Proceedings of the 18th international conference on World wide web
Inferring privacy information from social networks
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
| Hi-index | 0.00 |
Social Network Systems (SNSs) providers allow third-party extensions to access users' information through an Application Programming Interface (API). Once an extension has been authorized by a user to access data in a user's profile, there is no more control on how that extension uses the data. This raises serious concerns about user privacy because a malicious extension may infer some private information based on the legitimately accessible information. This information leakage is called an inference attack. In addition, inference attacks are not only a privacy violation, they could also be used as the building blocks for more dangerous security attacks, such as identity theft. In this work, we conduct a comprehensive empirical study to assess the feasibility and accuracy of inference attacks that are launched from the extension API of SNSs. We also discuss an attack scenario in which inference attacks are employed as building blocks. The significance of this work is in thoroughly discussing how inference attacks could happen in practice via the extension API of SNSs, and highlighting the clear and present danger of even the naively crafted inference attacks.