q-Anon: Rethinking Anonymity for Social Networks

This paper proposes that social network data should be assumed public but treated private. Assuming this rather confusing requirement means that anonymity models such as k-anonymity cannot be applied to the most common form of private data release on the internet, social network APIs. An alternative anonymity model, q-Anon, is presented, which measures the probability of an attacker logically deducing previously unknown information from a social network API while assuming the data being protected may already be public information. Finally, the feasibility of such an approach is evaluated suggesting that a social network site such as Facebook could practically implement an anonymous API using q-Anon, providing its users with an anonymous option to the current application model.

[1]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[2]  Alex Pentland,et al.  Social serendipity: mobilizing social software , 2005, IEEE Pervasive Computing.

[3]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[4]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.

[5]  Richard Han,et al.  Social-K: Real-time K-anonymity guarantees for social network applications , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[6]  Josep Domingo-Ferrer,et al.  A Critique of k-Anonymity and Some of Its Enhancements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[7]  David Toman,et al.  A Fast SOP Minimizer for Logic Funcions Described by Many Product Terms , 2009, 2009 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools.

[8]  Landon P. Cox,et al.  SmokeScreen: flexible privacy controls for presence-sharing , 2007, MobiSys '07.

[9]  Ben Y. Zhao,et al.  Preserving privacy in location-based mobile social applications , 2010, HotMobile '10.

[10]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[11]  Traian Marius Truta,et al.  Protection : p-Sensitive k-Anonymity Property , 2006 .

[12]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[13]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[14]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Ninghui Li,et al.  Injector: Mining Background Knowledge for Data Anonymization , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[16]  Shivakant Mishra,et al.  Fusing mobile, sensor, and social data to fully enable context-aware computing , 2010, HotMobile '10.

[17]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[18]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[19]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[20]  Ashwin Machanavajjhala,et al.  On the efficiency of checking perfect privacy , 2006, PODS '06.