Knowledge and Information Systems

, Volume 52, Issue 1, pp 113–145 | Cite as

Shall I post this now? Optimized, delay-based privacy protection in social networks

  • Javier Parra-Arnau
  • Félix Gómez Mármol
  • David Rebollo-Monedero
  • Jordi Forné
Regular Paper

Abstract

Despite the several advantages commonly attributed to social networks such as easiness and immediacy to communicate with acquaintances and friends, significant privacy threats provoked by unexperienced or even irresponsible users recklessly publishing sensitive material are also noticeable. Yet, a different, but equally significant privacy risk might arise from social networks profiling the online activity of their users based on the timestamp of the interactions between the former and the latter. In order to thwart this last type of commonly neglected attacks, this paper proposes an optimized deferral mechanism for messages in online social networks. Such solution suggests intelligently delaying certain messages posted by end users in social networks in a way that the observed online activity profile generated by the attacker does not reveal any time-based sensitive information, while preserving the usability of the system. Experimental results as well as a proposed architecture implementing this approach demonstrate the suitability and feasibility of our mechanism.

Keywords

Time-based profiling Online social networks Privacy-enhancing technology Shannon’s entropy Privacy-utility trade-off 

References

  1. 1.
    Rosenblum D (2007) What anyone can know: the privacy risks of social networking sites. IEEE Secur Priv 5(3):40–49CrossRefGoogle Scholar
  2. 2.
    Heatherly R, Kantarcioglu M, Thuraisingham B (2013) Preventing private information inference attacks on social networks. IEEE Trans Knowl Data Eng 25(8):1849–1862CrossRefGoogle Scholar
  3. 3.
    Lindamood J, Heatherly R, Kantarcioglu M, Thuraisingham B (2009) Inferring private information using social network data. In: Proceedings of the 18th international conference on World wide web. ACM, pp 1145–1146Google Scholar
  4. 4.
    Gómez Mármol F, Gil Pérez M, Martínez Pérez G (2014) Reporting offensive content in social networks: toward a reputation-based assessment approach. IEEE Internet Comput 18(2):32–40. doi:10.1109/MIC.2013.132 CrossRefGoogle Scholar
  5. 5.
    Pina Ros S, Pina Canelles A, Gil Pérez M, Gómez Mármol F, Martínez Pérez G (2015) Chasing offensive conducts in social networks: a reputation-based practical approach for Frisber. ACM Trans Internet Technol 15(4):1–20. doi:10.1145/2797139 Google Scholar
  6. 6.
    Younis Z, Khatib RA (2014) Trending in Ramadan—what do people tweet about during the holy month? The Online Project. Technical report [Online]. http://www.theonlineproject.me/files/reports/Trending_in_Ramadan_-_English1
  7. 7.
    Social media in ramadan—Exploring arab user habits on Facebook and Twitter. The Online Project. Technical Report 2013. [Online]. http://theonlineproject.me/files/newsletters/Social-Media-in-Ramadan-Report-English
  8. 8.
    Bilge L, Strufe T, Balzarotti D, Kirda E (2009) All your contacts belong to us: automated identity theft attacks on social networks. In: Proceedings of ACM international WWW conference, Sanibel Island, FL, pp 551–560Google Scholar
  9. 9.
    Douceur JR (2002) The sybil attack. In: Proceedings of international workshop peer-to-peer syst. (IPTPS). Springer, London, UK, pp 251–260Google Scholar
  10. 10.
    Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) SybilGuard: defending against Sybil attacks via social networks. In: Proceedings of ACM conference special interest group data Communications (SIGCOMM), Pisa, Italy, pp 267–278Google Scholar
  11. 11.
    Yu H, Gibbons PB, Kaminsky M, Xiao F (2010) Sybillimit: a near-optimal social network defense against sybil attacks. IEEE/ACM Trans Netw 18(3):885–898CrossRefGoogle Scholar
  12. 12.
    Zhou B, Pei J (2008) Preserving privacy in social networks against neighborhood attacks. In: Proceedings of IEEE interantoinal conference on data engineering (ICDE), Cancún, Mexico, pp 506–515Google Scholar
  13. 13.
    Zhou B, Pei J (2011) The \(k\)-anonymity and \(l\)-diversity approaches for privacy preservation in social networks against neighborhood attacks. Knowl Inform Syst 28(1):47–77CrossRefGoogle Scholar
  14. 14.
    Shen X, Tan B, Zhai C (2007) Privacy protection in personalized search. ACM Spec. Interest Group Inform. Retrieval (SIGIR) Forum 41(1):4–17. [Online] doi:10.1145/1273221.1273222
  15. 15.
    Chaum D (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24(2):84–88CrossRefGoogle Scholar
  16. 16.
    Cottrell L (1994) Mixmaster and remailer attacks. [Online]. http://obscura.com/~loki/remailer/remailer-essay.html
  17. 17.
    Danezis G (2003) Mix-networks with restricted routes. In: Proceedings of international symposium on privacy enhancing technologies (PETS). Lecture notes computer science (LNCS), pp 1–17Google Scholar
  18. 18.
    Kesdogan D, Egner J, Büschkes R (1998) Stop-and-go mixes: providing probabilistic anonymity in an open system. In: Proceedings of information hiding workshop (IH). Springer, pp 83–98Google Scholar
  19. 19.
    Berthold O, Pfitzmann A, Standtke R (2000) The disadvantages of free MIX routes and how to overcome them. In: Proceedings of designing privacy enhancing technologies: workshop on design issues in anonymity and unobservability. Series Lecture notes computer science (LNCS). Springer, Berkeley, CA, pp 30–45Google Scholar
  20. 20.
    Díaz C, Seys S, Claessens J, Preneel B (2002) Towards measuring anonymity. In: Proceedings of international symposium on privacy enhancing technologies (PETS), Series Lecture notes on computer science (LNCS), vol 2482. Springer, pp 54–68Google Scholar
  21. 21.
    Serjantov A, Danezis G (2002) Towards an information theoretic metric for anonymity. In: Proceedings of international symposium on privacy enhancing technologies (PETS), vol 2482. Springer, pp 41–53Google Scholar
  22. 22.
    Steinbrecher S, Kopsell S (2003) Modelling unlinkability. In: Proceedings of internaional symposium on privacy enhancing technologies (PETS). Springer, pp 32–47Google Scholar
  23. 23.
    Díaz C (2005) Anonymity and privacy in electronic services. Ph.D. dissertation, Katholieke University, LeuvenGoogle Scholar
  24. 24.
    Rebollo-Monedero D, Forné J (2010) Optimal query forgery for private information retrieval. IEEE Trans Inform Theory 56(9):4631–4642MathSciNetCrossRefGoogle Scholar
  25. 25.
    Howe DC, Nissenbaum H (2009) Lessons from the identity trail: privacy, anonymity and identity in a networked society. NY: Oxford Univ. Press, ch. TrackMeNot: Resisting surveillance in Web search, pp 417–436. [Online]. http://mrl.nyu.edu/~dhowe/trackmenot
  26. 26.
    Parra-Arnau J, Perego A, Ferrari E, Forné J, Rebollo-Monedero D (Jan. 2014) Privacy-preserving enhanced collaborative tagging. IEEE Trans. Knowl. Data Eng., 26(1):180–193, [Online]. Available: doi:10.1109/TKDE.2012.248
  27. 27.
    Parra-Arnau J, Rebollo-Monedero D, Forné J, Muñoz JL, Esparza O (2012) Optimal tag suppression for privacy protection in the semantic Web. Data Knowl Eng 81–82:46–66 [Online]. doi:10.1016/j.datak.2012.07.004
  28. 28.
    Deng M (2010) Privacy preserving content protection. Ph.D. dissertation, Katholieke University, LeuvenGoogle Scholar
  29. 29.
    Levine BN, Reiter MK, Wang C, Wright M (2004) Timing attacks in low-latency mix systems. In: Proceedings of international financial cryptography conference. Springer, pp 251–265Google Scholar
  30. 30.
    Bauer K, McCoy D, Grunwald D, Kohno T, Sicker D (2007) Low-resource routing attacks against anonymous systems. University of Colorado, Technical reportGoogle Scholar
  31. 31.
    Murdoch SJ, Danezis G (2005) Low-cost traffic analysis of tor. In: Proceedings of IEEE symposium security and privacy (SP), pp 183–195Google Scholar
  32. 32.
    Pfitzmann B, Pfitzmann A (1990) How to break the direct RSA implementation of mixes. In: Proceedings of annual international conference on the theory and applications of cryptographic techniques (EUROCRYPT). Springer, pp 373–381Google Scholar
  33. 33.
    Grossman WM (1996) alt.scientology.war, [Online]. www.wired.com/wired/archive/3.12/alt.scientology.war_pr.html
  34. 34.
    AOL search data scandal (2006) Accessed on 15 November 2013. [Online]. http://en.wikipedia.org/wiki/AOL_search_data_scandal
  35. 35.
    European data protection supervisor (2013) [Online]. http://www.edps.europa.eu
  36. 36.
    Twitter charts - xefer. [Online]. http://xefer.com/twitter/
  37. 37.
    Xu Y, Wang K, Zhang B, Chen Z (2007) Privacy-enhancing personalized Web search. In: Proceedings of the international WWW conference. ACM, pp 591–600Google Scholar
  38. 38.
    Ye S, Wu F, Pandey R, Chen H (2009) Noise injection for search privacy protection. In: Proceedings of international conference on computer science engineering. IEEE Computer Society, pp 1–8Google Scholar
  39. 39.
    Erola A, Castellà-Roca J, Viejo A, Mateo-Sanz JM (2011) Exploiting social networks to provide privacy in personalized Web search. J Syst Softw 84(10):1734–745. [Online]. http://www.sciencedirect.com/science/article/pii/S0164121211001117
  40. 40.
    Parra-Arnau J, Rebollo-Monedero D, Forné J (2014) Measuring the privacy of user profiles in personalized information systems. Future Gen Comput Syst (FGCS), Special Issue Data, Knowl Eng 33:53–63 [Online]. doi:10.1016/j.future.2013.01.001
  41. 41.
    Hildebrandt M, Backhouse J, Andronikou V, Benoist E, Canhoto A, Diaz C, Gasson M, Geradts Z, Meints M, Nabeth T, Bendegem JPV, der Hof SV, Vedder A, Yannopoulos A (2005) Descriptive analysis and inventory of profiling practices—deliverable 7.2. Future Identity Information Society (FIDIS), Technical reportGoogle Scholar
  42. 42.
    Hildebrandt M, Gutwirth S (eds) (2008) Profiling the European citizen: cross-disciplinary perspectives. Springer, BerlinGoogle Scholar
  43. 43.
    Jaynes ET (1982) On the rationale of maximum-entropy methods. Proc IEEE 70(9):939–952CrossRefGoogle Scholar
  44. 44.
    Cover TM, Thomas JA (2006) Elements of information theory, 2nd edn. Wiley, New YorkMATHGoogle Scholar
  45. 45.
    Boyd S, Vandenberghe L (2004) Convex optimization. Cambridge University Press, CambridgeCrossRefMATHGoogle Scholar
  46. 46.
    Parra-Arnau J, Rebollo-Monedero D, Forné J (2014) Optimal forgery and suppression of ratings for privacy enhancement in recommendation systems. Entropy, 16(3):1586–1631. [Online]. http://www.mdpi.com/1099-4300/16/3/1586
  47. 47.
    Apostol TM (1974) Mathematical analysis. A modern approach to advanced calculus, 2nd edn. Addison Wesley, BostonGoogle Scholar
  48. 48.
    Viswanath B, Mislove A, Cha M, Gummadi KP (2009) On the evolution of user interaction in facebook. In: Proceedings of the 2nd ACM SIGCOMM workshop on social networks (WOSN’09),Google Scholar
  49. 49.
    Ferrara E, Interdonato R, Tagarelli A (2014) Online popularity and topical interests through the lens of instagram. In: Proceedings of ACM conference on hypertext and social media (HT), pp 24–34Google Scholar

Copyright information

© Springer-Verlag London 2016

Authors and Affiliations

  • Javier Parra-Arnau
    • 1
  • Félix Gómez Mármol
    • 2
  • David Rebollo-Monedero
    • 1
  • Jordi Forné
    • 1
  1. 1.Department of Telematics EngineeringUniversitat Politècnica de CatalunyaBarcelonaSpain
  2. 2.NEC Laboratories EuropeHeidelbergGermany

Personalised recommendations