Involuntary information leakage in social network services

Ieng Fat Lam, Kuan Ta Chen, Ling Jyh Chen

研究成果: 書貢獻/報告類型會議貢獻

31 引文 (Scopus)

摘要

Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

原文英語
主出版物標題Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings
頁面167-183
頁數17
DOIs
出版狀態已發佈 - 2008 十二月 31
事件3rd International Workshop on Security, IWSEC 2008 - Kagawa, 日本
持續時間: 2008 十一月 252008 十一月 27

出版系列

名字Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
5312 LNCS
ISSN(列印)0302-9743
ISSN(電子)1611-3349

其他

其他3rd International Workshop on Security, IWSEC 2008
國家日本
城市Kagawa
期間08/11/2508/11/27

指紋

Spamming
Leakage
Social Networks
Private Information
Taiwan
Privacy
Attack
Heuristics

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

引用此文

Lam, I. F., Chen, K. T., & Chen, L. J. (2008). Involuntary information leakage in social network services. 於 Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings (頁 167-183). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 5312 LNCS). https://doi.org/10.1007/978-3-540-89598-5-11

Involuntary information leakage in social network services. / Lam, Ieng Fat; Chen, Kuan Ta; Chen, Ling Jyh.

Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. 2008. p. 167-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 5312 LNCS).

研究成果: 書貢獻/報告類型會議貢獻

Lam, IF, Chen, KT & Chen, LJ 2008, Involuntary information leakage in social network services. 於 Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 5312 LNCS, 頁 167-183, 3rd International Workshop on Security, IWSEC 2008, Kagawa, 日本, 08/11/25. https://doi.org/10.1007/978-3-540-89598-5-11
Lam IF, Chen KT, Chen LJ. Involuntary information leakage in social network services. 於 Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. 2008. p. 167-183. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-89598-5-11
Lam, Ieng Fat ; Chen, Kuan Ta ; Chen, Ling Jyh. / Involuntary information leakage in social network services. Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings. 2008. 頁 167-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{a2b5cc052f6249d2b8ae04cc31bd6055,
title = "Involuntary information leakage in social network services",
abstract = "Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72{\%} of the accounts and the full name of 30{\%} of the accounts could be easily inferred by using a number of heuristics. The age of 15{\%} of the account holders and at least one school attended by 42{\%} of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.",
author = "Lam, {Ieng Fat} and Chen, {Kuan Ta} and Chen, {Ling Jyh}",
year = "2008",
month = "12",
day = "31",
doi = "10.1007/978-3-540-89598-5-11",
language = "English",
isbn = "3540895973",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "167--183",
booktitle = "Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings",

}

TY - GEN

T1 - Involuntary information leakage in social network services

AU - Lam, Ieng Fat

AU - Chen, Kuan Ta

AU - Chen, Ling Jyh

PY - 2008/12/31

Y1 - 2008/12/31

N2 - Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

AB - Disclosing personal information in online social network services is a double-edged sword. Information exposure is usually a plus, even a must, if people want to participate in social communities; however, leakage of personal information, especially one's identity, may invite malicious attacks from the real world and cyberspace, such as stalking, reputation slander, personalized spamming and phishing. Even if people do not reveal their personal information online, others may do so. In this paper, we consider the problem of involuntary information leakage in social network services and demonstrate its seriousness with a case study of Wretch, the biggest social network site in Taiwan. Wretch allows users to annotate their friends' profiles with a one-line description, from which a friend's private information, such as real name, age, and school attendance records, may be inferred without the information owner's knowledge. Our analysis results show that users' efforts to protect their privacy cannot prevent their personal information from being revealed online. In 592,548 effective profiles that we collected, the first name of 72% of the accounts and the full name of 30% of the accounts could be easily inferred by using a number of heuristics. The age of 15% of the account holders and at least one school attended by 42% of the holders could also be inferred. We discuss several potential means of mitigating the identified involuntary information leakage problem.

UR - http://www.scopus.com/inward/record.url?scp=58049131271&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58049131271&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-89598-5-11

DO - 10.1007/978-3-540-89598-5-11

M3 - Conference contribution

AN - SCOPUS:58049131271

SN - 3540895973

SN - 9783540895978

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 167

EP - 183

BT - Advances in Information and Computer Security - Third International Workshop on Security, IWSEC 2008, Proceedings

ER -