Recently, there has been much excitement in the research community over using social networks to mitigate multiple identity, or Sybil, attacks. A number of schemes have been proposed, but they differ greatly in the algorithms they use and in the networks upon which they are evaluated. As a result, the research community lacks a clear understanding of how these schemes compare against each other, how well they would work on real-world social networks with different structural properties, or whether there exist other (potentially better) ways of Sybil defense. In this paper, we show that, despite their considerable differences, existing Sybil defense schemes work by detecting local communities (i.e., clusters of nodes more tightly knit than the rest of the graph) around a trusted node. Our finding has important implications for both existing and future designs of Sybil defense schemes. First, we show that there is an opportunity to leverage the substantial amount of prior work on general community detection algorithms in order to defend against Sybils. Second, our analysis reveals the fundamental limits of current social network-based Sybil defenses: We demonstrate that networks with well-defined community structure are inherently more vulnerable to Sybil attacks, and that, in such networks, Sybils can carefully target their links in order make their attacks more effective.

The sharing of personal data has emerged as a popular activity over online social networking sites like Facebook. As a result, the issue of online social network privacy has received significant attention in both the research literature and the mainstream media. Our overarching goal is to improve defaults and provide better tools for managing privacy, but we are limited by the fact that the full extent of the privacy problem remains unknown; there is little quantification of the incidence of incorrect privacy settings or the difficulty users face when managing their privacy. In this paper, we focus on measuring the disparity between the desired and actual privacy settings, quantifying the magnitude of the problem of managing privacy. We deploy a survey, implemented as a Facebook application, to 200 Facebook users recruited via Amazon Mechanical Turk. We find that 36 % of content remains shared with the default privacy settings. We also find that, overall, privacy settings match users ’ expectations only 37 % of the time, and when incorrect, almost always expose content to more users than expected. Finally, we explore how our results have potential to assist users in selecting appropriate privacy settings by examining the user-created friend lists. We find that these have significant correlation with the social network, suggesting that information from the social network may be helpful in implementing new tools for managing privacy.

Thwarting large-scale crawls of online social networks (OSNs) like Facebook and Renren is in the interest of both the users and the operators of these sites. OSN users wish to maintain control over their personal information, and OSN operators wish to protect their business assets and reputation. Traditional defenses against crawlers involve rate-limiting the browsing activity of individual users. However, these schemes are ineffective against crawlers with many accounts, be they fake accounts (Sybils) created by a crawler or compromised accounts of real users obtained on the black market. We propose Genie, a system that can be deployed by OSN operators to defend against crawlers. Genie’s design is based on the observation that the browsing patterns of normal users and crawlers are very different: most normal users limit their profile views to a small number of other users that are in their close network neighborhood, while even a crawler with many accounts needs to view profiles of users that are relatively more distant from the closest user account he controls. Genie exploits this fact by limiting the rate of profile views based on the connectivity and distance between a profile viewer and viewee in the social network. An experimental evaluation using real-world data gathered from a popular OSN shows that Genie frustrates large-scale crawling. Most browsing by ordinary users is not affected; the few users who are affected can recover easily by adding a few friend links. 1

In recent years, social networking sites (SNSs) gained high popularity among Internet users as they combine the best of both worlds: befriending people outside real life situations and staying in touch with people already known. An important aspect of any SNS is user profiles, which allow users to virtually publish anything about themselves, including highly personal or sensitive information. With the inception of SNSs, the problem of personal information disclosure and privacy implications has turned into a serious issue. While privacy issues in SNSs have been extensively analyzed in the past five years showcasing flagships of “western ” SNSs like Facebook and MySpace, SNSs that target mainly Russian speaking audiences are not yet analyzed and demand investigation. The goals of this paper are twofold: (1) to raise the awareness of the public to the problems of information revelation by studying the amount and type of information disclosed by users of Runet (Russian Segment of the Internet) SNSs (2) to compare our findings to the results of previous studies in the context of “western ” SNSs. We investigate different aspects of information revelation of more than 30 million user profiles collected from five Runet SNSs considered in this paper. In addition, we conducted a survey among a Russian speaking population to assess both the level of awareness of the privacy issues and the level of trust, and compared the results to previous studies. While the results indicate that Runet users tend to disclose less information and are more concerned about privacy implications, there is still a substantial gap between western and Runet SNS providers in understanding of privacy implications and implementation of security measures, which leads to exposure of extensive amounts of personal information.

Online social networks like Facebook allow users to connect, communicate, and share content. The popularity of these services has lead to an information overload for their users; the task of simply keeping track of different interactions has become daunting. Toreduce this burden, sites like Facebook allows the user to group friends into specific lists, known as friendlists, aggregating the interactions and content from all friends in each friendlist. While this approach greatly reduces the burden on the user, it still forces the user to create and populate the friendlists themselves and, worse, makes the user responsible for maintaining the membership of their friendlists over time. We show that friendlists often have a strong correspondence to the structure of the social network, implying that friendlists may be automatically inferred by leveraging the social network structure. We present a demonstration of Friendlist Manager, a Facebook application that proposes friendlists to the user based on the structure of their local social network, allows the user to tweak the proposed friendlists, and then automatically creates the friendlists for the user. 1.

Abstract—Online Social Networks have gained increased popularity in recent years. However, besides their many advantages, they also represent privacy risks for the users. In order to control access to their private information, users of OSNs are typically allowed to set the visibility of their profile attributes, but this may not be sufficient, because visible attributes, friendship relationships, and group memberships can be used to infer private information. In this paper, we propose a fully automated approach based on machine learning for inferring undisclosed attributes of OSN users. Our method can be used for both classification and regression tasks, and it makes large scale privacy attacks feasible. We also provide experimental results showing that our method achieves good performance in practice. I.

As the popularity of social networks expands, the information users expose to the public has potentially dangerous implications for individual privacy. While social networks allow users to restrict access to their personal data, there is currently no mechanism to enforce privacy concerns over content uploaded by other users. As group photos and stories are shared by friends and family, personal privacy goes beyond the discretion of what a user uploads about himself and becomes an issue of what every network participant reveals. In this paper, we examine how the lack of joint privacy controls over content can inadvertently reveal sensitive information about a user including preferences, relationships, conversations, and photos. Specifically, we analyze Facebook to identify scenarios where conflicting privacy settings between friends will reveal information that at least one user intended to keep private. By aggregating the information exposed in this manner, we demonstrate how a user’s private attributes can be inferred from simply being listed as a friend or mentioned in a story. To mitigate this threat, we show how Facebook’s privacy model can be adapted to enforce multi-party privacy. We present a proof of concept application built into Facebook that automatically ensures mutually acceptable privacy restrictions are enforced on group content.

Our personal social networks are big and cluttered, and currently there is no good way to organize them. Social networking sites allow users to manually categorize their friends into social circles (e.g. ‘circles ’ on Google+, and ‘lists ’ on Facebook and Twitter), however they are laborious to construct and must be updated whenever a user’s network grows. We define a novel machine learning task of identifying users ’ social circles. We pose the problem as a node clustering problem on a user’s ego-network, a network of connections between her friends. We develop a model for detecting circles that combines network structure as well as user profile information. For each circle we learn its members and the circle-specific user profile similarity metric. Modeling node membership to multiple circles allows us to detect overlapping as well as hierarchically nested circles. Experiments show that our model accurately identifies circles on a diverse set of data from Facebook, Google+, and Twitter for all of which we obtain hand-labeled ground-truth. 1

Abstract—Today, the data exchanged over online social networks (OSNs) represents a significant fraction of Internet traffic. However, OSN content is different from more traditional web content, as it is more likely to be generated at the edge of the network, to be exchanged within a local geographic region, and to possess a more even popularity distribution with fewer popular objects. Unfortunately, most OSNs still use largely centralized approaches to distribute content (e.g., CDNs and web caches), resulting in lower performance due to the different workload. In this paper, we take a first step towards addressing this situation by proposing WebCloud, a content distribution system for OSNs that works by repurposing client web browsers to help serve content to others. When a user browses content, WebCloud tries to serve the request from one of that user’s friends ’ browsers, instead of from the OSN directly. Unlike other systems, WebCloud works with existing browsers and does not require any plug-ins, and therefore can be directly applied to today’s OSNs. We demonstrate the practicality of WebCloud with microbenchmarks, simulations of a Facebook deployment, a real-world deployment, and evaluations of a proof-of-concept iOS app. I.

Thwarting large-scale crawls of user profiles in online social networks (OSNs) like Facebook and Renren is in the interest of both the users and the operators of these sites. OSN users wish to maintain control over their personal information, and OSN operators wish to protect their business assets and reputation. Existing rate-limiting techniques are ineffective against crawlers with many accounts, be they fake accounts (also known as Sybils) or compromised accounts of real users obtained on the black market. We propose Genie, a system that can be deployed by OSN operators to defend against crawlers in large-scale OSNs. Genie exploits the fact that the browsing patterns of honest users and crawlers are very different: even a crawler with access to many accounts needs to make many more profile views per account than an honest user, and view profiles of users that are more distant in the social network. Experiments using real-world data gathered from a popular OSN show that Genie frustrates large-scale crawling while rarely impacting honest users; the few honest users who are affected can recover easily by adding a few friend links.