Web browser history detection as a real-world privacy threat
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Abusing social networks for automated user profiling
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Exposing the lack of privacy in file hosting services
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Exploiting vulnerability to secure user privacy on a social networking site
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
On the privacy of anonymized networks
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Multiparty authorization framework for data sharing in online social networks
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
A comparison of two different types of online social network from a data privacy perspective
MDAI'11 Proceedings of the 8th international conference on Modeling decisions for artificial intelligence
Unix systems monitoring with FCA
ICCS'11 Proceedings of the 19th international conference on Conceptual structures for discovering knowledge
Timing is everything: the importance of history detection
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Mailbook: privacy-protecting social networking via email
Proceedings of the Third International Conference on Internet Multimedia Computing and Service
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Privacy-enhanced social-network routing
Computer Communications
Sherlock holmes' evil twin: on the impact of global inference for online privacy
Proceedings of the 2011 workshop on New security paradigms workshop
Detecting and resolving privacy conflicts for collaborative data sharing in online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
Social snapshots: digital forensics for online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
Fine-grained access control of personal data
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
User tracking on the web via cross-browser fingerprinting
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Clickjacking: attacks and defenses
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Scriptless attacks: stealing the pie without touching the sill
Proceedings of the 2012 ACM conference on Computer and communications security
Keeping identity secret in online social networks
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Theoretical Results on De-Anonymization via Linkage Attacks
Transactions on Data Privacy
On the linkability of complementary information from free versions of people databases
ACM SIGMETRICS Performance Evaluation Review
Exploiting innocuous activity for correlating users across sites
Proceedings of the 22nd international conference on World Wide Web
Proceedings of the 22nd international conference on World Wide Web
On the performance of percolation graph matching
Proceedings of the first ACM conference on Online social networks
You cannot hide for long: de-anonymization of real-world dynamic behaviour
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Privacy vulnerability of published anonymous mobility traces
IEEE/ACM Transactions on Networking (TON)
Flow stealing: A well-timed redirection attack
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
| Hi-index | 0.00 |
Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates and have millions of registered users. In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is sufficient to uniquely identify this person, or, at least, to significantly reduce the set of possible candidates. That is, rather than tracking a user's browser as with cookies, it is possible to track a person. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors. The implications of our attack are manifold, since it requires a low effort and has the potential to affect millions of social networking users. We perform both a theoretical analysis and empirical measurements to demonstrate the feasibility of our attack against Xing, a medium-sized social network with more than eight million members that is mainly used for business relationships. Furthermore, we explored other, larger social networks and performed experiments that suggest that users of Facebook and LinkedIn are equally vulnerable.