International Conference: Online Social Networks, 2014, Dublin, Ireland |
The Second ACM Conference on Online Social Networks was held October 1-2, 2014 in Dublin Ireland.
Presentations from the sessions on privacy and anonymity, network identity, security in social networks are cited here. Materials were recovered from the ACM Digital Library on March 2, 2015.
Mishari Almishari. Ekin Oguz,Gene Tsudik; Fighting Authorship Linkability With Crowdsourcing; COSN '14 Proceedings of the Second ACM Conference on Online Social Networks, October 2014, Pages 69-82.
Doi: 10.1145/2660460.2660486
Abstract: Massive amounts of contributed content -- including traditional literature, blogs, music, videos, reviews and tweets -- are available on the Internet today, with authors numbering in many millions. Textual information, such as product or service reviews, is an important and increasingly popular type of content that is being used as a foundation of many trendy community-based reviewing sites, such as TripAdvisor and Yelp. Some recent results have shown that, due partly to their specialized/topical nature, sets of reviews authored by the same person are readily linkable based on simple stylometric features. In practice, this means that individuals who author more than a few reviews under different accounts (whether within one site or across multiple sites) can be linked, which represents a significant loss of privacy. In this paper, we start by showing that the problem is actually worse than previously believed. We then explore ways to mitigate authorship linkability in community-based reviewing. We first attempt to harness the global power of crowdsourcing by engaging random strangers into the process of re-writing reviews. As our empirical results (obtained from Amazon Mechanical Turk) clearly demonstrate, crowdsourcing yields impressively sensible reviews that reflect sufficiently different stylometric characteristics such that prior stylometric linkability techniques become largely ineffective. We also consider using machine translation to automatically re-write reviews. Contrary to what was previously believed, our results show that translation decreases authorship linkability as the number of intermediate languages grows. Finally, we explore the combination of crowdsourcing and machine translation and report on results.
Keywords: author anonymization, author identification, author linkability, authorship attribution, crowdsourcing, stylometry (ID#:15-3944)
URL: http://doi.acm.org/10.1145/2660460.2660486
Sai Teja Peddinti, Keith W. Ross, Justin Cappos; "On the Internet, Nobody Knows You're A Dog": A Twitter Case Study Of Anonymity In Social Networks; COSN '14 Proceedings of the Second ACM Conference on Online Social Networks , October 2014, Pages 83-94. Doi: 10.1145/2660460.2660467
Abstract: Twitter does not impose a Real-Name policy for usernames, giving users the freedom to choose how they want to be identified. This results in some users being Identifiable (disclosing their full name) and some being Anonymous (disclosing neither their first nor last name). In this work we perform a large-scale analysis of Twitter to study the prevalence and behavior of Anonymous and Identifiable users. We employ Amazon Mechanical Turk (AMT) to classify Twitter users as Highly Identifiable, Identifiable, Partially Anonymous, and Anonymous. We find that a significant fraction of accounts are Anonymous or Partially Anonymous, demonstrating the importance of Anonymity in Twitter. We then select several broad topic categories that are widely considered sensitive--including pornography, escort services, sexual orientation, religious and racial hatred, online drugs, and guns--and find that there is a correlation between content sensitivity and a user's choice to be anonymous. Finally, we find that Anonymous users are generally less inhibited to be active participants, as they tweet more, lurk less, follow more accounts, and are more willing to expose their activity to the general public. To our knowledge, this is the first paper to conduct a large-scale data-driven analysis of user anonymity in online social networks.
Keywords: anonymity, behavioral analysis, online social networks, quantify, twitter (ID#:15-3945)
URL: http://doi.acm.org/10.1145/2660460.2660467
Emre Sarigol, David Garcia, Frank Schweitzer; Online Privacy as a Collective Phenomenon; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 95-106. Doi: 10.1145/2660460.2660470
Abstract: The problem of online privacy is often reduced to individual decisions to hide or reveal personal information in online social networks (OSNs). However, with the increasing use of OSNs, it becomes more important to understand the role of the social network in disclosing personal information that a user has not revealed voluntarily: How much of our private information do our friends disclose about us, and how much of our privacy is lost simply because of online social interaction? Without strong technical effort, an OSN may be able to exploit the assortativity of human private features, this way constructing shadow profiles with information that users chose not to share. Furthermore, because many users share their phone and email contact lists, this allows an OSN to create full shadow profiles for people who do not even have an account for this OSN. We empirically test the feasibility of constructing shadow profiles of sexual orientation for users and non-users, using data from more than 3 Million accounts of a single OSN. We quantify a lower bound for the predictive power derived from the social network of a user, to demonstrate how the predictability of sexual orientation increases with the size of this network and the tendency to share personal information. This allows us to define a privacy leak factor that links individual privacy loss with the decision of other individuals to disclose information. Our statistical analysis reveals that some individuals are at a higher risk of privacy loss, as prediction accuracy increases for users with a larger and more homogeneous first- and second-order neighborhood of their social network. While we do not provide evidence that shadow profiles exist at all, our results show that disclosing of private information is not restricted to an individual choice, but becomes a collective decision that has implications for policy and privacy regulation.
Keywords: prediction, privacy, shadow profiles (ID#:15-3946)
URL: http://doi.acm.org/10.1145/2660460.2660470
Luca Rossi, Mirco Musolesi; It's the Way You Check-In: Identifying Users in Location-Based Social Networks; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 215-226. Doi: 10.1145/2660460.2660485
Abstract: In recent years, the rapid spread of smartphones has led to the increasing popularity of Location-Based Social Networks (LBSNs). Although a number of research studies and articles in the press have shown the dangers of exposing personal location data, the inherent nature of LBSNs encourages users to publish information about their current location (i.e., their check-ins). The same is true for the majority of the most popular social networking websites, which offer the possibility of associating the current location of users to their posts and photos. Moreover, some LBSNs, such as Foursquare, let users tag their friends in their check-ins, thus potentially releasing location information of individuals that have no control over the published data. This raises additional privacy concerns for the management of location information in LBSNs. In this paper we propose and evaluate a series of techniques for the identification of users from their check-in data. More specifically, we first present two strategies according to which users are characterized by the spatio-temporal trajectory emerging from their check-ins over time and the frequency of visit to specific locations, respectively. In addition to these approaches, we also propose a hybrid strategy that is able to exploit both types of information. It is worth noting that these techniques can be applied to a more general class of problems where locations and social links of individuals are available in a given dataset. We evaluate our techniques by means of three real-world LBSNs datasets, demonstrating that a very limited amount of data points is sufficient to identify a user with a high degree of accuracy. For instance, we show that in some datasets we are able to classify more than 80% of the users correctly.
Keywords: location-based social networks, privacy, user identification (ID#:15-3947)
URL: http://doi.acm.org/10.1145/2660460.2660485
Ratan Dey, Madhurya Nangia, Keith W. Ross, Yong Liu; Estimating Heights From Photo Collections: A Data-Driven Approach; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 227-238. Doi: 10.1145/2660460.2660466
Abstract: A photo can potentially reveal a tremendous amount of information about an individual, including the individual's height, weight, gender, ethnicity, hair color, skin condition, interests, and wealth. A {\em photo collection} -- a set of inter-related photos including photos of many people appearing in two or more photos -- could potentially reveal a more vivid picture of the individuals in the collection. In this paper we consider the problem of estimating the heights of all the users in a photo collection, such as a collection of photos from a social network. The main ideas in our methodology are (i) for each individual photo, estimate the height differences among the people standing in the photo, (ii) from the photo collection, create a people graph, and combine this graph with the height difference estimates from the individual photos to generate height difference estimates among all the people in the collection, (iii) then use these height difference estimates, as well as an a priori distribution, to estimate the heights of all the people in the photo collection. Because many people will appear in multiple photos across the collection, height-difference estimates can be chained together, potentially reducing the errors in the estimates. To this end, we formulate a Maximum Likelihood Estimation (MLE) problem, which we show can be easily solved as a quadratic programming problem. Intuitively, this data-driven approach will improve as the number of photos and people in the collection increases. We apply the technique to estimating the heights of over 400 movie stars in the IMDb database and of about 30 graduate students.
Keywords: concept extraction, height estimate, image processing, maximum likelihood estimation, people graph, photo collection, privacy (ID#:15-3948)
URL: http://doi.acm.org/10.1145/2660460.2660466
Arthi Ramachandran, Yunsung Kim, Augustin Chaintreau; "I Knew They Clicked When I Saw Them With Their Friends": Identifying Your Silent Web Visitors On Social Media; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 239-246. Doi: 10.1145/2660460.2660461
Abstract: An increasing fraction of users access content on the web from social media. Endorsements by microbloggers and public figures you connect with gradually replaces the curation originally in the hand of traditional media sources. One expects a social media provider to possess a unique ability to analyze audience and trends since they collect not only information about what you actively share, but also about what you silently watch. Your behavior in the latter seems safe from observations outside your online service provider, for privacy but also commercial reasons. In this paper, we show that supposing that your passive web visits are anonymous to your host is a fragile assumption, or alternatively that third parties -- content publishers or providers serving ads onto them -- can efficiently reconciliate visitors with their social media identities. What is remarkable in this technique is that it need no support from the social media provider, it seamlessly applies to visitors who \emph{never} post or endorse content, and a visitor's public identity become known after a few clicks. This method combines properties of the public follower graph with posting behaviors and recent time-based inference, making it difficult to evade without drastic or time-wasting measures. It potentially offers researchers working on traffic datasets a new view into who access content or through which channels.
Keywords: data mining, privacy, social networks (ID#:15-3950)
URL: http://doi.acm.org/10.1145/2660460.2660461
Nicky Robinson, Joseph Bonneau ; Cognitive Disconnect: Understanding Facebook Connect Login Permissions; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 247-258. Doi: 10.1145/2660460.2660471
Abstract: We study Facebook Connect's permissions system using crawling, experimentation, and user surveys. We find several areas in which it it works differently than many users and developers expect. More permissions can be granted than developers intend. In particular, permissions that allow a site to post to the user's profile are granted on an all-or-nothing basis. While users generally understand what data sites can read from their profile, they generally do not understand the full extent of what sites can post. In the case of write permissions, we show that user expectations are influenced by the identity of the requesting site although this has no impact on what is actually enforced. We also find that users generally do not understand the way Facebook Connect permissions interact with Facebook's privacy settings. Our results suggest that users understand detailed, granular messages better than those that are broad and vague.
Keywords: facebook, online social networks, permissions, privacy (ID#:15-3951)
URL: http://doi.acm.org/10.1145/2660460.2660471
Ting-Kai Huang, Bruno Ribeiro, Harsha V. Madhyastha, Michalis Faloutsos; The Socio-Monetary Incentives Of Online Social Network Malware Campaigns; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 259-270. Doi: 10.1145/2660460.2660478
Abstract: Online social networks (OSNs) offer a rich medium of malware propagation. Unlike other forms of malware, OSN malware campaigns direct users to malicious websites that hijack their accounts, posting malicious messages on their behalf with the intent of luring their friends to the malicious website, thus triggering word-of-mouth infections that cascade through the network compromising thousands of accounts. But how are OSN users lured to click on the malicious links? In this work, we monitor 3.5 million Facebook accounts and explore the role of pure monetary, social, and combined socio-monetary psychological incentives in OSN malware campaigns. Among other findings we see that the majority of the malware campaigns rely on pure social incentives. However, we also observe that malware campaigns using socio-monetary incentives infect more accounts and last longer than campaigns with pure monetary or social incentives. The latter suggests the efficiency of an epidemic tactic surprisingly similar to the mechanism used by biological pathogens to cope with diverse gene pools.
Keywords: labor markets, monetary incentives, osn malware, social incentives (ID#:15-3952)
URL: http://doi.acm.org/10.1145/2660460.2660478
Pili Hu, Ronghai Yang, Yue Li, Wing Cheong Lau; Application Impersonation: Problems Of Oauth And API Design In Online Social Networks; COSN '14 Proceedings of the Second ACM conference on Online Social Networks, October 2014, Pages 271-278. Doi: 10.1145/2660460.2660463
Abstract: OAuth 2.0 protocol has enjoyed wide adoption by Online Social Network (OSN) providers since its inception. Although the security guideline of OAuth 2.0 is well discussed in RFC6749 and RFC6819, many real-world attacks due to the implementation specifics of OAuth 2.0 in various OSNs have been discovered. To our knowledge, previously discovered loopholes are all based on the misuse of OAuth and many of them rely on provider side or application side vulnerabilities/ faults beyond the scope of the OAuth protocol. It was generally believed that correct use of OAuth 2.0 is secure. In this paper, we show that OAuth 2.0 is intrinsically vulnerable to App impersonation attack due to its provision of multiple authorization flows and token types. We start by reviewing and analyzing the OAuth 2.0 protocol and some common API design problems found in many 1st tiered OSNs. We then propose the App impersonation attack and investigate its impact on 12 major OSN providers. We demonstrate that, App impersonation via OAuth 2.0, when combined with additional API design features/ deficiencies, make large-scale exploit and privacy-leak possible. For example, it becomes possible for an attacker to completely crawl a 200-million-user OSN within just one week and harvest data objects like the status list and friend list which are expected, by its users, to be private among only friends. We also propose fixes that can be readily deployed to tackle the OAuth2.0-based App impersonation problem.
Keywords: api design in osn, app impersonation attack, oauth 2.0, single sign on, social network privacy (ID#:15-3953)
URL: http://doi.acm.org/10.1145/2660460.2660463
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.