Involuntary information leakage in social network services

Ieng Fat Lam*, Kuan Ta Chen, Ling Jyh Chen

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Citations (Scopus)


Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings
PublisherSpringer Verlag
Number of pages17
ISBN (Print)3540895973, 9783540895978
Publication statusPublished - 2008
Externally publishedYes
Event3rd International Workshop on Security, IWSEC 2008 - Kagawa, Japan
Duration: 2008 Nov 252008 Nov 27

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5312 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other3rd International Workshop on Security, IWSEC 2008

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Involuntary information leakage in social network services'. Together they form a unique fingerprint.

Cite this