Skip to main content
Springer Nature Link
Log in

I Know What You’re Buying: Privacy Breaches on eBay

  • Conference paper
Privacy Enhancing Technologies (PETS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8555))

Included in the following conference series:

Abstract

eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market’s online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers’ purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users’ potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users’ privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Androulaki, E., Choi, S.G., Bellovin, S.M., Malkin, T.: Reputation systems for anonymous networks. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 202–218. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th International Conference on World Wide Web, pp. 181–190. ACM (2007)

    Google Scholar 

  3. Barbaro, M., Zeller, T., Hansell, S.: A face is exposed for aol searcher no. 4417749. New York Times (August 9, 2006)

    Google Scholar 

  4. CDC. H.i.v. incidence (May 22, 2013)

    Google Scholar 

  5. Chwelos, P., Dhar, T.: Caveat emptor: Differences in online reputation mechanisms. Technical report, Working Paper, Sauder School of Business, University of British Columbia (2006)

    Google Scholar 

  6. Clauß, S., Schiffner, S., Kerschbaum, F.: k-anonymous reputation. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 359–368. ACM (2013)

    Google Scholar 

  7. Dellarocas, C., Wood, C.A.: The sound of silence in online feedback: Estimating trading risks in the presence of reporting bias. Management Science 54(3), 460–476 (2008)

    Article  Google Scholar 

  8. Duhigg, C.: How companies learn your secrets. New York Times (February 16, 2012)

    Google Scholar 

  9. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Goga, O., Lei, H., Parthasarathi, S.H.K., Friedland, G., Sommer, R., Teixeira, R.: Exploiting innocuous activity for correlating users across sites. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 447–458. International World Wide Web Conferences Steering Committee (2013)

    Google Scholar 

  11. Goodman, J.D.: Newspaper takes down map of gun permit holders. The New York Times (January 18, 2013)

    Google Scholar 

  12. Houser, D., Wooders, J.: Reputation in auctions: Theory, and evidence from ebay. Journal of Economics & Management Strategy 15(2), 353–369 (2006)

    Article  Google Scholar 

  13. Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Communications of the ACM 47(4), 75–78 (2004)

    Article  Google Scholar 

  14. Kelley, P.G.: Conducting usable privacy & security studies with amazon’s mechanical turk. In: Symposium on Usable Privacy and Security, SOUPS (2010)

    Google Scholar 

  15. Klein, T., Lambertz, C., Spagnolo, G., Stahl, K.O.: Last minute feedback. Centre for Economic Policy Research (2006)

    Google Scholar 

  16. Klein, T.J., Lambertz, C., Spagnolo, G., Stahl, K.O.: The actual structure of ebay’s feedback mechanism and early evidence on the effects of recent changes. International Journal of Electronic Business 7(3), 301–320 (2009)

    Article  Google Scholar 

  17. Lucking-Reiley, D., Bryan, D., Prasad, N., Reeves, D.: Pennies from ebay: The determinants of price in online auctions. The Journal of Industrial Economics 55(2), 223–233 (2007)

    Article  Google Scholar 

  18. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD) 1(1), 3 (2007)

    Article  Google Scholar 

  19. Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, pp. 111–125. IEEE (2008)

    Google Scholar 

  20. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: IEEE Symposium on Security and Privacy, pp. 173–187. IEEE (2009)

    Google Scholar 

  21. Pavlov, E., Rosenschein, J.S., Topol, Z.: Supporting privacy in decentralized additive reputation systems. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 108–119. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Perito, D., Castelluccia, C., Kaafar, M.A., Manils, P.: How unique and traceable are usernames? In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 1–17. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Resnick, P., Zeckhauser, R.: Trust among strangers in internet transactions: Empirical analysis of ebay’s reputation system. Advances in Applied Microeconomics 11, 127–157 (2002)

    Article  Google Scholar 

  24. Ross, J., Irani, L., Silberman, M., Zaldivar, A., Tomlinson, B.: Who are the crowdworkers?: shifting demographics in mechanical turk. In: CHI 2010 Extended Abstracts on Human Factors in Computing Systems, pp. 2863–2872. ACM (2010)

    Google Scholar 

  25. Schiffner, S., Pashalidis, A., Tischhauser, E.: On the limits of privacy in reputation systems. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 33–42. ACM (2011)

    Google Scholar 

  26. Srivatsa, M., Xiong, L., Liu, L.: Trustguard: countering vulnerabilities in reputation management for decentralized overlay networks. In: Proceedings of the 14th International Conference on World Wide Web, pp. 422–431. ACM (2005)

    Google Scholar 

  27. Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(05), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  28. Tsai, J.Y., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research 22(2), 254–268 (2011)

    Article  Google Scholar 

  29. Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: IEEE Symposium on Security and Privacy, pp. 223–238. IEEE (2010)

    Google Scholar 

  30. Worley, D.R.: The gun owner next door: What you don’t know about the weapons in your neighborhood. The Journal News (December 24, 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science and Engineering, NYU, USA

    Tehila Minkus & Keith W. Ross

  2. NYU Shanghai, China

    Keith W. Ross

Authors
  1. Tehila Minkus
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keith W. Ross
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University College London, Gower Street, WC1E 6BT, London, UK

    Emiliano De Cristofaro

  2. Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, CB3 0FD, Cambridge, UK

    Steven J. Murdoch

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Minkus, T., Ross, K.W. (2014). I Know What You’re Buying: Privacy Breaches on eBay. In: De Cristofaro, E., Murdoch, S.J. (eds) Privacy Enhancing Technologies. PETS 2014. Lecture Notes in Computer Science, vol 8555. Springer, Cham. https://doi.org/10.1007/978-3-319-08506-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08506-7_9

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08505-0

  • Online ISBN: 978-3-319-08506-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics