Proceedings of the 18th international conference on World wide web
On the evolution of user interaction in Facebook
Proceedings of the 2nd ACM workshop on Online social networks
You are who you know: inferring user profiles in online social networks
Proceedings of the third ACM international conference on Web search and data mining
unfriendly: multi-party privacy risks in social networks
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Beyond Social Graphs: User Interactions in Online Social Networks and their Implications
ACM Transactions on the Web (TWEB)
Multi-scale dynamics in a massive online social network
Proceedings of the 2012 ACM conference on Internet measurement conference
Hi-index | 0.00 |
Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions.