Involuntary information leakage in social network services

Ieng Fat Lam; Kuan Ta Chen; Ling Jyh Chen

doi:10.1007/978-3-540-89598-5_11

Involuntary information leakage in social network services

Ieng Fat Lam^*, Kuan Ta Chen, Ling Jyh Chen

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

39 Citations (Scopus)

Abstract

Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

Original language	English
Title of host publication	Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings
Publisher	Springer Verlag
Pages	167-183
Number of pages	17
ISBN (Print)	3540895973, 9783540895978
DOIs	https://doi.org/10.1007/978-3-540-89598-5_11
Publication status	Published - 2008
Externally published	Yes
Event	3rd International Workshop on Security, IWSEC 2008 - Kagawa, Japan Duration: 2008 Nov 25 → 2008 Nov 27

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5312 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	3rd International Workshop on Security, IWSEC 2008
Country/Territory	Japan
City	Kagawa
Period	2008/11/25 → 2008/11/27

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-540-89598-5_11

Cite this

Lam, I. F., Chen, K. T., & Chen, L. J. (2008). Involuntary information leakage in social network services. In Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings (pp. 167-183). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5312 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-89598-5_11

Involuntary information leakage in social network services. / Lam, Ieng Fat; Chen, Kuan Ta; Chen, Ling Jyh.
Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. Springer Verlag, 2008. p. 167-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5312 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lam, IF, Chen, KT & Chen, LJ 2008, Involuntary information leakage in social network services. in Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5312 LNCS, Springer Verlag, pp. 167-183, 3rd International Workshop on Security, IWSEC 2008, Kagawa, Japan, 2008/11/25. https://doi.org/10.1007/978-3-540-89598-5_11

Lam IF, Chen KT, Chen LJ. Involuntary information leakage in social network services. In Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. Springer Verlag. 2008. p. 167-183. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-89598-5_11

Lam, Ieng Fat ; Chen, Kuan Ta ; Chen, Ling Jyh. / Involuntary information leakage in social network services. Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. Springer Verlag, 2008. pp. 167-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8e91da9797f249c48fd8cf31a6478ea0,

title = "Involuntary information leakage in social network services",

abstract = "Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.",

author = "Lam, {Ieng Fat} and Chen, {Kuan Ta} and Chen, {Ling Jyh}",

note = "Funding Information: This work was supported in part by Taiwan Information Security Center (TWISC), National Science Council under the grants NSC 97-2219-E-001-001 and NSC 97-2219-E-011-006. It was also supported in part by Taiwan E-learning and Digital Archives Programs (TELDAP) sponsored by the National Science Council of Taiwan under NSC Grants: NSC 96-3113-H-001-010, NSC 96-3113-H-001-011 and NSC 96-3113-H-001-012.; 3rd International Workshop on Security, IWSEC 2008 ; Conference date: 25-11-2008 Through 27-11-2008",

year = "2008",

doi = "10.1007/978-3-540-89598-5_11",

language = "English",

isbn = "3540895973",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "167--183",

booktitle = "Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings",

}

TY - GEN

T1 - Involuntary information leakage in social network services

AU - Lam, Ieng Fat

AU - Chen, Kuan Ta

AU - Chen, Ling Jyh

N1 - Funding Information: This work was supported in part by Taiwan Information Security Center (TWISC), National Science Council under the grants NSC 97-2219-E-001-001 and NSC 97-2219-E-011-006. It was also supported in part by Taiwan E-learning and Digital Archives Programs (TELDAP) sponsored by the National Science Council of Taiwan under NSC Grants: NSC 96-3113-H-001-010, NSC 96-3113-H-001-011 and NSC 96-3113-H-001-012.

PY - 2008

Y1 - 2008

N2 - Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

AB - Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

UR - http://www.scopus.com/inward/record.url?scp=58049131271&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58049131271&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-89598-5_11

DO - 10.1007/978-3-540-89598-5_11

M3 - Conference contribution

AN - SCOPUS:58049131271

SN - 3540895973

SN - 9783540895978

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 167

EP - 183

BT - Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings

PB - Springer Verlag

T2 - 3rd International Workshop on Security, IWSEC 2008

Y2 - 25 November 2008 through 27 November 2008

ER -

Involuntary information leakage in social network services

Abstract

Publication series

Other

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this