TY - GEN
T1 - The city privacy attack
T2 - 3rd ACM Conference on Online Social Networks, COSN 2015
AU - Minkus, Tehila
AU - Ding, Yuan
AU - Dey, Ratan
AU - Ross, Keith W.
PY - 2015/11/2
Y1 - 2015/11/2
N2 - Data brokers have traditionally collected data from businesses, government records, and other publicly available offline sources. While each data source may provide only a few elements about a person's activities, data brokers combine these elements to form a detailed, composite view of the consumer's life. The emergence of social media gives data brokers unprecedented opportunities to enhance their profiles. Data brokers are increasingly interested in combining the information collected from offline sources with information publicly available in social networks to profile not only adults but also children. In this paper, we show how data brokers and other third parties can combine online and offline data sources - namely, public Facebook profiles and voter registration records - to create detailed profiles of adults, teens, and children in any target city in the US. We outline and execute an approach that leverages a Facebook user's social ties combined with the city's voter registration records to infer the Facebook users who reside in the city. These inferences enable a data broker to create detailed user profiles, which not only include information publicly available from Facebook but also the user's exact residential address, date and year of birth, and political affiliation. We further show how additional inferences can be made from the combined data. We then discuss how this city attack can be extended to create detailed profiles of minors and children. Finally, we make recommendations to Facebook, municipal authorities, and individuals to decrease the risk of this large-scale privacy breach.
AB - Data brokers have traditionally collected data from businesses, government records, and other publicly available offline sources. While each data source may provide only a few elements about a person's activities, data brokers combine these elements to form a detailed, composite view of the consumer's life. The emergence of social media gives data brokers unprecedented opportunities to enhance their profiles. Data brokers are increasingly interested in combining the information collected from offline sources with information publicly available in social networks to profile not only adults but also children. In this paper, we show how data brokers and other third parties can combine online and offline data sources - namely, public Facebook profiles and voter registration records - to create detailed profiles of adults, teens, and children in any target city in the US. We outline and execute an approach that leverages a Facebook user's social ties combined with the city's voter registration records to infer the Facebook users who reside in the city. These inferences enable a data broker to create detailed user profiles, which not only include information publicly available from Facebook but also the user's exact residential address, date and year of birth, and political affiliation. We further show how additional inferences can be made from the combined data. We then discuss how this city attack can be extended to create detailed profiles of minors and children. Finally, we make recommendations to Facebook, municipal authorities, and individuals to decrease the risk of this large-scale privacy breach.
UR - http://www.scopus.com/inward/record.url?scp=84964061264&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964061264&partnerID=8YFLogxK
U2 - 10.1145/2817946.2817957
DO - 10.1145/2817946.2817957
M3 - Conference contribution
AN - SCOPUS:84964061264
T3 - COSN 2015 - Proceedings of the 2015 ACM Conference on Online Social Networks
SP - 71
EP - 81
BT - COSN 2015 - Proceedings of the 2015 ACM Conference on Online Social Networks
PB - Association for Computing Machinery, Inc
Y2 - 2 November 2015 through 3 November 2015
ER -