Skip to main content
SpringerLink
Log in

Involuntary Information Leakage in Social Network Services

  • Conference paper
Book cover Advances in Information and Computer Security (IWSEC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5312))

Included in the following conference series:

Abstract

Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one’s identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing.

Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends’ profiles with a one-line description, from which a friend’s private information, such as real name, age, and school attendance records, may be inferred without the information owner’s knowledge. Our analysis results show that users’ efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

This work was supported in part by Taiwan Information Security Center (TWISC), National Science Council under the grants NSC 97-2219-E-001-001 and NSC 97-2219-E-011-006. It was also supported in part by Taiwan E-learning and Digital Archives Programs (TELDAP) sponsored by the National Science Council of Taiwan under NSC Grants: NSC 96-3113-H-001-010, NSC 96-3113-H-001-011 and NSC 96-3113-H-001-012.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ENISA: Enisa position paper no.1, security issues and recommendations for online social networks (October 2007), http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf

  2. Gross, R., Acquisti, A., Heinz III, H.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 71–80. ACM Press, New York (2005)

    Chapter  Google Scholar 

  3. Ahn, Y., Han, S., Kwak, H., Moon, S., Jeong, H.: Analysis of topological characteristics of huge online social networking services. In: Proceedings of the 16th international conference on World Wide Web, pp. 835–844. ACM Press, New York (2007)

    Google Scholar 

  4. Mislove, A., Marcon, M., Gummadi, K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 29–42. ACM, New York (2007)

    Chapter  Google Scholar 

  5. Kumar, R., Novak, J., Tomkins, A.: Structure and evolution of online social networks. In: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 611–617. ACM Press, New York (2006)

    Chapter  Google Scholar 

  6. OMurchu, I., Breslin, J., Decker, S.: Online social and business networking communities. In: Proceedings of ECAI 2004 Workshop on Application of Semantic Web Technologies to Web Communities (2004)

    Google Scholar 

  7. Boyd, D.: Friendster and publicly articulated social networks. In: Conference on Human Factors and Computing Systems (CHI 2004), Vienna, Austria, April, pp. 24–29 (2004)

    Google Scholar 

  8. Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM conference on Electronic commerce, pp. 21–29. ACM Press, New York (2004)

    Chapter  Google Scholar 

  9. Jourard, S., Lasakow, P.: Some factors in self-disclosure. Journal of Abnormal and Social Psychology 56(1), 91–98 (1958)

    Article  Google Scholar 

  10. Joinson, A.N., Paine Schofield, C.: Oxford Handbook of Internet Psychology. In: Self-Disclosure, Privacy and the Internet, pp. 237–252. Oxford University Press, Oxford (2007)

    Google Scholar 

  11. Farmer, R.: Instant messaging–collaborative tool or educator’s nightmare. In: The North American Web-based Learning Conference (NAWeb 2003) (2003)

    Google Scholar 

  12. Tsai, C.H.: Common chinese names, http://technology.chtsai.org/namefreq/

  13. Tsai, C.H.: A list of chinese names, http://technology.chtsai.org/namelist/

  14. Tsai, C.H.: A review of chinese word lists accessible on the internet, http://technology.chtsai.org/wordlist/

  15. Judge, P., Alperovitch, D., Yang, W.: Understanding and reversing the profit model of spam. In: Workshop on Economics of Information Security 2005 (WEIS 2005) (June 2005)

    Google Scholar 

  16. Oscar, P., Vwani, R.: Personal Email Networks: An Effective Anti-Spam Tool. IEEE Computer 38(4), 61–68 (2005)

    Article  Google Scholar 

  17. Seigneur, J., Dimmock, N., Bryce, C., Jensen, C.: Combating spam with TEA (trustworthy email addresses). In: Proceedings of the Second Annual Conference on Privacy, Security and Trust (PST 2004), pp. 47–58 (2004)

    Google Scholar 

  18. Garcia, F., Hoepman, J., van Nieuwenhuizen, J.: Spam Filter Analysis. In: Proceedings of 19th IFIP International Information Security Conference, WCC 2004-SEC. Kluwer Academic Publishers, Dordrecht (2004)

    Google Scholar 

  19. Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: Evaluating anti-phishing tools. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007). (2007)

    Google Scholar 

  20. Microsoft.com: Recognize phishing scams and fraudulent e-mails, http://www.microsoft.com/athome/security/email/phishing.mspx

  21. PayPal: Phishing guide part 2, https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside

  22. Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 601–610. ACM Press, New York (2006)

    Chapter  Google Scholar 

  23. Florêncio, D.A.F., Herley, C.: Analysis and improvement of anti-phishing schemes. In: SEC 2006, pp. 148–157 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Science, Academia Sinica, China

    Ieng-Fat Lam, Kuan-Ta Chen & Ling-Jyh Chen

Authors
  1. Ieng-Fat Lam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kuan-Ta Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ling-Jyh Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Industrial Science, University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan

    Kanta Matsuura

  2. NTT Information Sharing Platform Laboratories, NTT Corporation, Japan

    Eiichiro Fujisaki

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lam, IF., Chen, KT., Chen, LJ. (2008). Involuntary Information Leakage in Social Network Services. In: Matsuura, K., Fujisaki, E. (eds) Advances in Information and Computer Security. IWSEC 2008. Lecture Notes in Computer Science, vol 5312. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89598-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89598-5_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89597-8

  • Online ISBN: 978-3-540-89598-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation