SocialSpy: Browsing (Supposedly) Hidden Information in Online Social Networks

  • Andrea Burattin
  • Giuseppe Cascavilla
  • Mauro Conti
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8924)


Online Social Networks are becoming the most important “places” where people share information about their lives. With the increasing concern that users have about privacy, most social networks offer ways to control the privacy of the user. Unfortunately, we believe that current privacy settings are not as effective as users might think.

In this paper, we highlight this problem focusing on one of the most popular social networks, Facebook. In particular, we show how easy it is to retrieve information that a user might have set as (and hence thought as) “private”. As a case study, we focus on retrieving the list of friends for users that did set this information as “hidden” (to non-friends). We propose four different strategies to achieve this goal, and we evaluate them. The results of our thorough experiments show the feasibility of our strategies as well as their effectiveness: our approach is able to retrieve a significant percentage of the names of the “hidden” friends: i.e., some 25 % on average, and more than 70 % for some users.



Mauro Conti is supported by a Marie Curie Fellowship funded by the European Commission under the agreement n. PCIG11-GA-2012-321980. This work has been partially supported by the TENACE PRIN Project 20103P34XC funded by the Italian MIUR, and by the Project “Tackling Mobile Malware with Innovative Machine Learning Techniques” funded by the University of Padua.


  1. 1.
    Walker, M.: The history of Social Networking (2011).
  2. 2.
    Money, C.: Facebook reaches one billion users (2012).
  3. 3.
    CNET: Facebook processes more than 500TB of data daily (2012).
  4. 4.
    Bass, S.: China’s Facebook status: Blocked (2009).
  5. 5.
    Dehghan, S.K.: Iran clamps down on Internet use (2012).
  6. 6.
    Desk, N.: Bangladesh sets precondition for unblocking YouTube (2012).
  7. 7.
    Groves, C.: Facebook changes through the years: Social Media Revolution (2011).
  8. 8.
  9. 9.
    Ratan, D., Cong, T., Keith, R., Nitesh, S.: Estimating age privacy leakage in online social networks. In: IEEE INFOCOM, pp. 2836–2840 (2012)Google Scholar
  10. 10.
    Luo, W., Liu, J., Liu, J., Fan, C.: An analysis of security in social networks. In: IEEE DASC, pp. 648–651 (2009)Google Scholar
  11. 11.
    Chaney, P.: Facebook Changes Layout of Mobile App (2013).
  12. 12.
    Consumer Reports Magazine: Facebook & your privacy (2012).
  13. 13.
    Madejski, M., Johnson, M., Bellovin, S.M.: A study of privacy settings errors in an online social network. In: IEEE PERCOM Workshops, pp. 340–345 (2012)Google Scholar
  14. 14. OSINT, one important kind of intelligence.
  15. 15.
    Steele, R.D.: Open source intelligence. In: Johnson, L. (ed.) Handbook of Intelligence Studies. Routledge, New York (2007)Google Scholar
  16. 16.
    Facebook: Facebook developers page - Graph API.
  17. 17.
    Constine, J.: Facebook Announces Friendship Pages That Show Friends’ Mutual Content.
  18. 18.
    Facebook: Facebook Social Plugins.
  19. 19.
    Kandias, M., Mitrou, L., Stavrou, V., Gritzalis, D.: Which side are you on? - a new panopticon vs. privacy. In: SECRYPT, pp. 98–110 (2013)Google Scholar
  20. 20.
    Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. 110, 5802–5805 (2013)Google Scholar
  21. 21.
    Wisegeek: What is a web Crawler?
  22. 22.
    Tang, C., Ross, K., Saxena, N., Chen, R.: What’s in a name: a study of names, gender inference, and gender behavior in facebook. In: Xu, J., Yu, G., Zhou, S., Unland, R. (eds.) DASFAA Workshops 2011. LNCS, vol. 6637, pp. 344–356. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  23. 23.
    Thomas, K., Grier, C., Nicol, D.M.: unFriendly: multi-party privacy risks in social networks. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 236–252. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  24. 24.
    Zhang, L., Zhang, W.: An information extraction attack against on-line social networks. In: SocialInformatics, pp. 49–55 (2012)Google Scholar
  25. 25.
    Costantino, G., Martinelli, F., Sgandurra, D.: Are photos on social networks really private? In: CTS, pp.162–165 (2013)Google Scholar
  26. 26.
    Luo, W., Xie, Q., Hengartner, U.: FaceCloak: an architecture for user privacy on social networking sites. In: IEEE CSE, pp. 26–33 (2009)Google Scholar
  27. 27.
    Conti, M., Hasani, A., Crispo, B.: Virtual private social networks and a facebook implementation. ACM Trans. Web 7(3), 14:1–14:31 (2013)CrossRefGoogle Scholar
  28. 28.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: IEEE Symposium on Security and Privacy, pp. 173–187 (2009)Google Scholar
  29. 29.
    Beato, F., Conti, M., Preneel, B.: Friend in the Middle (FiM): tackling de-anonymization in social networks. In: IEEE PERCOM Workshops, pp. 279–284 (2013)Google Scholar
  30. 30.
    Beato, F., Conti, M., Preneel, B., Vettore, D.: VirtualFriendship: hiding interactions on online social networks. In: IEEE CNS (2014)Google Scholar
  31. 31.
    Buchegger, S., Schiöberg, D., Vu, L.H., Datta, A.: PeerSoN: P2P social networking: early experiences and insights. In: ACM Workshop, pp. 46–52 (2009)Google Scholar
  32. 32.
    Conti, M., Poovendran, R., Secchiero, M.: FakeBook: detecting fake profiles in on-line social networks. In: ASONAM, pp. 1071–1078 (2012)Google Scholar
  33. 33.
    Nagle, F., Singh, L.: Can friends be trusted? Exploring privacy in online social networks. In: ASONAM, pp. 312–315 (2009)Google Scholar
  34. 34.
    Dey, R., Jelveh, Z., Ross, K.W.: Facebook users have become much more private: a large-scale study. In: IEEE PERCOM Workshops, pp. 346–352 (2012)Google Scholar
  35. 35.
    Pineda, N.: Facebook tips: What’s the difference between a Facebook Page and Group? (2010).
  36. 36.
    TripAdvisor: Tripadvisor. http://www.facebook/TripAdvisor
  37. 37.
    Get-Spotify: Spotify. http://www.facebook/get-spotify
  38. 38.
    He, R.C.: Facebook developers page - Introducing new Like and Share buttons.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Andrea Burattin
    • 1
  • Giuseppe Cascavilla
    • 2
    • 3
  • Mauro Conti
    • 1
  1. 1.University of PadovaPaduaItaly
  2. 2.University of L’AquilaL’AquilaItaly
  3. 3.VU UniversityAmsterdamThe Netherlands

Personalised recommendations