research-article

Your love is public now: questioning the use of personal information in authentication

Authors:

Swapna Gottipati,

Debin GaoAuthors Info & Claims

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 49 - 60

https://doi.org/10.1145/2484313.2484319

Published: 08 May 2013 Publication History

Abstract

Most social networking platforms protect user's private information by limiting access to it to a small group of members, typically friends of the user, while allowing (virtually) everyone's access to the user's public data. In this paper, we exploit public data available on Facebook to infer users' undisclosed interests on their profile pages. In particular, we infer their undisclosed interests from the public data fetched using Graph APIs provided by Facebook. We demonstrate that simply liking a Facebook page does not corroborate that the user is interested in the page. Instead, we perform sentiment-oriented mining on various attributes of a Facebook page to determine the user's real interests. Our experiments conducted on over 34,000 public pages collected from Facebook and data from volunteers show that our inference technique can infer interests that are often hidden by users on their personal profile with moderate accuracy. We are able to disclose 22 interests of a user and find more than 80,097 users with at least 2 interests. We also show how this inferred information can be used to break a preference based backup authentication system.

References

[1]

F. L. Attorney. Maintaining privacy and starting a separate life during divorce. http://goo.gl/Nm5Wc.

[2]

A. E. S. Baccianella and F. Sebastiani. Sentiwordnet 3.0: An enhanced lexical resource for sentiment analysis and opinion mining. In Proceedings of the Seventh conference on International Language Resources and Evaluation (LREC'10), Valletta, Malta, May 2010. European Language Resources Association (ELRA).

[3]

M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user profiling. In Proceedings of the 13th international conference on Recent advances in intrusion detection, RAID'10, pages 422--441, Berlin, Heidelberg, 2010. Springer-Verlag.

Digital Library

[4]

A. Chaabane, G. Acs, and M. A. Kaafar. You are what you like! Information leakage through users' Interests. In Proceedings of the 19th Annual Network & Distributed System Security Symposium, Feb. 2012.

[5]

Y. Chen, D. Pavlov, and J. F. Canny. Large-scale behavioral targeting. In Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '09, pages 209--218, New York, NY, USA, 2009. ACM.

Digital Library

[6]

N. Cubrilovic. The anatomy of the twitter attack. http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/.

[7]

Facebook. Facebook pages. http://www.facebook.com/directory/pages/.

[8]

Facebook. Graph api. https://www.developers. facebook.com/docs/reference/api/.

[9]

C. Fellbaum. Wordnet: An electronic lexical database. http://wordnet.princeton.edu/.

[10]

L. Gannes. Mole-whacking: Vendor says spam is growing on facebook fan pages. http://goo.gl/a89Aa.

[11]

S. Gauch, M. Speretta, A. Chandramouli, and A. Micarelli. The adaptive web. In P. Brusilovsky, A. Kobsa, and W. Nejdl, editors, The Adaptive Web, chapter User profiles for personalized information access, pages 54--89. Springer-Verlag, Berlin, Heidelberg, 2007.

Digital Library

[12]

D. Gayo Avello. All liaisons are dangerous when all your friends are known to us. In Proceedings of the 22nd ACM conference on Hypertext and hypermedia, HT '11, pages 171--180, New York, NY, USA, 2011. ACM.

Digital Library

[13]

O. Goga, H. Lei, S. H. K. Parthasarathi, G. Friedland, R. Sommer, and R. Teixeira. On exploiting innocuous user activity for correlating accounts across asocial network sites & twitter & personal profiles. Technical report, International Computer Science Institute, 2012.

[14]

M. Hu and B. Liu. Mining and summarizing customer reviews. In KDD, pages 168--177, 2004.

Digital Library

[15]

R. Inc. The blue moon authentication system. http://www.ravenwhite.com/iforgotmypassword.html.

[16]

D. Irani, S. Webb, K. Li, and C. Pu. Modeling unintended personal-information leakage from multiple online social networks. IEEE Internet Computing, 15(3):13--19, May 2011.

Digital Library

[17]

M. Jakobsson, E. Stolterman, S. Wetzel, and L. Yang. Love and authentication. In Proceedings of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, CHI '08, pages 197--200, New York, NY, USA, 2008. ACM.

Digital Library

[18]

X. Jin, C. Wang, J. Luo, X. Yu, and J. Han. Likeminer: a system for mining the power of 'like' in social media networks. In Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '11, pages 753--756, New York, NY, USA, 2011. ACM.

Digital Library

[19]

Y. Koren, R. Bell, and C. Volinsky. Matrix factorization techniques for recommender systems, 2009.

[20]

J. Lindamood, R. Heatherly, M. Kantarcioglu, and B. Thuraisingham. Inferring private information using social network data. In Proceedings of the 18th international conference on World wide web, WWW '09, pages 1145--1146, New York, NY, USA, 2009. ACM.

Digital Library

[21]

A. Mislove, B. Viswanath, K. P. Gummadi, and P. Druschel. You are who you know: inferring user profiles in online social networks. In Proceedings of the third ACM international conference on Web search and data mining, WSDM '10, pages 251--260, New York, NY, USA, 2010. ACM.

Digital Library

[22]

J. Owyang. The many challenges of social network sites, 2008.

[23]

B. Pang, L. Lee, and S. Vaithyanathan. Thumbs up?: sentiment classification using machine learning techniques. In Proceedings of the ACL-02 conference on Empirical methods in natural language processing - Volume 10, EMNLP '02, pages 79--86, Stroudsburg, PA, USA, 2002. Association for Computational Linguistics.

Digital Library

[24]

A. Rabkin. Personal knowledge questions for fallback authentication: security questions in the era of facebook. In Proceedings of the 4th symposium on Usable privacy and security, SOUPS '08, pages 13--23, New York, NY, USA, 2008. ACM.

Digital Library

[25]

Robots.txt. A standard for robot exclusion. http://www.robotstxt.org/orig.html.

[26]

U. T. Ted Bridis, Associated Press Writer. Hacker impersonated palin, stole e-mail password. http://www.usatoday.com/news/politics/2008-09-17-152224562_x.htm.

[27]

K. Toutanova, D. Klein, C. D. Manning, and Y. Singer. Feature-rich part-of-speech tagging with a cyclic dependency network. In Proceedings of the 2003 Conference of the North American Chapter of the Association for Computational Linguistics on Human Language Technology - Volume 1, NAACL '03, pages 173--180, Stroudsburg, PA, USA, 2003. Association for Computational Linguistics.

Digital Library

[28]

A. Tsotsis. Hacker proves facebook's public data is public. http://techcrunch.com/2010/07/28/hacker-proves-facebooks-public-data-is-public/.

[29]

P. D. Turney. Thumbs up or thumbs down?: semantic orientation applied to unsupervised classification of reviews. In ACL '02: Proceedings of the 40th Annual Meeting on Association for Computational Linguistics, pages 417--424, Morristown, NJ, USA, 2002. Association for Computational Linguistics.

Digital Library

[30]

T. Wilson, J. Wiebe, and P. Hoffmann. Recognizing contextual polarity: An exploration of features for phrase-level sentiment analysis. Computational Linguistics, 35(3):399--433, 2009.

Digital Library

[31]

Yahoo. Rate limiting for yahoo! search web services. http://developer.yahoo.com/search/rate.html.

[32]

S.-H. Yang, B. Long, A. Smola, N. Sadagopan, Z. Zheng, and H. Zha. Like like alike: joint friendship and interest propagation in social networks. In Proceedings of the 20th international conference on World wide web, WWW '11, pages 537--546, New York, NY, USA, 2011. ACM.

Digital Library

[33]

E. Zheleva and L. Getoor. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web, WWW '09, pages 531--540, New York, NY, USA, 2009. ACM.

Digital Library

Cited By

Ma ZXu SLiu BCao J(2023)LPP2KL: Online Location Privacy Protection Against Knowing-and-Learning Attacks for LBSsIEEE Transactions on Computational Social Systems10.1109/TCSS.2022.314207810:1(234-245)Online publication date: Mar-2023
https://doi.org/10.1109/TCSS.2022.3142078
Lou JZhang XZhang YLi XYuan XZhang N(2023)Devils in Your Apps: Vulnerabilities and User Privacy Exposure in Mobile Notification Systems2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00017(28-41)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00017
Piao YYe KCui X(2021)Privacy Inference Attack Against Users in Online Social Networks: A Literature ReviewIEEE Access10.1109/ACCESS.2021.30642089(40417-40431)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3064208
Show More Cited By

Index Terms

Your love is public now: questioning the use of personal information in authentication
1. Security and privacy
  1. Security services
    1. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

Exploiting Linked Open Data in Cold-start Recommendations with Positive-only Feedback
CERI '16: Proceedings of the 4th Spanish Conference on Information Retrieval

In recommender systems, user preferences can be acquired either explicitly by means of ratings, or implicitly --e.g., by processing text reviews, and by mining item browsing and purchasing records. Most existing collaborative filtering approaches have ...
DLSF: Deep learning and semantic fusion based recommendation system
Abstract
An intelligent recommendation system facilitates users by recommending items based on the user’s preferences. Most of the existing recommender systems employ collaborative filtering which consider homogenous data only and does not exploit ...
Presenting new collaborative link prediction methods for activity recommendation in Facebook

One of the common methods used in recommender systems is collaborative filtering methods. In these methods, same-interest users' preferences are often recommended to each other based on examining their past interests. On the other hand, one of the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

May 2013

574 pages

ISBN:9781450317672

DOI:10.1145/2484313

General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '13

Sponsor:

SIGSAC

ASIA CCS '13: 8th ACM Symposium on Information, Computer and Communications Security

May 8 - 10, 2013

Hangzhou, China

Acceptance Rates

ASIA CCS '13 Paper Acceptance Rate 35 of 216 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
322
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ma ZXu SLiu BCao J(2023)LPP2KL: Online Location Privacy Protection Against Knowing-and-Learning Attacks for LBSsIEEE Transactions on Computational Social Systems10.1109/TCSS.2022.314207810:1(234-245)Online publication date: Mar-2023
https://doi.org/10.1109/TCSS.2022.3142078
Lou JZhang XZhang YLi XYuan XZhang N(2023)Devils in Your Apps: Vulnerabilities and User Privacy Exposure in Mobile Notification Systems2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00017(28-41)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00017
Piao YYe KCui X(2021)Privacy Inference Attack Against Users in Online Social Networks: A Literature ReviewIEEE Access10.1109/ACCESS.2021.30642089(40417-40431)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3064208
Micallef NArachchilage N(2021)Understanding users’ perceptions to improve fallback authenticationPersonal and Ubiquitous Computing10.1007/s00779-021-01571-yOnline publication date: 23-May-2021
https://doi.org/10.1007/s00779-021-01571-y
Mao JTian WYang YLiu J(2019)An Efficient Social Attribute Inference Scheme Based on Social Links and Attribute RelevanceIEEE Access10.1109/ACCESS.2019.2946179(1-1)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2946179
Du TTao TLiu BJin XLi JJi S(2019)You Are What You Search: Attribute Inference Attacks Through Web Search QueriesSecurity with Intelligent Computing and Big-data Services10.1007/978-3-030-16946-6_27(343-358)Online publication date: 17-Apr-2019
https://doi.org/10.1007/978-3-030-16946-6_27
Gong NLiu B(2018)Attribute Inference Attacks in Online Social NetworksACM Transactions on Privacy and Security10.1145/315479321:1(1-30)Online publication date: 2-Jan-2018
https://doi.org/10.1145/3154793
Jia JWang BZhang LGong NBarrett RCummings RAgichtein EGabrilovich E(2017)AttriInferProceedings of the 26th International Conference on World Wide Web10.1145/3038912.3052695(1561-1569)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/3038912.3052695
Hang ADe Luca AHussmann HBegole BKim JInkpen KWoo W(2015)I Know What You Did Last Week! Do You?Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems10.1145/2702123.2702131(1383-1392)Online publication date: 18-Apr-2015
https://dl.acm.org/doi/10.1145/2702123.2702131

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents