How to Share Your Favourite Search Results while Preserving Privacy and Quality

  • George Danezis
  • Tuomas Aura
  • Shuo Chen
  • Emre Kıcıman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6205)


Personalised social search is a promising avenue to increase the relevance of search engine results by making use of recommendations made by friends in a social network. More generally a whole class of systems take user preferences, aggregate and process them, before providing a view of the result to others in a social network. Yet, those systems present privacy risks, and could be used by spammers to propagate their malicious preferences. We present a general framework to preserve privacy while maximizing the benefit of sharing information in a social network, as well as a concrete proposal making use of cohesive social group concepts from social network analysis. We show that privacy can be guaranteed in a k-anonymity manner, and disruption through spam is kept to a minimum in a real world social network.


Social Network Target Group Social Network Analysis Social Graph Sybil Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Acquisti, A., Gross, R.: Imagined communities: Awareness, information sharing, and privacy on the facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Byun, J.-W., Kamra, A., Bertino, E., Li, N.: Efficient k-anonymization using clustering techniques. In: Kotagiri, R., Radha Krishna, P., Mohania, M. K., Nantajeewarawat, E. (eds.) DASFAA 2007. LNCS, vol. 4443, pp. 188–200. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Castro, M., Druschel, P., Ganesh, A.J., Rowstron, A.I.T., Wallach, D.S.: Secure routing for structured peer-to-peer overlay networks. In: OSDI (2002)Google Scholar
  4. 4.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: -Anonymity. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Advances in Information Security, vol. 33, pp. 323–353. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Danezis, G.: Inferring privacy policies for social networking services. In: Balfanz, D., Staddon, J. (eds.) AISec, pp. 5–10. ACM, New York (2009)CrossRefGoogle Scholar
  6. 6.
    Danezis, G., Lesniewski-Laas, C., Frans Kaashoek, M., Anderson, R.J.: Sybil-resistant dht routing. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 305–318. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Danezis, G., Mittal, P.: Sybilinfer: Detecting sybil nodes using social networks. In: NDSS. The Internet Society (2009)Google Scholar
  8. 8.
    Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: Fridrich, J. J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Danezis, G., Troncoso, C.: Vida: How to use bayesian inference to de-anonymize persistent communications. In: Goldberg, I., Atallah, M.J. (eds.) Privacy Enhancing Technologies. LNCS, vol. 5672, pp. 56–72. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Davis, W.: Facebook hit with privacy complaint. The Online Media Post, June 2 (2008)Google Scholar
  11. 11.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, Syverson (eds.) [12], pp. 54–68Google Scholar
  12. 12.
    Dingledine, R., Syverson, P.F. (eds.): PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)zbMATHGoogle Scholar
  13. 13.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Frans Kaashoek, M., Rowstron, A.I.T. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Dwork, C.: Differential privacy: A survey of results. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Evans, B.M., Chi, E.H.: Towards a model of understanding social search. In: CSCW 2008: Proceedings of the 2008 ACM conference on Computer supported cooperative work, pp. 485–494. ACM, New York (2008)CrossRefGoogle Scholar
  16. 16.
    Horling, B., Kulick, M.: Personalized search for everyone. The Official Google Blog, December 4 (2009)Google Scholar
  17. 17.
    Kesdogan, D., Agrawal, D., Pham, D.V., Rautenbach, D.: Fundamental limits on the anonymity provided by the mix technique. In: IEEE Symposium on Security and Privacy, pp. 86–99. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  18. 18.
    Kiciman, E., Wang, C.-K., Chen, S., Mertsalov, K.: U rank (2008) Project web-page,
  19. 19.
    Levien, R.: Attack resistant trust metrics (2003) Draft Available at,
  20. 20.
    Mislove, A., Gummadi, K.P., Druschel, P.: Exploiting social networks for internet search. In: Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets), Irvine, CA, November 2006, ACM, New York (2006)Google Scholar
  21. 21.
    Olson, J.S., Grudin, J., Horvitz, E.: A study of preferences for sharing and privacy. In: van der Veer, G.C., Gale, C. (eds.) CHI Extended Abstracts, pp. 1985–1988. ACM, New York (2005)Google Scholar
  22. 22.
    Pacioli, L.: Summa de arithmetica, geometrica, proportioni et proportionalita. Manuscript circulated in Venice (1494)Google Scholar
  23. 23.
    Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (abstract). In: PODS, p. 188. ACM Press, New York (1998)Google Scholar
  24. 24.
    Scott, J.: Social network analysis. Sociology 22(1), 109 (1988)CrossRefGoogle Scholar
  25. 25.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, Syverson (eds.) [12], pp. 41–53Google Scholar
  26. 26.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Sherman, C.: Yahoo bolsters personal search. Search Engine Watch Blog, April 26 (2005)Google Scholar
  28. 28.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptology 15(2), 75–96 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Sullivan, D.: Eurekster launches personalized social search. Search Engine Watch Blog, January 21 (2004)Google Scholar
  30. 30.
    Sullivan, D.: Google relaunches personal search - this time, it really is personal. Search Engine Watch Blog, June 28 (2005)Google Scholar
  31. 31.
    Wasserman, S., Faust, K.: Social network analysis: Methods and applications. Cambridge Univ. Pr., Cambridge (1994)CrossRefzbMATHGoogle Scholar
  32. 32.
    Yu, H., Gibbons, P.B., Kaminsky, M., Xiao, F.: Sybillimit: A near-optimal social network defense against sybil attacks. In: IEEE Symposium on Security and Privacy, pp. 3–17. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  33. 33.
    Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: Sybilguard: defending against sybil attacks via social networks. In: Rizzo, L., Anderson, T.E., McKeown, N. (eds.) SIGCOMM, pp. 267–278. ACM, New York (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • George Danezis
    • 1
  • Tuomas Aura
    • 2
  • Shuo Chen
    • 1
  • Emre Kıcıman
    • 1
  1. 1.Microsoft ResearchOne Microsoft WayRedmondU.S.
  2. 2.Helsinki University of TechnologyTKKFinland

Personalised recommendations