Unintentional and Involuntary Personal Information Leakage on Facebook from User Interactions

Online social networks (OSNs) have changed the way people communicate with each other. An OSN usually encourages the participants to provide personal information such as real names, birthdays and educational background to look for and establish friendships among them. Some users are unwilling to reveal personal information on their personal pages due to potential privacy concerns, but their friends may inadvertently reveal that. In this work, we investigate the possibility of leaking personal information on Facebook in an unintentional and involuntary manner. The revealed information may be useful to malicious users for social engineering and spear phishing. We design the inference methods to find birthdays and educational background of Facebook users based on the interactions among friends on Facebook pages and groups, and also leverage J-measure to find the inference rules. The inference improves the finding rate of birthdays from 71.2% to 87.0% with the accuracy of 92.0%, and that of educational background from 75.2% to 91.7% with the accuracy of 86.3%. We also suggest the sanitization strategies to avoid the private information leakage.

[1]  Bhavani M. Thuraisingham,et al.  Inferring private information using social network data , 2009, WWW '09.

[2]  Padhraic Smyth,et al.  Rule Induction Using Information Theory , 1991, Knowledge Discovery in Databases.

[3]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[4]  Yuan Ding,et al.  Profiling high-school students with facebook: how online privacy laws can actually increase minors' risk , 2013, Internet Measurement Conference.

[5]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2009, CCRV.

[6]  Jian Pei,et al.  Preserving Privacy in Social Networks Against Neighborhood Attacks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[7]  Roksana Boreli,et al.  Is more always merrier?: a deep dive into online social footprints , 2012, WOSN '12.

[8]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[9]  A. Joinson,et al.  Self-disclosure, Privacy and the Internet , 2009 .

[10]  Sadie Creese,et al.  A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Tehila Minkus,et al.  Children Seen But Not Heard: When Parents Compromise Children's Online Privacy , 2015, WWW.

[12]  Calton Pu,et al.  Large Online Social Footprints--An Emerging Threat , 2009, 2009 International Conference on Computational Science and Engineering.

[13]  Lien Fu Lai,et al.  Developing a fuzzy search engine based on fuzzy ontology and semantic search , 2011, 2011 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE 2011).

[14]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2008, The VLDB Journal.

[15]  Philip S. Yu,et al.  Protecting Sensitive Labels in Social Network Data Anonymization , 2013, IEEE Transactions on Knowledge and Data Engineering.

[16]  Yuan Ding,et al.  A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information? , 2014, PAM.

[17]  Mohamed Ali Kâafar,et al.  You are what you like! Information leakage through users' Interests , 2012, NDSS.

[18]  Lior Rokach,et al.  Data Mining And Knowledge Discovery Handbook , 2005 .