Fake identities in social media: A case study on the sustainability of the Facebook business model

Social networks such as Facebook, Twitter and Google+ have attracted millions of users in the last years. One of the most widely used social networks, Facebook, recently had an initial public offering (IPO) in May 2012, which was among the biggest in Internet technology. Forprofit and nonprofit organizations primarily use such platforms for target-oriented advertising and large-scale marketing campaigns. Social networks have attracted worldwide attention because of their potential to address millions of users and possible future customers. The potential of social networks is often misused by malicious users who extract sensitive private information of unaware users. One of the most common ways of performing a large-scale data harvesting attack is the use of fake profiles, where malicious users present themselves in profiles impersonating fictitious or real persons. The main goal of this research is to evaluate the implications of fake user profiles on Facebook. To do so, we established a comprehensive data harvesting attack, the social engineering experiment, and analyzed the interactions between fake profiles and regular users to eventually undermine the Facebook business model. Furthermore, privacy considerations are analyzed using focus groups. As a result of our work, we provided a set of countermeasures to increase the awareness of users.

[1]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[2]  Paul H. Lewis,et al.  Visualising the past: annotating a life with linked open data , 2011, WebSci '11.

[3]  Jacob Kramer-Duffield,et al.  Friends only: examining a privacy-enhancing behavior in facebook , 2010, CHI.

[4]  Irwin Brown,et al.  Investigating the use of "Grounded Theory" in information systems research , 2008, SAICSIT '08.

[5]  J. Bortz,et al.  Forschungsmethoden und Evaluation für Human- und Sozialwissenschaftler , 2006 .

[6]  Edgar R. Weippl,et al.  Social snapshots: digital forensics for online social networks , 2011, ACSAC '11.

[7]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[8]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[9]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[10]  Heather Richter Lipford,et al.  Moving beyond untagging: photo privacy in a tagged world , 2010, CHI.

[11]  Gilad Mishne,et al.  Finding high-quality content in social media , 2008, WSDM '08.

[12]  Philippe Kruchten,et al.  Using grounded theory to study the experience of software development , 2011, Empirical Software Engineering.

[13]  J. Bortz,et al.  Forschungsmethoden und Evaluation , 1995 .

[14]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[15]  J. Freedman,et al.  Conceptions of Crowding. (Book Reviews: Crowding and Behavior; The Environment and Social Behavior. Privacy, Personal Space. Territory, Crowding) , 1975 .

[16]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[17]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[18]  J. C. Thomas,et al.  Qualitative vs. quantitative: myths of the culture and practical experience , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[19]  R. Dorfman The Detection of Defective Members of Large Populations , 1943 .

[20]  Danah Boyd,et al.  Social network sites: definition, history, and scholarship , 2007, IEEE Engineering Management Review.

[21]  Elayne W. Coakes,et al.  Socio-Technical and Human Cognition Elements of Information Systems , 2002 .

[22]  Hua Wang,et al.  Extended k-anonymity models against sensitive attribute disclosure , 2011, Comput. Commun..

[23]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[24]  Jens Grossklags,et al.  Third-party apps on Facebook: privacy and the illusion of control , 2011, CHIMIT '11.

[25]  Robert G. Capra,et al.  Factors mediating disclosure in social network sites , 2011, Comput. Hum. Behav..

[26]  Edward M. Reingold,et al.  Graph drawing by force‐directed placement , 1991, Softw. Pract. Exp..

[27]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[28]  L. Feick,et al.  The impact of switching costs on the customer satisfaction‐loyalty link: mobile phone service in France , 2001 .

[29]  Heather Richter Lipford,et al.  Strategies and struggles with privacy in an online social networking community , 2008, BCS HCI.

[30]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[31]  Michael T. Goodrich,et al.  Turning privacy leaks into floods: surreptitious discovery of social network friendships and other sensitive binary attribute vectors , 2010, WPES '10.

[32]  Jennifer King,et al.  Privacy: is there an app for that? , 2011, SOUPS.

[33]  Jeffrey M. Stanton,et al.  Information technology and privacy: a boundary management perspective , 2003 .

[34]  Ben Y. Zhao,et al.  StarClique: guaranteeing user privacy in social networks against intersection attacks , 2009, CoNEXT '09.

[35]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[36]  Xin Shuai,et al.  Loose tweets: an analysis of privacy leaks on twitter , 2011, WPES.

[37]  O. Günther,et al.  Privacy concerns and identity in online social networks , 2009 .

[38]  Jun Hu,et al.  Detecting and characterizing social spam campaigns , 2010, CCS '10.