Abstract
Online Social Networks are becoming the most important “places” where people share information about their lives. With the increasing concern that users have about privacy, most social networks offer ways to control the privacy of the user. Unfortunately, we believe that current privacy settings are not as effective as users might think.
In this paper, we highlight this problem focusing on one of the most popular social networks, Facebook. In particular, we show how easy it is to retrieve information that a user might have set as (and hence thought as) “private”. As a case study, we focus on retrieving the list of friends for users that did set this information as “hidden” (to non-friends). We propose four different strategies to achieve this goal, and we evaluate them. The results of our thorough experiments show the feasibility of our strategies as well as their effectiveness: our approach is able to retrieve a significant percentage of the names of the “hidden” friends: i.e., some 25 % on average, and more than 70 % for some users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
Walker, M.: The history of Social Networking (2011). http://www.webmasterview.com/2011/08/social-networking-history
Money, C.: Facebook reaches one billion users (2012). http://money.cnn.com/2012/10/04/technology/facebook-billion-users
CNET: Facebook processes more than 500TB of data daily (2012). http://news.cnet.com/8301-10233-57498531-93/facebook-processes-more-than-500-tb-of-data-daily
Bass, S.: China’s Facebook status: Blocked (2009). http://abcnews.go.com/blogs/headlines/2009/07/chinas-facebook-status-blocked
Dehghan, S.K.: Iran clamps down on Internet use (2012). http://www.guardian.co.uk/world/2012/jan/05/iran-clamps-down-internet-use
Desk, N.: Bangladesh sets precondition for unblocking YouTube (2012). http://www.weeklyblitz.net/2615/bangladesh-sets-precondition-for-unblocking
Groves, C.: Facebook changes through the years: Social Media Revolution (2011). http://blog.mad4flash.com/2011/10/facebook-changes-through-the-years-social-media-revolution
Facebook: Important message from Facebook’s White Hat Program. https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
Ratan, D., Cong, T., Keith, R., Nitesh, S.: Estimating age privacy leakage in online social networks. In: IEEE INFOCOM, pp. 2836–2840 (2012)
Luo, W., Liu, J., Liu, J., Fan, C.: An analysis of security in social networks. In: IEEE DASC, pp. 648–651 (2009)
Chaney, P.: Facebook Changes Layout of Mobile App (2013). http://www.practicalecommerce.com/articles/4000-Facebook-Changes-Layout-of-Mobile-App
Consumer Reports Magazine: Facebook & your privacy (2012). http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy
Madejski, M., Johnson, M., Bellovin, S.M.: A study of privacy settings errors in an online social network. In: IEEE PERCOM Workshops, pp. 340–345 (2012)
osint.it: OSINT, one important kind of intelligence. http://www.osint.it/english/open-source-intelligence-osint.asp
Steele, R.D.: Open source intelligence. In: Johnson, L. (ed.) Handbook of Intelligence Studies. Routledge, New York (2007)
Facebook: Facebook developers page - Graph API. https://developers.facebook.com/docs/reference/apis
Constine, J.: Facebook Announces Friendship Pages That Show Friends’ Mutual Content. http://www.insidefacebook.com/2010/10/28/friendship-pages-mutual-content
Facebook: Facebook Social Plugins. https://developers.facebook.com/docs/plugins
Kandias, M., Mitrou, L., Stavrou, V., Gritzalis, D.: Which side are you on? - a new panopticon vs. privacy. In: SECRYPT, pp. 98–110 (2013)
Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. 110, 5802–5805 (2013)
Wisegeek: What is a web Crawler? http://www.wisegeek.org/what-is-a-web-crawler.htm
Tang, C., Ross, K., Saxena, N., Chen, R.: What’s in a name: a study of names, gender inference, and gender behavior in facebook. In: Xu, J., Yu, G., Zhou, S., Unland, R. (eds.) DASFAA Workshops 2011. LNCS, vol. 6637, pp. 344–356. Springer, Heidelberg (2011)
Thomas, K., Grier, C., Nicol, D.M.: unFriendly: multi-party privacy risks in social networks. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 236–252. Springer, Heidelberg (2010)
Zhang, L., Zhang, W.: An information extraction attack against on-line social networks. In: SocialInformatics, pp. 49–55 (2012)
Costantino, G., Martinelli, F., Sgandurra, D.: Are photos on social networks really private? In: CTS, pp.162–165 (2013)
Luo, W., Xie, Q., Hengartner, U.: FaceCloak: an architecture for user privacy on social networking sites. In: IEEE CSE, pp. 26–33 (2009)
Conti, M., Hasani, A., Crispo, B.: Virtual private social networks and a facebook implementation. ACM Trans. Web 7(3), 14:1–14:31 (2013)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: IEEE Symposium on Security and Privacy, pp. 173–187 (2009)
Beato, F., Conti, M., Preneel, B.: Friend in the Middle (FiM): tackling de-anonymization in social networks. In: IEEE PERCOM Workshops, pp. 279–284 (2013)
Beato, F., Conti, M., Preneel, B., Vettore, D.: VirtualFriendship: hiding interactions on online social networks. In: IEEE CNS (2014)
Buchegger, S., Schiöberg, D., Vu, L.H., Datta, A.: PeerSoN: P2P social networking: early experiences and insights. In: ACM Workshop, pp. 46–52 (2009)
Conti, M., Poovendran, R., Secchiero, M.: FakeBook: detecting fake profiles in on-line social networks. In: ASONAM, pp. 1071–1078 (2012)
Nagle, F., Singh, L.: Can friends be trusted? Exploring privacy in online social networks. In: ASONAM, pp. 312–315 (2009)
Dey, R., Jelveh, Z., Ross, K.W.: Facebook users have become much more private: a large-scale study. In: IEEE PERCOM Workshops, pp. 346–352 (2012)
Pineda, N.: Facebook tips: What’s the difference between a Facebook Page and Group? (2010). https://www.facebook.com/blog/blog.php?post=324706977130
TripAdvisor: Tripadvisor. http://www.facebook/TripAdvisor
Get-Spotify: Spotify. http://www.facebook/get-spotify
He, R.C.: Facebook developers page - Introducing new Like and Share buttons. https://developers.facebook.com/blog/post/2013/11/06/introducing-new-like-and-share-buttons
Acknowledgments
Mauro Conti is supported by a Marie Curie Fellowship funded by the European Commission under the agreement n. PCIG11-GA-2012-321980. This work has been partially supported by the TENACE PRIN Project 20103P34XC funded by the Italian MIUR, and by the Project “Tackling Mobile Malware with Innovative Machine Learning Techniques” funded by the University of Padua.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Burattin, A., Cascavilla, G., Conti, M. (2015). SocialSpy: Browsing (Supposedly) Hidden Information in Online Social Networks. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-17127-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17126-5
Online ISBN: 978-3-319-17127-2
eBook Packages: Computer ScienceComputer Science (R0)