unFriendly: Multi-party Privacy Risks in Social Networks

  • Kurt Thomas
  • Chris Grier
  • David M. Nicol
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6205)


As the popularity of social networks expands, the information users expose to the public has potentially dangerous implications for individual privacy. While social networks allow users to restrict access to their personal data, there is currently no mechanism to enforce privacy concerns over content uploaded by other users. As group photos and stories are shared by friends and family, personal privacy goes beyond the discretion of what a user uploads about himself and becomes an issue of what every network participant reveals. In this paper, we examine how the lack of joint privacy controls over content can inadvertently reveal sensitive information about a user including preferences, relationships, conversations, and photos. Specifically, we analyze Facebook to identify scenarios where conflicting privacy settings between friends will reveal information that at least one user intended remain private. By aggregating the information exposed in this manner, we demonstrate how a user’s private attributes can be inferred from simply being listed as a friend or mentioned in a story. To mitigate this threat, we show how Facebook’s privacy model can be adapted to enforce multi-party privacy. We present a proof of concept application built into Facebook that automatically ensures mutually acceptable privacy restrictions are enforced on group content.


Social Network Privacy Policy Online Social Network Auxiliary Information Privacy Requirement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    MySpace: Statistics (2009),
  3. 3.
    Miller, C.: Twitter makes itself more useful (April 2010),
  4. 4.
  5. 5.
    Facebook: Privacy Policy (2008),
  6. 6.
    George, A.: Living online: The end of privacy? New Scientist (September 2006)Google Scholar
  7. 7.
    Sarno, D.: Facebook founder Mark Zuckerberg responds to privacy concerns. Los Angeles Times (2009)Google Scholar
  8. 8.
    CareerBuilder: Forty-five Percent of Employers Use Social Networking Sites to Research Job Candidates, CareerBuilder Survey Finds (2009)Google Scholar
  9. 9.
    Maternowski, K.: Campus police use Facebook. The Badger Herald (January 2006)Google Scholar
  10. 10.
    Greenberg, A.: Mining MySpace. Forbes (2007)Google Scholar
  11. 11.
    Shachtman, N.: Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets. Wired (2009)Google Scholar
  12. 12.
    Richmond, R.: Phishers Now Hitting Twitter. The New York Times (2008)Google Scholar
  13. 13.
    McMillan, R.: Facebook Worm Refuses to Die. PC World (2008)Google Scholar
  14. 14.
    Room, F.P.: Facebook Announces Privacy Improvements in Response to Recommendations by Canadian Privacy Commissioner (2009)Google Scholar
  15. 15.
    Bradley, T.: Bing Lands Deals with Twitter and Facebook. PC World (2009)Google Scholar
  16. 16.
    Wright, A.: Mining the Web for Feelings, Not Facts. The New York Times (2009)Google Scholar
  17. 17.
    Zheleva, E., Getoor, L.: To join or not to join: The illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th international conference on World wide web (2009)Google Scholar
  18. 18.
    He, J., Chu, W., Liu, Z.: Inferring privacy information from social networks. In: Intelligence and Security Informatics (2006)Google Scholar
  19. 19.
    Becker, J., Chen, H.: Measuring Privacy Risk in Online Social Networks. Web 2.0 Security and Privacy (2009)Google Scholar
  20. 20.
    Mislove, A., Viswanath, B., Gummadi, K.P., Druschel, P.: You are who you know: Inferring user profiles in online social networks. In: Proceedings of the 3rd ACM International Conference of Web Search and Data Mining (2010)Google Scholar
  21. 21.
    Jones, E., Gerard, H.: Foundations of social psychology. John Wiley & Sons Inc., Chichester (1967)Google Scholar
  22. 22.
    Gilbert, E., Karahalios, K.: Predicting tie strength with social media. In: Proceedings of the 27th international conference on Human factors in computing systems (2009)Google Scholar
  23. 23.
    Bohning, D.: Multinomial logistic regression algorithm. Annals of the Institute of Statistical Mathematics 44(1), 197–200 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Jones, K., et al.: A statistical interpretation of term specificity and its application in retrieval. Journal of documentation 60, 493–502 (2004)CrossRefGoogle Scholar
  25. 25.
    Lucas, M., Borisov, N.: flybynight: Mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM workshop on Privacy in the electronic society, pp. 1–8. ACM, New York (2008)Google Scholar
  26. 26.
    Guha, S., Tang, K., Francis, P.: NOYB: Privacy in online social networks. In: Proceedings of the first workshop on Online social networks, pp. 49–54. ACM, New York (2008)CrossRefGoogle Scholar
  27. 27.
    Luo, W., Xie, Q., Hengartner, U.: FaceCloak: An architecture for user privacy on social networking sites. In: Proceedings of the 2009 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2009 (August 2009)Google Scholar
  28. 28.
    Felt, A., Evans, D.: Privacy protection for social networking APIs. In: 2008 Web 2.0 Security and Privacy, W2SP 2008 (2008)Google Scholar
  29. 29.
    Singh, K., Bhola, S., Lee, W.: xBook: Redesigning privacy control in social networking platforms. In: Proceedings of the 18th USENIX Security Symposium (2009)Google Scholar
  30. 30.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy (2008)Google Scholar
  31. 31.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: Proceedings of the IEEE Symposium on Security & Privacy (2009)Google Scholar
  32. 32.
    Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: Anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on World Wide Web (2007)Google Scholar
  33. 33.
    Bonneau, J., Anderson, J., Anderson, R., Stajano, F.: Eight friends are enough: Social graph approximation via public listings. In: Proceedings of the Second ACM EuroSys Workshop on Social Network Systems. ACM, New York (2009)Google Scholar
  34. 34.
    Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: Proceedings of WPES 2005, pp. 71–80 (2005)Google Scholar
  35. 35.
    Acquisti, A., Gross, R.: Imagined communities: Awareness, information sharing, and privacy on the Facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Kurt Thomas
    • 1
  • Chris Grier
    • 2
  • David M. Nicol
    • 1
  1. 1.University of Illinois at Urbana-ChampaignUSA
  2. 2.University of CaliforniaBerkeley

Personalised recommendations