[Air-L] Paper: Way to De-Anonymize Social Network Users

Richard Forno rforno at infowarrior.org
Mon Mar 8 05:36:20 PST 2010

I thought this might be interesting reading for those AIR'ers involved  
in SNS research.  -rick

A Practical Attack to De-Anonymize Social Network Users
Gilbert Wondracek Thorsten Holz    Technical University Vienna, Austria
Engin Kirda Institute Eurecom, Christopher Kruegel  University of  
California, Santa Barbara

Paper @ http://www.iseclab.org/papers/sonda-TR.pdf

Abstract. Social networking sites such as Facebook, LinkedIn, and Xing
have been reporting exponential growth rates. These sites have
millions of registered users, and they are interesting from a security
and privacy point of view because they store large amounts of
sensitive personal user data.

In this paper, we introduce a novel de-anonymization attack that
exploits group membership information that is available on social
networking sites. More precisely, we show that information about the
group memberships of a user (i.e., the groups of a social network to
which a user belongs) is often sufficient to uniquely identify this
user, or, at least, to significantly reduce the set of possible
candidates. To determine the group membership of a user, we leverage
well-known web browser history stealing attacks. Thus, whenever a
social network user visits a malicious website, this website can
launch our de-anonymization attack and learn the identity of its

The implications of our attack are manifold, since it requires a low
effort and has the potential to affect millions of social networking
users. We perform both a theoretical analysis and empirical
measurements to demonstrate the feasibility of our attack against
Xing, a medium-sized social network with more than eight million
members that is mainly used for business relationships. Our analysis
suggests that about 42% of the users that use groups can be uniquely
identified, while for 90%, we can reduce the candidate set to less
than 2,912 persons. Furthermore, we explored other, larger social
networks and performed experiments that suggest that users of Facebook
and LinkedIn are equally vulnerable (although attacks would require
more resources on the side of the attacker). An analysis of an
additional five social networks indicates that they are also prone to
our attack.

Paper @ http://www.iseclab.org/papers/sonda-TR.pdf

More information about the Air-L mailing list