TY - GEN
T1 - I know what you're buying
T2 - 14th International Symposium on Privacy Enhancing Technologies, PETS 2014
AU - Minkus, Tehila
AU - Ross, Keith W.
PY - 2014
Y1 - 2014
N2 - eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.
AB - eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.
UR - http://www.scopus.com/inward/record.url?scp=84904012962&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84904012962&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-08506-7_9
DO - 10.1007/978-3-319-08506-7_9
M3 - Conference contribution
AN - SCOPUS:84904012962
SN - 9783319085050
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 164
EP - 183
BT - Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings
PB - Springer Verlag
Y2 - 16 July 2014 through 18 July 2014
ER -