Users of online social networks (OSNs) share personal information with their peers. To manage the access to one’s personal information, each user is enabled to configure its privacy settings. However, even though users are able to customize the privacy of their homepages, their private information could still be compromised by an attacker by exploiting their own and their friends’ public profiles. In this paper, we investigate the unintentional privacy disclosure of an OSN user even with the protection of privacy setting. We collect more than 300,000 Facebook users’ public information and assess their measurable privacy settings. Given only a user’s public information, we propose strategies to uncover the user’s private basic profile or connection information, respectively, and then quantify the possible privacy leakage by applying the proposed schemes to the real user data. We observe that although the majority of users configure their basic profiles or friend lists as private, their basic profiles can be inferred with high accuracy, and a significant portion of their friends can also be uncovered via their public information.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Facebook newsroom,
  3. 3.
  4. 4.
    Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th WWW 2007 (2007)Google Scholar
  5. 5.
    Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: Proceedings of the 2009 ACM SIGCOMM (2009)Google Scholar
  6. 6.
    Balduzzi, M., Platzer, C., Holz, T., Kirda, E., Balzarotti, D., Kruegel, C.: Abusing social networks for automated user profiling. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 422–441. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Bonneau, J., Anderson, J., Anderson, R., Stajano, F.: Eight friends are enough: social graph approximation via public listings. In: Proceedings of the 2nd ACM EuroSys Workshop on SNS 2009 (2009)Google Scholar
  8. 8.
    Chaabane, A., Acs, G., Kaafar, M.A.: You are what you like! information leakage through users’ interests. In: Proceedings of the 19th NDSS 2012 (2012)Google Scholar
  9. 9.
    Eyal, R., Kraus, S., Rosenfeld, A.: Identifying missing node information in social networks. Artificial Intelligence, 1166–1172 (2011)Google Scholar
  10. 10.
    Feldman, A.J., Blankstein, A., Freedman, M.J., Felten, E.W.: Social networking with frientegrity: Privacy and integrity with an untrusted provider. In: The 21st USENIX Security 2012 (August 2012)Google Scholar
  11. 11.
    Girvan, M., Newman, M.E.J.: Community structure in social and biological networks. Proceedings of the National Academy of Sciences 99(12), 7821–7826 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Gundecha, P., Barbier, G., Liu, H.: Exploiting vulnerability to secure user privacy on a social networking site. In: Proceedings of the 17th ACM KDD 2011 (2011)Google Scholar
  13. 13.
    Korolova, A., Motwani, R., Nabar, S.U., Xu, Y.: Link privacy in social networks. In: Proceedings of the 17th ACM CIKM 2008 (2008)Google Scholar
  14. 14.
    Leroy, V., Cambazoglu, B.B., Bonchi, F.: Cold start link prediction. In: Proceedings of the 16th ACM KDD 2010 (2010)Google Scholar
  15. 15.
    Liben-Nowell, D., Kleinberg, J.: The link prediction problem for social networks. In: Proceedings of the 12th CIKM 2003 (2003)Google Scholar
  16. 16.
    Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: Analyzing facebook privacy settings: user expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM IMC 2011 (2011)Google Scholar
  17. 17.
    Madejski, M., Johnson, M., Bellovin, S.M.: A study of privacy setting errors in an online social network. In: Proceedings of SESOC 2012 (2012)Google Scholar
  18. 18.
    Mashima, D., Sarkar, P., Shi, E., Li, C., Chow, R., Song, D.: Privacy settings from contextual attributes: A case study using google buzz. In: PerCom Workshops, pp. 257–262. IEEE (2011)Google Scholar
  19. 19.
    Mislove, A., Viswanath, B., Gummadi, K.P., Druschel, P.: You are who you know: inferring user profiles in online social networks. In: Proceedings of the 3rd ACM WSDM 2010 (2010)Google Scholar
  20. 20.
    Mondal, M., Viswanath, B., Clement, A., Druschel, P., Gummadi, K.P., Mislove, A., Post, A.: Limiting large-scale crawls of social networking sites. SIGCOMM Computer Communication Review 41(4), 398–399 (2011)CrossRefGoogle Scholar
  21. 21.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: Proceedings of 30th IEEE Symposium on Security and Privacy, S&P 2009 (May 2009)Google Scholar
  22. 22.
    Pedarsani, P., Grossglauser, M.: On the privacy of anonymized networks. In: Proceedings of the 17th ACM KDD 2011 (2011)Google Scholar
  23. 23.
    Singh, K., Bhola, S., Lee, W.: xbook: redesigning privacy control in social networking platforms. In: Proceedings of the 18th USENIX Security Symposium, SSYM 2009. USENIX Association, Berkeley (2009)Google Scholar
  24. 24.
    Staddon, J.: Finding “hidden” connections on linkedin an argument for more pragmatic social network privacy. In: Proceedings of the 2nd ACM Workshop AISec 2009 (2009)Google Scholar
  25. 25.
    Tai, C.-H., Yu, P.S., Yang, D.-N., Chen, M.-S.: Privacy-preserving social network publication against friendship attacks. In: Proceedings of the 17th ACM KDD 2011 (2011)Google Scholar
  26. 26.
    Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, S&P 2010 (2010)Google Scholar
  27. 27.
    Yang, Y., Lutes, J., Li, F., Luo, B., Liu, P.: Stalking online: on user privacy in social networks. In: Proceedings of the Second ACM CODASPY 2012, New York, NY, USA (2012)Google Scholar
  28. 28.
    Ying, X., Wu, X.: On link privacy in randomizing social networks. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, T.-B. (eds.) PAKDD 2009. LNCS, vol. 5476, pp. 28–39. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th WWW 2009 (2009)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013

Authors and Affiliations

  • Xin Ruan
    • 1
  • Chuan Yue
    • 2
  • Haining Wang
    • 1
  1. 1.The College of William and MaryWilliamsburgUSA
  2. 2.University of Colorado Colorado SpringsColorado SpringsUSA

Personalised recommendations