The document discusses six new privacy threats for Facebook and Twitter users. It begins by outlining how an attacker can map users' email addresses to their real names using Facebook's account recovery service. It then explains how an attacker can reconstruct a victim's friend list on Facebook even if their privacy settings hide it. Additional privacy issues introduced by Facebook Timeline are presented. The document also discusses how social plugins can breach user privacy and introduces "social network relay attacks". Solutions are proposed for each privacy issue.
Facebook technical analysis by the Data Protection Commissioner IrelandKrishna De
Find the press release about the audit here:
http://dataprotection.ie/viewdoc.asp?DocID=1175&m=f
Find the full audit report here:
http://www.slideshare.net/krishnade/facebook-ireland-audit-report-by-the-data-protection-commissioner-ireland
The Office of the Data Protection Commissioner, Ireland on 21 December 2011 published the outcome of its audit of Facebook Ireland(FB-I) which was conducted over the last three months including on-site in Facebook Ireland’s Headquarters in Dublin. The Report is a comprehensive assessment of FacebookIreland’s compliance with Irish Data Protection law and by extension EU law in this area.
Facebook technical analysis by the Data Protection Commissioner IrelandKrishna De
Find the press release about the audit here:
http://dataprotection.ie/viewdoc.asp?DocID=1175&m=f
Find the full audit report here:
http://www.slideshare.net/krishnade/facebook-ireland-audit-report-by-the-data-protection-commissioner-ireland
The Office of the Data Protection Commissioner, Ireland on 21 December 2011 published the outcome of its audit of Facebook Ireland(FB-I) which was conducted over the last three months including on-site in Facebook Ireland’s Headquarters in Dublin. The Report is a comprehensive assessment of FacebookIreland’s compliance with Irish Data Protection law and by extension EU law in this area.
Measuring information credibility in social media using combination of user p...IJECEIAES
Information credibility in social media is becoming the most important part of information sharing in the society. The literatures have shown that there is no labeling information credibility based on user competencies and their posted topics. This paper increases the information credibility by adding new 17 features for Twitter and 49 features for Facebook. In the first step, we perform a labeling process based on user competencies and their posted topic to classify the users into two groups, credible and not credible users, regarding their posted topics. These approaches are evaluated over ten thousand samples of real-field data obtained from Twitter and Facebook networks using classification of Naive Bayes (NB), Support Vector Machine (SVM), Logistic Regression (Logit) and J48 Algorithm (J48). With the proposed new features, the credibility of information provided in social media is increasing significantly indicated by better accuracy compared to the existing technique for all classifiers.
ed a Facebook account password, an email account or a website database hacked? Then you are on the right place.Hackany1.com Hire a hacker is an established group of 24 professional hackers who have been working on the industry for over three years. Contact us for all your needs in email hacking, Ddos attack, hire a hacker to change grades,mobile phone hacking, computer system hacking, website hacking, Ddos website server, email account hacking and Facebook account hacking among others. Our chances of succeeding in hacking in all the above areas are relatively high compared to other hackers due to the use of our 0Day and non-patched exploits.
It is extremely simple to use a Facebook Hack tool. A tool is consumer friendly and available choices are kept to least, since such tool is built for use by persons who were not actual hackers or still computer experts, but usual people who want some aid with in what way to hack Facebook profile.
First of three presentations on journalists and the Social Web. Presented at seminar on this topic in Oslo in October 2008. Journalists and the semantic web. This is part one of my keynote presentation to the 'Journalists and Social Web' seminar held in Oslo on Oct 25th, 2008. This seminar was organised by journalisten.no, www.journalism.co.uk and Norwegian journalist Kristine Low.
More details: (blog: http://sandyclassic.wordpress.com ,
linkedin: https://www.linkedin.com/in/sandepsharma )
Social Media Analysis using Analytic tools for facebook data of Charted Financial Analyst preparation group.
And Limerick GIS planning
Measuring information credibility in social media using combination of user p...IJECEIAES
Information credibility in social media is becoming the most important part of information sharing in the society. The literatures have shown that there is no labeling information credibility based on user competencies and their posted topics. This paper increases the information credibility by adding new 17 features for Twitter and 49 features for Facebook. In the first step, we perform a labeling process based on user competencies and their posted topic to classify the users into two groups, credible and not credible users, regarding their posted topics. These approaches are evaluated over ten thousand samples of real-field data obtained from Twitter and Facebook networks using classification of Naive Bayes (NB), Support Vector Machine (SVM), Logistic Regression (Logit) and J48 Algorithm (J48). With the proposed new features, the credibility of information provided in social media is increasing significantly indicated by better accuracy compared to the existing technique for all classifiers.
ed a Facebook account password, an email account or a website database hacked? Then you are on the right place.Hackany1.com Hire a hacker is an established group of 24 professional hackers who have been working on the industry for over three years. Contact us for all your needs in email hacking, Ddos attack, hire a hacker to change grades,mobile phone hacking, computer system hacking, website hacking, Ddos website server, email account hacking and Facebook account hacking among others. Our chances of succeeding in hacking in all the above areas are relatively high compared to other hackers due to the use of our 0Day and non-patched exploits.
It is extremely simple to use a Facebook Hack tool. A tool is consumer friendly and available choices are kept to least, since such tool is built for use by persons who were not actual hackers or still computer experts, but usual people who want some aid with in what way to hack Facebook profile.
First of three presentations on journalists and the Social Web. Presented at seminar on this topic in Oslo in October 2008. Journalists and the semantic web. This is part one of my keynote presentation to the 'Journalists and Social Web' seminar held in Oslo on Oct 25th, 2008. This seminar was organised by journalisten.no, www.journalism.co.uk and Norwegian journalist Kristine Low.
More details: (blog: http://sandyclassic.wordpress.com ,
linkedin: https://www.linkedin.com/in/sandepsharma )
Social Media Analysis using Analytic tools for facebook data of Charted Financial Analyst preparation group.
And Limerick GIS planning
6 сентября в рамках Мастерской города на Соборной площади состоялось выступление Василия Гошовского - фотографа и сотрудника Ивано-Франковской платформы “Тепле місто”.
Identification of inference attacks on private Information from Social Networkseditorjournal
Online social networks, like
Facebook, twitter are increasingly utilized by
many people. These networks permit users to
publish details about them and to connect to
their friends. Some of the details revealed
inside these networks are meant to be
keeping private. Yet it is possible to use
learning algorithms and methods on released
data have to predict private information,
which cause inference attacks. This paper
discovers how to launch inference attacks
using released social networking details to
predict private information’s. It then
separate three possible sanitization
algorithms that could be used in various
situations. Then, it investigates the
effectiveness of these techniques and tries to
use methods of collective inference
techniques to determine sensitive attributes
of the user data set. It shows that it can
decline the effectiveness of both the local and
relational classification algorithms by using
the sanitization methods we described.
Classification of instagram fake users using supervised machine learning algo...IJECEIAES
On Instagram, the number of followers is a common success indicator. Hence, followers selling services become a huge part of the market. Influencers become bombarded with fake followers and this causes a business owner to pay more than they should for a brand endorsement. Identifying fake followers becomes important to determine the authenticity of an influencer. This research aims to identify fake users' behavior and proposes supervised machine learning models to classify authentic and fake users. The dataset contains fake users bought from various sources, and authentic users. There are 17 features used, based on these sources: 6 metadata, 3 media info, 2 engagement, 2 media tags, 4 media similarity Five machine learning algorithms will be tested. Three different approaches of classification are proposed, i.e. classification to 2-classes and 4-classes, and classification with metadata. Random forest algorithm produces the highest accuracy for the 2-classes (authentic, fake) and 4-classes (authentic, active fake user, inactive fake user, spammer) classification, with accuracy up to 91.76%. The result also shows that the five metadata variables, i.e. number of posts, followers, biography length, following, and link availability are the biggest predictors for the users class. Additionally, descriptive statistics results reveal noticeable differences between fake and authentic users.
Social Networking Sites have become the means of the communication and have
experienced growth in the recent years. As these sites offer services for free of costs are
attracting the people all around the world. Some technologies are emerging in the field of
Internet but still the users are facing the security leakages by unauthorized users. Many of
the Social Sites are managed by the Third Party Domains which keep track of all the user
information along with the access details. Most Online Social Networking (OSN) Sites
provide an “accept all or nothing” mechanism for managing permission from Third Party
Access (TPA) to access user’s private data [3]. The Social Media sites do not provide any
mechanism for privacy on the shared data among the multiple users. Many users share their
personal information without knowing about the cyber thefts and risks associated with it.
From the survey it has been found that the teenagers are least concerned about the
navigating privacy. Privacy associated with the Social media is the very crucial thing.
Different methods are discussed regarding sharing of the personal information and leakage
of this information through different mediums. Different models are also proposed in this
paper regarding the privacy control of third party access of the personal information. An
approach is proposed which allows users to share their access control configuration for TPA
s with their friends who can reuse and rate such configurations [3]
TwitterMark S. LaskyAmerican Public Univer.docxmarilucorr
Twitter
Mark S. Lasky
American Public University System
TWITTER
Introduction
Twitter is a community network that is based online that enables the users to send and read tweets. Tweets are messages that contain 140 characters. One has to register with the platform for them to be able to tweet that is to send and read messages. A person who has not enrolled in the platform can only read the tweets. The registered members can access the platform through their mobile phones application and on website’s interface. The platform was created in the year 2005 and launched in the year 2006. The platform has gained worldwide popularity and now has up to 100 million people who use the platform on a daily basis. The tweets that are written in a day add up to almost 340 million tweets per day. The platform is among the top ten most visited websites in the world. The platform has 500 million users of which 332 million of them are active. The platform allows the users to update their friends the celebrities use the platform to interact with their fans, politicians, and political groups use it to mobilize the masses for or against an issue and businesses use the platform to communicate with their customers (Martin, 2014).
Characteristics of the Users of the System
The users of Twitter have varying characteristics. The users are of both genders. Twenty-four percent of the users were male while twenty-one percent of the users were female. Thirty-seven percent of the users are in the age bracket of eighteen to twenty- nine years. Most of the users of Twitter are below age thirty. Most Twitter users have either some college degree or have been to college. A large number of users make between $50-75,000/year. This is a large increase from 2013 (Duggan, 2015). All of the users register on Twitter to achieve various purposes.
Features and Usage of the System
Immediately one gets into the Twitter application on the mobile phone or the website’s interface; they have to sign in or log in. If one has not registered they click on the sign- up feature where they fill in their details such as the full name and phone number or email address. They then set a password that they will use when accessing the platform. If one has already registered, they log in with their details. This allows the user to write and read tweets. One can also read twitter feeds when not logged into the platform but, they would not be able to write any tweets.
There is a tweet feature. The feature allows an individual to type their tweet. It allows the user to let his or her followers know what is they are doing or their opinion on a subject. The feature has a countdown which has a limit of 140 characters. In writing, a tweet one can use a hashtag. The hashtag to make it easy to find information. If the tweet is on a trending topic, the user uses the hashtag to make it easier for other users to get into a wide Twitter conversation. The tweet once posted can be viewed by the individuals ...
The paper needs to be a rhetorical analysis of another writer’s .docxcarlz4
The paper needs to be
a rhetorical analysis of another writer’s argument.......on Fleming’s “Youthful Indiscretions”
English 101-209
Professor McGraw
Essay #1 Rhetorical Analysis
Assignment: Write a paper formatted in MLA style of four to five pages in length (use Times New Roman 12) that addresses the topic below. You must include a Works Cited page.
Following the examples and instructions in Chapter Eight of
Writing Arguments
, write a rhetorical analysis of another writer’s argument. You may (in fact, you are encouraged to) develop your essay beyond the outline given in chapter eight. Part of your critique may include a discussion of potential arguments and counter-arguments that the author could have made and an analysis of the ways that including those counter-arguments (and the rebuttals) might have strengthened the author’s argument.
You may respond to any of the following essays:
Fleming’s “Youthful Indiscretions”
What is a Rhetorical Argument?
A
Rhetorical Argument
is basically a persuasive argument that uses one or a combination of its three distinct "appeals":
Ethos
,
Pathos
, and
Logos
. An argument that makes use of
Ethos
appeals to the character of the speaker. An argument that makes use of
Pathos
appeals to emotion. Lastly, an argument that makes use of
Logos
appeals to reason. In general, a
Rhetorical Argument
may make use of one or a combination of any of the appeals. Here are several examples of the three distinct appeals commonly used in
Rhetorical Arguments
.
ETHOS
To use
Ethos
is to appeal to the character of the speaker. That is, a claim may be argued and may be supported through a reference to the reputation, character or authority of the speaker. For example,
I will never steal from the cash register because I have been employee of the month for three consecutive months now. As far as our colleagues know, I am a kind and religious person who has been very helpful to my fellow employees in this restaurant. It does not make sense to accuse me of stealing the money.
PATHOS
To use
Pathos
is to appeal to the emotions of the reader or the audience. The primary goal is to persuade the reader or the audience through the use of key words or language that appeal to the feelings of a person. For example,
John will never steal from the cash register. If he did, he will be fired from work and will be sent to jail. Who will now finance the needs of his family? His wife does not have a job. He has three little kids who need the guidance of a loving father. Without John by their side, they will grow fatherless and, God knows, they may turn into homeless kids. John should not be suspected of committing the crime.
LOGOS
To use
Logos
is to use reason to persuade or to make an argument. Typically, it makes use of deductive or inductive arguments to prove a point. For example,
(Logos using a deductive argument)
Chris was alone in the office at 8 o'clock in the e.
Have you even been a victim of hacking? Hacking hurts, especially when your Fan page itself is hacked. A 7 Tips how to protect your Facebook page with your account.
Facebook: Terms of Use, Explained & Exploredoledhe
This presentation was created as part of my studies for unit 213 - Policy, Regulation and Governance.
It explores Facebook's Terms of Use in a simple and informative manner.
Enjoy!
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2. Figure 1. Mapping email and phone number to real name and profile
picture in Facebook
II. NEW PRIVACY LEAKS AND POSSIBLE SOLUTIONS
In this section we introduce several new privacy leaks in
Facebook. The social network relay attack can also work in
other social networks. Moreover, we also propose solutions
to prevent these leaks.
A. Mapping email addresses to real names
Email addresses are widely sold, in bulk, for marketing
and phishing attack purposes. These marketing and phishing
attempts are less effective when not personalized [17], e.g.,
using “Dear Sir” is less effective than “Dear John Smith”.
A design flaw in Facebook can help these marketers and
phishers map email addresses to real names (Facebook’s
“terms of use” legally enforce users to only use their real
names on the social network). This mapping can be done in
two ways.
First, an attacker can search the corresponding real names
to the email addresses on Facebook using direct mapping
through the use of search by email feature available on
Facebook. This mapping will only work if the attacker is
within the allowed category of people who can search the
user on Facebook, as users can limit being searched only by
“Friends”, “Friends of friends”, etc. Moreover, to automate
the attack a user will have to use Facebook’s APIs, which
could at times be very restrictive.
The second method will work against any privacy settings
by a user and does not require any Facebook APIs. Here,
an attacker can go to the Facebook’s recovery page1
and
input an email address from the list. If the email belongs
to a registered profile on Facebook, it will return a page as
shown in Figure 1. This shows the real name and a thumbnail
profile picture of the user.
On the other hand, if the email address does not corre-
spond to a Facebook account then the attacker is directed
1http://www.facebook.com/recover.php
Figure 2. Facebook response when an email address does not correspond
to a registered account
to the page displayed in Figure 2, which clearly states that
there is no Facebook account corresponding to that email
address.
Attackers can use this mapping to launch other attacks
against users. A user’s email address is their username when
logging into Facebook. It’s revelation enables the attacker to
attempt to hack into the user’s account by either attempting
to answer the user’s secret question (which once set on
Facebook can not be changed) or by guessing the password.
Solution: Facebook’s provision of a real name, as
shown in Figure 1, to confirm the email address of a user
for account recovery is not necessary. As, users can only use
their real names on Facebook and it is rare that a user will
forget his real name, thus, instead of providing a user with
the real name and asking for confirmation, Facebook should
ask a user to provide his real name in addition to his email
address. This way marketers and phishers will not be able
to map emails to real names using Facebook.
B. Reconstruction of a friend’s friendlist
For added privacy, Facebook users have the option to
restrict who can view their friendlist, but, this does not mean
a friend attacker2
can not reconstruct that user’s friendlist.
For at least a partial reconstruction, a friend attacker can
enumerate the names/ user IDs of all the users who comment
on posts visible to friends only. In Figure 3, even though the
user’s friendlist is not visible to the author, we are able to
find the names of at least four friends of the victim3
. One
friend has commented on the post and the other three have
liked it. By analyzing more posts, over a longer duration of
time, an attacker can find the names and user IDs of more
friends of the victim.
Similarly, when a user is tagged in a photo, we can see the
name of the person who tagged the user by rolling the mouse
over their name. It displays “Tagged by” and the tagger’s
name. As, only a user’s friends are allowed to tag them on
Facebook, this also helps in reconstructing the friendlist.
2A friend attacker is an attacker who is a friend on Facebook.
3The author’s friend was asked for permission and has kindly agreed to
use their post in this paper.
165
3. Figure 3. Reconstructing friendlist on Facebook from wall posts
Moreover, Facebook does not allow users to hide their mu-
tual friends. The names of mutual friends can also be added
to the being-reconstructed list of the victim’s friendlist. This
way the attacker can reconstruct a very significant part of a
user’s friendlist.
Solution: If a user does not want his friendlist to be
visible to his friends, then Facebook should not display that
user’s mutual friends. Also, when a user views the wall
of a friendlist-hiding friend, the comments and likes by
other friends in the friend’s view should be anonymized.
For example, when the profile owner sees the comments it
could be “John Smith” commented hi, but when his friend
views it, it should be “A friend” commented hi. Similarly
the photo taggers should not be visible for such users. This
way, it will be much harder for anyone to reconstruct the
friendlist of that user. Of course, the anonymization of other
contributing users’ names on a friend list hiding a user’s
profile will complicate the flow of conversation between
his multiple friends, but that is the tradeoff between better
privacy and ease of communication. Alternatively, a specific
list of highly trusted friends could be allowed to have the
non-anonymous view of the friend comments again at the
cost of leak of information to them.
C. Curse of the Timeline
Timeline, a new virtual space in which all the content of
Facebook users are organized and shown, was introduced
on December 15, 2011 [18]. In addition to re-organization
of users’ content, Timeline comes with some default and
unchangeable privacy settings. Firstly, it is no longer possi-
ble for a Facebook user to hide their mutual friends, which
was possible before Timeline. The impact of revelation of
mutual friends has been discussed in the previous section.
Secondly, it is not possible to limit the public view of “cover
photos”. These cover photos could be a user’s personal
pictures or political slogans and their widespread sharing
may have various short term and long term consequences
for that user. Thirdly, with the Timeline, depending on the
users’ privacy settings, if the likes and friendlist of a user
are shared with a list of users, then that list of users can
also see the month and the year when those friends were
added or when the user liked those pages. This will allow
an attacker to analyze the sentiments and opinions of a user,
e.g. when did a user start liking more violent political figures
and unlike the non-violent ones. Finally, with the Timeline,
if a user makes a comment on a page or a group, he does
not have the option to disable being traced back to the
profile. Before the Timeline, a user could make themselves
searchable by a specific group (e.g. “Friends” or “Friends
of friends”, etc. ) and even if they commented on pages
and groups, people outside those allowed groups would not
be able to link back to the commenters profile. Facebook
can solve these problems by allowing users to change the
settings to share their content with their desired audience.
D. Curse of social plugins
In April, 2010, Facebook launched its social plugins to
integrate other websites into Facebook. Since, its launch
over 2.5 million websites have used social plugins. Using
social plugins, websites can allow users to comment on
their content using their Facebook accounts. Moreover, it
enables seamless sharing of content from other websites to
Facebook. Although there are a large number of marketing
benefits of social plugins, they have also created new privacy
problems for users. One of the biggest adverse effect for
a user is the fact that their activity can be traced back to
their Facebook profile. Figure 4 shows an example of such
a privacy problem. The users have commented on a news
article published by a Japanese news paper. Here Wataru
Iwamoto has commented on this article when Reiko Mihara
shared it on his Facebook profile. Wataru did not agree for
his comment to be displayed on a publicly visible website.
Due to their comments’ public visibility now their opinions
regarding the topic are visible to anyone who can view the
article on the website and they are traceable back to their
profiles for the inquirer to find more details about them.
This tracing has the potential of various short and long term
consequences for users.
Again, this problem can be prevented by Facebook
through limiting the view of the comments from public
websites and making the comments of users visible only
on the user walls or fan pages where they have originally
commented. Moreover, those users who comment on public
forums using their Facebook accounts should be given with
the possibility to disconnect the link ability to their accounts.
E. Social network relay attacks
Prior research has shown the ease of cloning profiles on
Facebook [19]. Similar methods can be used to clone profiles
166
4. Figure 4. Social Plugins on a Japanese news website
on Twitter and other social networks. Another variant of the
cloning attacks can be a relay attack. In a relay attack, (1)
the attacker gets access to the social network content shared
by the victim, (2) he creates a new profile with the same
name as the victim, (3) he relays the victim’s messages. To
avoid detection by the victim, the attacker from the fake
profile blocks the victim, thus, the victim will no longer be
able to search the attacker on the social network. To further
reduce the chance of detection, the attacker can block all
current friends/followers of the victim, thus no one in the
current online social circle of the victim will know about the
existence of the attacker. This attack seems innocent if the
attacker only relays the exact messages by the victim to a
subset of his approved audience, but, it becomes malicious
when the attacker starts sharing the content beyond his
approved audience. Moreover, the attacker may selectively
add, delete or modify messages and share them with any
audience. In the case of Twitter, it is easier to launch this
attack, as a user’s tweets are mostly public, but for Facebook
the attacker needs to be a friend of the victim to get access
to most messages. Thus, he may use social bots or a targeted
friend attack to become friends in the first place [20], [21]
and then launch the attack. This attack can be used to achieve
many goals, for example, in a political scenario, it can be
used to damage the reputation of a rival or misinform his
audience.
Solution: When a user loses access to their account
as a result of forgetting the password or their account
being hacked, Facebook verifies a user with some acceptable
Figure 5. Documents that Facebook requests for account verification
documents as shown in Figure 5, in order to re-grant him
access to his account. These documents include a user’s
passport and driving license. Such documents are hard for an
attacker to fake because of the technical difficulties and legal
penalties. Moreover, when a user provides these documents
to prove their identity to Facebook or any other social
network, it is not a breach of privacy as the act is willfully
done by the user.
Similar verification can be offered by social networks to
prevent relay attacks. Any user who has been verified could
be provided with a “Verified by the service provider” for
the real name and other attributes on the profile. If the
original profile has a certificate of authenticity, it will be
harder for relay attackers to launch the attack without raising
suspicion. In essence, the social network will have to act as
a certification authority.
F. Permanent take over of a Facebook account
Facebook allows a user to recover their compromised
account using several verification mechanisms, but, they all
fail if the attacker changes the name of the victims account
and attach a new account to the victim’s email address used
to login to Facebook. Thus, the attacker can lose the decoy
account created with the victims email attached while having
a permanent take over of the victim’s real account.
Solution: Facebook should not allow associating used
email addresses with new accounts. This will prevent the
permanent over take attack.
III. RELATED WORK
Risks and threats to users’ personal data on social net-
works is widely researched over the past few years. Gross
et al. [22] performed one of the earliest studies to identify
potential threats including: identity theft, embarrassment and
stalking, to the user of social networks. Bonneau et al. [23]
showed that the public listing of eight friends in Facebook
public search leads to revealing much more than just limited
information. Dhingra and Bonneau independently provided
167
5. limited hacks into Facebook photos [24], [25]. Felt [26]
presented a cross-site scripting vulnerability in the Facebook
Markup Language which allowed arbitrary JavaScript to be
added to the profiles of the users of an application, which
lead to session hijacking. Polakis et al. [17] showed how
names extracted from social networking sites can be used to
launch personalized phishing attacks, which are much more
successful than traditional phishing. Mahmood and Desmedt
presented the deactivated friend attack, utilizing which, an
attacker can have indefinite access to their victim’s personal
information [21]. Using targeted friend requests, they were
added as friend’s by 62% of their victims. They also pro-
vided the first preliminary study of Google+’s privacy and
its comparison to Facebook [27]. Boshmaf et al. [20] used
socialbots to demonstrate the breaching of user’s privacy
on Facebook using the botnet model. Socialbots have been
previously used by criminals and are sold online for as little
as USD 29. They created 102 socialbots to make friends with
3055 Facebook users in eight weeks with a success rate of
35.6%. Bilge et al. [19] showed the ease of launching an
automated identity theft attack against some popular social
networks by sending friend requests to friends of a cloned
victim.
Chabaane et al. showed the implicit leak of information
through the likes and interests of users on Facebook [28].
IV. CONCLUSION
In this paper we exposed several new flaws in Facebook
and Twitter. These include the possibility of an attacker map-
ping email addresses to real user names, the possibility of
reconstructing a user’s friendlist even if his privacy settings
are set to hide it, and the new privacy flaws introduced with
the introduction of Facebook’s Timeline and social plugins.
Moreover, introduced relay attacks in social networks and
how their use could result in privacy breaches. For an
attacker with a compromised account of a user, we presented
a mechanism to permanently take it over. We also provided
solutions to each of the privacy leaks/ attacks we exposed.
REFERENCES
[1] “Facebook statistics,” http://newsroom.fb.com/content/
default.aspx?NewsAreaId=22, accessed: May 16, 2012.
[2] C. Taylor, “Social networking ‘Utopia’ isn’t coming,” CNN,
June 27, 2011.
[3] “About Meetup,” http://www.meetup.com/about/, accessed:
Feb. 20, 2012.
[4] YouTube, “YouTube statistics,”
http://www.youtube.com/t/press statistics, accessed: May 16,
2012.
[5] “Flickr,” http://advertising.yahoo.com/article/flickr.html, ac-
cessed: Feb. 20, 2012.
[6] “Foursquare,” https://foursquare.com/about/, accessed: Feb.
20, 2012.
[7] E. Barnett, “Google+ hits 90 million users,” The Telegraph,
Jan. 20, 2012.
[8] “Linkedin,” http://press.linkedin.com/about, accessed: Feb.
20, 2012.
[9] T. Monkovic, “Eagles employee fired for Facebook post,” New
York Times, March 10, 2009.
[10] J. Bonneau, J. Anderson, and G. Danezis, “Prying data out
of a social network,” in ASONAM, 2009, pp. 249–254.
[11] D. Barret and M. H. Saul, “Weiner now says he sent photos,”
The Wall Street Journal, Jun. 7, 2011.
[12] M. Stelzner, “Social media marketing industry report,”
http://www.socialmediaexaminer.com/
SocialMediaMarketingReport2011.pdf, 2011.
[13] D. L. Michael Henderson, Melissa de Zwart and M. Phillips,
Will u friend me? Legal Risks of Social Networking Sites.
Monash University, 2011.
[14] “Obama advises caution in use of Facebook,” Associated
Press, Sep. 8, 2009.
[15] S. Mahmood and Y. Desmedt, “Usable privacy by visual
and interactive control of information flow,” in Twentieth
International Security Protocols Workshop, 2012.
[16] ——, “Two new economic models for privacy,” in SIGMET-
RICS Performance Evaluation Review, 2012.
[17] I. Polakis, G. Kontaxis, S. Antonatos, E. Gessiou, T. Petsas,
and E. P. Markatos, “Using social networks to harvest email
addresses,” in WPES, 2010, pp. 11–20.
[18] “Facebook Timeline,” http://www.facebook.com/about/timeline,
accessed: May 16, 2012.
[19] L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, “All your
contacts are belong to us: automated identity theft attacks on
social networks,” in WWW, 2009, pp. 551–560.
[20] Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu,
“The socialbot network: when bots socialize for fame and
money,” in ACSAC, 2011, pp. 93–102.
[21] S. Mahmood and Y. Desmedt, “Your Facebook deactivated
friend or a cloaked spy,” in PerCom Workshops, 2012, pp.
367–373.
[22] R. Gross, A. Acquisti, and H. J. H. III, “Information revelation
and privacy in online social networks,” in WPES, 2005, pp.
71–80.
[23] J. Bonneau, J. Anderson, F. Stajano, and R. Anderson, “Eight
friends are enough: Social graph approximation via public
listings,” in SNS, 2009.
[24] A. Dhingra, “Where you did sleep last night? ...thank you, i
already know!” iSChannel, vol. 3, no. 1, 2008.
168
6. [25] J. Bonneau, “New Facebook photo hacks,”
http://www.lightbluetouchpaper.org/2009/02/11/new-
facebook-photo-hacks/, 2009.
[26] A. Felt, “Defacing Facebook: A secu-
rity case study,” 2007. [Online]. Available:
http://www.cs.virginia.edu/felt/fbook/facebook-xss.pdf
[27] S. Mahmood and Y. Desmedt, “Poster: preliminary analysis
of Google+’s privacy,” in ACM Conference on Computer and
Communications Security, 2011, pp. 809–812.
[28] A. Chaabane, G. Acs, and M. A. Kaafar, “You are what you
like! Information leakage through users’ Interests,” in NDSS,
2011.
169