Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers

Research Article

Unveiling Privacy Setting Breaches in Online Social Networks

Download89 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-04283-1_20,
        author={Xin Ruan and Chuan Yue and Haining Wang},
        title={Unveiling Privacy Setting Breaches in Online Social Networks},
        proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2014},
        month={6},
        keywords={},
        doi={10.1007/978-3-319-04283-1_20}
    }
    
  • Xin Ruan
    Chuan Yue
    Haining Wang
    Year: 2014
    Unveiling Privacy Setting Breaches in Online Social Networks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-04283-1_20
Xin Ruan1,*, Chuan Yue2,*, Haining Wang1,*
  • 1: The College of William and Mary
  • 2: University of Colorado Colorado Springs
*Contact email: xruan@cs.wm.edu, cyue@uccs.edu, hnw@cs.wm.edu

Abstract

Users of online social networks (OSNs) share personal information with their peers. To manage the access to one’s personal information, each user is enabled to configure its privacy settings. However, even though users are able to customize the privacy of their homepages, their private information could still be compromised by an attacker by exploiting their own and their friends’ public profiles. In this paper, we investigate the unintentional privacy disclosure of an OSN user even with the protection of privacy setting. We collect more than 300,000 Facebook users’ public information and assess their measurable privacy settings. Given only a user’s public information, we propose strategies to uncover the user’s private basic profile or connection information, respectively, and then quantify the possible privacy leakage by applying the proposed schemes to the real user data. We observe that although the majority of users configure their basic profiles or friend lists as private, their basic profiles can be inferred with high accuracy, and a significant portion of their friends can also be uncovered via their public information.