Skip to feedback

Award Abstract # 1318659
TWC SBE: Small: Protecting the Online Privacy of Users of Social Networks

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: NEW YORK UNIVERSITY
Initial Amendment Date: August 30, 2013
Latest Amendment Date: September 20, 2017
Award Number: 1318659
Award Instrument: Standard Grant
Program Manager: Dan Cosley
dcosley@nsf.gov  (703)292-8832
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: October 1, 2013
End Date: September 30, 2018 (Estimated)
Total Intended Award Amount: $500,000.00
Total Awarded Amount to Date: $500,000.00
Funds Obligated to Date: FY 2013 = $500,000.00
History of Investigator:
  • Keith Ross (Principal Investigator)
     keithwross@nyu.edu
Recipient Sponsored Research Office: New York University
 70 WASHINGTON SQ S
 NEW YORK
 NY  US  10012-1019
(212)998-2121
Sponsor Congressional District: 10
Primary Place of Performance: Polytechnic University of New York
 15 Metrotech Center
 Brooklyn
 NY  US  11201-3840
Primary Place of Performance
Congressional District:		 07
Unique Entity Identifier (UEI): NX9PXMKW5KW8
Parent UEI:
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001314DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7434, 7923
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

It is generally recognized that protecting online privacy is important, with modern society manifesting this concern in many ways. Preliminary research indicates that third parties, with modest crawling and computational resources, and employing simple data mining heuristics, can potentially combine online services and publicly available information to create detailed profiles of the users living in any targeted geographical area.

This research investigates measures that can significantly improve privacy protection of users, while not degrading their overall Internet experience. The focus is on less-trustworthy third parties (e.g., data brokers, advertisers, spammers, malware distributors, and pedophiles), who can scrape, aggregate and infer information from many different online and offline sources. This research has two interrelated research thrusts. First, it explores to what extent third parties can collect, aggregate, and statistically process information from OSNs and other online and offline sources to create profiles. This thrust is developing rigorous statistical methodologies and probabilistic models for estimating the degree of potential privacy leakage. Second, this research investigates a variety of privacy policies that governments can establish, and a wide range of measures OSNs can take, to reduce the privacy risk. For promising combinations of policies and measures, this research quantifies the trade-off between privacy protection and usability.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 15)
A. Chaabane, Y. Ding, R. Dey, M. A. Kaafar, K. W. Ross " A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information?" Passive and Active Measurement Conference (PAM), 2014 , 2014
Haizhong Zheng, Minhui (Jason) Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang, and Keith Ross "Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks" Network and Distributed System Security Symposium (NDSS), 2018 , 2018
J. Xue, Y. Liu, K.W. Ross, H. Qian "I know Where You Are: Thwarting Privacy Protection in Location-Based Social Discovery Services" IEEE Infocom Workshop on Security and Privacy in Big Data, 2015 , 2015
M. Xue, G. Magno, E. Cunha, V. Almeida, and K,W. Ross "The Right to be Forgotten in the Media: A Data-Driven Study" 16th Privacy Enhancing Technologies Symposium (PETS), 2016 , 2016
M. Xue, C.L. Ballard, C.L. Nemelka,  K. Liu. A. Wu, K.W. Ross, H. Qian "You Can Yak but You Can?t Hide: Localizing Anonymous Social Network Users" ACM Internet Measurement Conference (IMC), 2016 , 2016
R.Dey, M. Nangia, K.W. Ross, Y. Liu "Estimating Heights from Photo Collections: A Data-Driven Approach" Conference on Online Social Networks (COSN), 2014 , 2014
R. Dey, Y. Ding, K.W. Ross, "The High-School Profiling Attack: How Online Privacy Laws Can Actually Increase Minors Risk" Internet Measurement Conference (IMC) 2013 , 2013
S.T. Peddinti, K.W. Ross, J. Cappos "Finding Sensitive Accounts on Twitter: An Automated Approach Based on Follower Anonymity" International Conference on Web and Social Media, ICWSM (poster paper), 2016 , 2016
S.T. Peddinti, K.W. Ross, J. Cappos "On the Internet, nobody knows you?re a dog": A Twitter Case Study of Anonymity in Social Networks" Conference on Online Social Networks (COSN), 2014 , 2014
T. Minkus and K.W. Ross "I Know What You're Buying: Privacy Breaches on eBay" Privacy Enhancing Technologies (PETS), 2014 , 2014
T. Minkus, K. Liu, K.W. Ross "Children Seen But Not Heard: When Parents  Compromise Children's Online Privacy" 24th World Wide Web Consortium (WWW'2015), 2015 , 2015
(Showing: 1 - 10 of 15)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

This research, which was begun in 2013, studied the Internet privacy of adults and children. The focus of the research was on how 3rd parties -- such as foreign governments and companies such as the now infamous Cambridge Analytica --  can scrape information from social networks, search engines, and public records, combine the information, and use data science inference techniques to obtain very vivid pictures of the private lifes of large swaths of adults and children. Our research group was among the first to recognize this problem and undertake an indepth inverstigation of potential 3rd-party attacks. Our research showed how two privacy laws -- COPPA and the Right to Be Forgotten -- originally intended to improve the privacy of children and adults could backfire and acutally reduce Interent users' privacy. We showed how parents who post photos of their babies and children can inadvertently leak - through inference techniques - private informaiotn of their children. We showed that anonymous usesrs on Twitter exhibit significantly different behavior than non-anonymous users. We showed that location-based social networks can often be exploited by 3rd parties to determine the exact location of users, and to de-anonymize users in anonymous services like Yik Yak. The research led to 13 research papers on privacy and anonymity, covering a variety of different Internet applications, including Facebook, Google, Twitter, eBay, mobile dating services such as Tinder, and anonymous mobile apps such as Yik Yak. Our work has been extensively covered by the media, including the New York Times, NPR, and Bloomberg.

We are not at all surprised that many Internet applications today are being successfully attacked by thrid parties, such as foreign governments and companies working for political campaigns such as Cambridge Analytica. In particular, because Facebook over the years has been overly aggressive in trying to network the world, it has set itself up for numerous privacy attacks. Although Facebook has recently taken small measures to reduce the problem, it needs to make more fundamental changes to provide the safety and privacy that Internet users expect. In particular, we recommend that Facebook follow the example of Wechat, the popular social networking and messaging applicaiton in China. In Wechat, users cannot see other users' friend lists, and it does not recommend potential friends to users. By making this fundamental change, Facebook would go a long way in reducing potential inference attacks that currently plague the social network. 

We would like to thank NSF for its generous support to pursue this research. 

 

 

 


Last Modified: 10/16/2018
Modified by: Keith W Ross

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top