Communications of the ACM
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)
Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)
Communications of the ACM
Understanding privacy settings in facebook with an audience view
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
FaceCloak: An Architecture for User Privacy on Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
FaceTrust: assessing the credibility of online personas via social networks
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Imagined communities: awareness, information sharing, and privacy on the facebook
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Message splitting against the partial adversary
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Safebook: A privacy-preserving online social network leveraging on real-life trust
IEEE Communications Magazine
Human subjects, agents, or bots: current issues in ethics and computer security research
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
We investigate the degree to which privacy preserving technologies (PPT) are able to protect an organization against a variety of attacks aimed at undermining their privacy. We studied a PPT at a United States based organization and executed multiple attacks associated with network monitoring, phishing, and online social networks (OSNs). To begin, we received written authorization to conduct this study from the General Counsel of the case study organization and completed a formal application with the George Mason University Human Subject Review Board. Next, we surveyed 160 of the PPT users to get an idea of their background and security knowledge when it comes to privacy and anonymization on the Internet. We incorporated a network monitoring solution to monitor the websites and the actions performed by the users while on the PPT. The point of the phishing attack was to determine what additional information the users were willing to give up. We found that 92 of the 160 (58 percent) participants fell victim to our phishing campaign. The last attack phase shows the extent to which information made freely available on an online social network can negatively impact the anonymization offered by the PPT. We were able to determine the (Facebook) profiles of 34 of the 160 participants (21 percent). Upon completion of the attacks, we compiled the information and presented it to the users as security awareness training.