Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk

Ratan Dey, Yuan Ding, Keith W. Ross

    Research output: Chapter in Book/Report/Conference proceedingConference contribution


    Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions. Copyright is held by the owner/author(s).

    Original languageEnglish (US)
    Title of host publicationIMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference
    Number of pages12
    StatePublished - 2013
    Event13th ACM Internet Measurement Conference, IMC 2013 - Barcelona, Spain
    Duration: Oct 23 2013Oct 25 2013

    Publication series

    NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC


    Other13th ACM Internet Measurement Conference, IMC 2013


    • COPPA
    • Facebook
    • High school
    • Minor
    • Policy
    • Privacy

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications


    Dive into the research topics of 'Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk'. Together they form a unique fingerprint.

    Cite this