabane, A., Acs, G., Kaafar, M.: You are what you like! Information leakage through users’ interests. In: NDSS (2012)
Dey, R., Tang, C., Ross, K., Saxena, N.: Estimating age privacy leakage in online social networks. In: INFOCOM (2012)
Dodds, P., Muhamad, R., Watts, D.: An experimental study of search in global social networks. Science 301, 827–829 (2003)
Finder, A.: For some, online persona undermines a résumé. The NY Times (2006)
Gjoka, M., Kurant, M., Butts, C.T., Markopoulou, A.: A walk in Facebook: Uniform sampling of users in online social networks. Tech. rep., UC Irvine (2011)
Gong, N.Z., Xu, W., Huang, L., Mittal, P., Stefanov, E., Sekar, V., Song, D.: Evolution of social-attribute networks: measurements, modeling, and implications using Google+. In: IMC (2012)
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: WPES (2005)
Gundecha, P., Barbier, G., Liu, H.: Exploiting vulnerability to secure user privacy on a social networking site. In: KDD (2011)
Gurses, S.: Multilateral privacy requirements analysis in online social network services. Ph.D. thesis, KU Leuven (2010)
Hachman, M.: Facebook now totals 901 million users, profits slip (April 2012), http://www.pcmag.com/article2/0,2817,2403410,00.asp
Hart, P., Nilsson, N., Raphael, B.: A formal basis for the heuristic determination of minimum cost paths. IEEE Transactions on Systems Science and Cybernetics 4, 100–107 (1968)
He, J., Chu, W.W., Liu, Z(V.): Inferring privacy information from social networks. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, F.-Y. (eds.) ISI 2006. LNCS, vol. 3975, pp. 154–165. Springer, Heidelberg (2006)
Jain, P., Kumaraguru, P.: Finding nemo: Searching and resolving identities of users across online social networks. arXiv preprint arXiv:1212.6147 (2012)
Johnson, C.: Project Gaydar: An MIT experiment raises new questions about online privacy. Boston Globe (2009)
Killworth, P., Bernard, H.: The reversal small-world experiment. Social Networks 1, 159–192 (1979)
Kótyuk, G., Buttyán, L.: A machine learning based approach for predicting undisclosed attributes in social networks. In: SESOC (2012)
Krishnamurthy, B., Wills, C.: Characterizing privacy in online social networks. In: WOSN (2008)
Krishnamurthy, B., Wills, C.: On the leakage of personally identifiable information via online social networks. In: WOSN (2009)
Lattanzi, S., Panconesi, A., Sivakumar, D.: Milgram-routing in social networks. In: Proceedings of the 20th International Conference on World Wide Web (2011)
Liben-Nowell, D., Novak, J., Kumar, R., Raghavan, P., Tomkins, A.: Geographic routing in social networks. Proceedings of the National Academy of Sciences of the United States of America 102 (2005)
Lindamood, J., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: Inferring private information using social network data. In: WWW (2009)
Magno, G., Comarela, G., Saez-Trumper, D., Cha, M., Almeida, V.: New kid on the block: Exploring the Google+ social graph. In: IMC (2012)
Mao, H., Shuai, X., Kapadia, A.: Loose tweets: an analysis of privacy leaks on twitter. In: WPES (2011)
McPherson, M., Smith-Lovin, L., Cook, J.M.: Birds of a feather: Homophily in social networks. Annual Review of Sociology, 415–444 (2001)
Milgram, S.: The small world problem. Psychology Today 2, 60–67 (1967)
Mislove, A., Marcon, M., Gummadi, K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: IMC (2007)
Mislove, A., Viswanath, B., Gummadi, K., Druschel, P.: You are who you know: inferring user profiles in online social networks. In: WSDM (2010)
Mohaisen, A., Yun, A., Kim, Y.: Measuring the mixing time of social graphs. In: IMC (2010)
Preston, J.: Seeking to disrupt protesters, Syria cracks down on social media. (May 2011), http://www.nytimes.com/2011/05/23/world/middleeast/23facebook.html?_r=1
Sullivan, B.: Govt. agencies, colleges demand applicants’ facebook passwords (2012), http://redtape.msnbc.msn.com/_news/2012/03/06/10585353-govt-agencies-colleges-demand-applicants-facebook-passwords?chromedomain=usnews
Thomas, K., Grier, C., Nicol, D.M.: unFriendly: Multi-party privacy risks in social networks. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 236–252. Springer, Heidelberg (2010)
Travers, J., Milgram, S.: An experimental study of the small world problem. Sociometry, 425–443 (1969)
Ugander, J., Karrer, B., Backstrom, L., Marlow, C.: The anatomy of the Facebook social graph. Tech. rep. (2011)
Watkins, T.: Suddenly, Google Plus is outpacing Twitter to become the world’s second largest social netwo. Business Insider (2013), http://www.businessinsider.com/google-plus-is-outpacing-twitter-2013-5
Watts, D., Dodds, P., Newman, M.: Identity and search in social networks. Science 296, 1302–1305 (2002)
Yamada, A., Kim, T., Perrig, A.: Exploiting privacy policy conflicts in online social networks. Tech. rep. (2012)
Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: WWW (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Humbert, M., Studer, T., Grossglauser, M., Hubaux, JP. (2013). Nowhere to Hide: Navigating around Privacy in Online Social Networks. In: Crampton, J., Jajodia, S., Mayes, K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-40203-6_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40202-9
Online ISBN: 978-3-642-40203-6
eBook Packages: Computer ScienceComputer Science (R0)