OSSINT - Open Source Social Network Intelligence An efficient and effective way to uncover "private" information in OSN profiles

Abstract Online Social Networks (OSNs), such as Facebook, provide users with tools to share information along with a set of privacy controls preferences to regulate the spread of information. Current privacy controls are efficient to protect content data. However, the complexity of tuning them undermine their efficiency when shielding contextual information (such as the social network structure) that many users believe being kept private. In this paper, we demonstrate the extent of the problem of information leakage in Facebook. In particular, we show the possibility of inferring, from the network “surrounding” a victim user, some information that the victim set as hidden. We developed a system, named OSSINT (Open Source Social Network INTelligence), on top of our previous tool SocialSpy, that can infer hidden information of a victim profile and retrieve private information from public one. OSSINT retrieves the friendship network of a victim and shows how it is possible to infer additional private information (e.g., personal user preferences and hobbies). Our proposed system OSSINT goes extra mile about the network topology information, i.e., predicting new friendships using the victim’s friends of friends network (2-hop of distance from the victim profile), and hence possibly deduce private information of the full Facebook network. OSSINT correctly improved the previous results of SocialSpy predicting an average of 11 new friendships with peaks of 20 new friends. Moreover, OSSINT, for the considered victim profiles demonstrated how it is possible to infer real-life information such as current city, hometown, university, supposed being private.

[1]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[2]  Bernhard Debatin,et al.  Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences , 2009, J. Comput. Mediat. Commun..

[3]  Steven M. Bellovin,et al.  A study of privacy settings errors in an online social network , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[4]  Frank Stajano,et al.  Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[5]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.

[6]  Pamela J. Wisniewski,et al.  Making privacy personal: Profiling social network users to inform privacy education and nudging , 2017, Int. J. Hum. Comput. Stud..

[7]  Yuguang Fang,et al.  My Privacy My Decision: Control of Photo Sharing on Online Social Networks , 2017, IEEE Transactions on Dependable and Secure Computing.

[8]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions Survey , 2013, ArXiv.

[9]  Bhavani M. Thuraisingham,et al.  Inferring private information using social network data , 2009, WWW '09.

[10]  Lise Getoor,et al.  To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles , 2009, WWW '09.

[11]  Yuval Elovici,et al.  Friend or foe? Fake profile identification in online social networks , 2013, Social Network Analysis and Mining.

[12]  Yulong Gu,et al.  We Know Where You Are: Home Location Identification in Location-Based Social Networks , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[13]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[14]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[15]  Jeffrey Nichols,et al.  Home Location Identification of Twitter Users , 2014, TIST.

[16]  Melanie Volkamer,et al.  C4PS: colors for privacy settings , 2012, WWW.

[17]  T. Graepel,et al.  Private traits and attributes are predictable from digital records of human behavior , 2013, Proceedings of the National Academy of Sciences.

[18]  Mauro Conti,et al.  Virtual private social networks and a facebook implementation , 2013, TWEB.

[19]  Markulf Kohlweiss,et al.  Scramble! Your Social Network Data , 2011, PETS.

[20]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions , 2013, IEEE Communications Surveys & Tutorials.

[21]  Mauro Conti,et al.  SocialSpy: Browsing (Supposedly) Hidden Information in Online Social Networks , 2014, CRiSIS.

[22]  Robert David Steele Open source intelligence , 2006 .

[23]  Yuval Elovici,et al.  Social Privacy Protector - Protecting Users' Privacy in Social Networks , 2012 .

[24]  A. Bachelor GLOSSARY OF TERMS GLOSSARY OF TERMS , 2010 .

[25]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[26]  David G. Schwartz,et al.  Revealing censored information through comments and commenters in online social networks , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[27]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[28]  Keith W. Ross,et al.  What's in a Name: A Study of Names, Gender Inference, and Gender Behavior in Facebook , 2011, DASFAA Workshops.

[29]  Lisa Singh,et al.  Can Friends Be Trusted? Exploring Privacy in Online Social Networks , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[30]  Yingshu Li,et al.  Collective Data-Sanitization for Preventing Sensitive Information Inference Attacks in Social Networks , 2018, IEEE Transactions on Dependable and Secure Computing.