To Add or Not to Add: Privacy and Social Honeypots

Online Social Networks (OSNs) have become a mainstream cultural phenomenon in the past years, where million of people connect to each other and share memories, digital media and business relations. Many users also publish personal information about their activities, relationships, locations and interests on these sites, seemingly unaware of how these data can be used by other parties. Sites typically attempt to restrict data-sharing to members of a user''s social network, but this is only effective if these social networks cannot be exploited by malicious users. In this paper we perform an experiment in order to assess the vulnerability and privacy awareness of users when engaging in online relations with random unknown users, or those pretending to be a famous character. We find that usually users do not accept random friendship requests, but some aggressively search for celebrities, making a perfect case for spammers to form honeypots using such fake profiles. We present a set of suggestions for enhancing privacy on social networks which could reduce the threats of identity theft in such environments.

[1]  Jian Pei,et al.  Preserving Privacy in Social Networks Against Neighborhood Attacks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[2]  D. Boyd Facebook's Privacy Trainwreck , 2008 .

[3]  Saikat Guha,et al.  Not All Adware Is Badware: Towards Privacy-Aware Advertising , 2009, I3E.

[4]  Ben Y. Zhao,et al.  User interactions in social networks and their implications , 2009, EuroSys '09.

[5]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[6]  Ramón Cáceres,et al.  Privacy, cost, and availability tradeoffs in decentralized OSNs , 2009, WOSN '09.

[7]  Justin W. Patchin,et al.  Personal information of adolescents on the Internet: A quantitative content analysis of MySpace. , 2008, Journal of adolescence.

[8]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[9]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[10]  David S. Rosenblum,et al.  What Anyone Can Know: The Privacy Risks of Social Networking Sites , 2007, IEEE Security & Privacy.

[11]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[12]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[13]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[14]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[15]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2010, Comput. Commun. Rev..