A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks

Privacy and security within Online Social Networks (OSNs) has become a major concern over recent years. As individuals continue to actively use and engage with these mediums, one of the key questions that arises pertains to what unknown risks users face as a result of unchecked publishing and sharing of content and information in this space. There are numerous tools and methods under development that claim to facilitate the extraction of specific classes of personal data from online sources, either directly or through correlation across a range of inputs. In this paper we present a model which specifically aims to understand the potential risks faced should all of these tools and methods be accessible to a malicious entity. The model enables easy and direct capture of the data extraction methods through the encoding of a data-reachability matrix for which each row represents an inference or data-derivation step. Specifically, the model elucidates potential linkages between data typically exposed on social-media and networking sites, and other potentially sensitive data which may prove to be damaging in the hands of malicious parties, i.e., fraudsters, stalkers and other online and offline criminals. In essence, we view this work as a key method by which we might make cyber risk more tangible to users of OSNs.

[1]  George Danezis,et al.  Prying Data out of a Social Network , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[2]  K. Fiscella,et al.  Use of geocoding and surname analysis to estimate race and ethnicity. , 2006, Health services research.

[3]  Gita Reese Sukthankar,et al.  Using Network Structure to Identify Groups in Virtual Worlds , 2021, ICWSM.

[4]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[5]  Hannes Hartenstein,et al.  What Your Friends Tell Others About You: Low Cost Linkability of Social Network Profiles , 2011, SNAKDD 2011.

[6]  Juliane M. Stopfer,et al.  Facebook Profiles Reflect Actual Personality, Not Self-Idealization , 2010, Psychological science.

[7]  Dejing Dou,et al.  Ontology-based information extraction: An introduction and a survey of current approaches , 2010, J. Inf. Sci..

[8]  David S. Rosenblum,et al.  What Anyone Can Know: The Privacy Risks of Social Networking Sites , 2007, IEEE Security & Privacy.

[9]  Calton Pu,et al.  Large Online Social Footprints--An Emerging Threat , 2009, 2009 International Conference on Computational Science and Engineering.

[10]  Keith W. Ross,et al.  Estimating age privacy leakage in online social networks , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  Stephanie M. Reich,et al.  Online and Offline Social Networks: Use of Social Networking Sites by Emerging Adults , 2008 .

[12]  Evangelos P. Markatos,et al.  Using social networks to harvest email addresses , 2010, WPES '10.

[13]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[14]  Claude Castelluccia,et al.  How Unique and Traceable Are Usernames? , 2011, PETS.

[15]  Christopher Krügel,et al.  Abusing Social Networks for Automated User Profiling , 2010, RAID.

[16]  Kuan-Ta Chen,et al.  Involuntary Information Leakage in Social Network Services , 2008, IWSEC.

[17]  Chris Rose,et al.  The Security Implications Of Ubiquitous Social Media , 2011, BIOINFORMATICS 2011.

[18]  Zhong Chen,et al.  Need for Symmetry: Addressing Privacy Risks in Online Social Networks , 2011, 2011 IEEE International Conference on Advanced Information Networking and Applications.

[19]  Keith W. Ross,et al.  What's in a Name: A Study of Names, Gender Inference, and Gender Behavior in Facebook , 2011, DASFAA Workshops.

[20]  Zhenyu Liu,et al.  Inferring Privacy Information from Social Networks , 2006, ISI.

[21]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.