Potential Mass Surveillance and Privacy Violations in Proximity-Based Social Applications

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim's online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity.

[1]  Zhu Wang,et al.  Discovering and Profiling Overlapping Communities in Location-Based Social Networks , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[2]  Eran Toch,et al.  Locality and privacy in people-nearby applications , 2013, UbiComp.

[3]  J. Borges,et al.  A TAXONOMY OF PRIVACY , 2006 .

[4]  Calton Pu,et al.  Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks , 2011, IEEE Internet Computing.

[5]  Calton Pu,et al.  Large Online Social Footprints--An Emerging Threat , 2009, 2009 International Conference on Computational Science and Engineering.

[6]  Yih-Chun Hu,et al.  Secure and precise location verification using distance bounding and simultaneous multilateration , 2009, WiSec '09.

[7]  Alessandro Acquisti,et al.  Predicting Social Security numbers from public data , 2009, Proceedings of the National Academy of Sciences.

[8]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[9]  Radhika Nagpal,et al.  Organizing a Global Coordinate System from Local Information on an Ad Hoc Sensor Network , 2003, IPSN.

[10]  M. Cao,et al.  Localization with Imprecise Distance Information in Sensor Networks , 2005, Proceedings of the 44th IEEE Conference on Decision and Control.

[11]  Anupam Joshi,et al.  @i seek 'fb.me': identifying users across multiple online social networks , 2013, WWW.

[12]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[13]  Oliver Brdiczka,et al.  Activity duration analysis for context-aware services using foursquare check-ins , 2012, Self-IoT '12.

[14]  Stefan Saroiu,et al.  Keeping information safe from social networking apps , 2012, WOSN '12.

[15]  Sree Hari Krishnan Parthasarathi,et al.  Exploiting innocuous activity for correlating users across sites , 2013, WWW.

[16]  Kevin Borders,et al.  Social networks and context-aware spam , 2008, CSCW.

[17]  Timothy W. Finin,et al.  Preserving Privacy in Context-Aware Systems , 2011, 2011 IEEE Fifth International Conference on Semantic Computing.

[18]  Roksana Boreli,et al.  Is more always merrier?: a deep dive into online social footprints , 2012, WOSN '12.