A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information?

Chaabane, Abdelberi; Yuan, Di; Dey, Ratan; Kâafar, Mohamed Ali; Ross, Keith W.

doi:10.1007/978-3-319-04918-2_23

Cited by 17 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This inherently prevents the OSN and users from controlling and monitoring the app's activities, and to take proactive measures to stop malicious penetration. Since the data are transferred out of the OSN, the utilization of user contents and their distribution is not in the control of the users [57]. Thus, they are required to uninstall third-party applications to protect their information that can go into the wrong hands.…”

Section: Recommendationsmentioning

confidence: 99%

Privacy and Security Issues in Online Social Networks

et al. 2018

View full text Add to dashboard Cite

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

show abstract

Section: Recommendationsmentioning

confidence: 99%

Privacy and Security Issues in Online Social Networks

et al. 2018

View full text Add to dashboard Cite

show abstract

“…There are also several recent studies dedicated to privacy inference on Facebook [22][23][24][25]. These studies used static user profiles on Facebook and other publicly available sources of personal information for privacy inference according to certain social relationships such as friends, schoolmates and parents (except [24], which studied the leakage from Facebook applications). Compared with them, this work features inferring user privacy based on the user interactions, which were relatively less explored in the literature.…”

Section: Related Workmentioning

confidence: 99%

Unintentional and Involuntary Personal Information Leakage on Facebook from User Interactions

2016

KSII TIIS

View full text Add to dashboard Cite

Online social networks (OSNs) have changed the way people communicate with each other. An OSN usually encourages the participants to provide personal information such as real names, birthdays and educational background to look for and establish friendships among them. Some users are unwilling to reveal personal information on their personal pages due to potential privacy concerns, but their friends may inadvertently reveal that. In this work, we investigate the possibility of leaking personal information on Facebook in an unintentional and involuntary manner. The revealed information may be useful to malicious users for social engineering and spear phishing. We design the inference methods to find birthdays and educational background of Facebook users based on the interactions among friends on Facebook pages and groups, and also leverage J-measure to find the inference rules. The inference improves the finding rate of birthdays from 71.2% to 87.0% with the accuracy of 92.0%, and that of educational background from 75.2% to 91.7% with the accuracy of 86.3%. We also suggest the sanitization strategies to avoid the private information leakage.

show abstract

“…Krishnamurthy and Wills performed a separate study for online social networks (OSNs) where they manually interacted with 12 OSNs finding cases where the PII that a user entrusted to an OSN would unintentionally find its way to third parties [17]. Chaabane et al recently investigated the leakage of user PII via OSN applications by automatically interacting with more than 1,200 OSN applications on two different OSNs [6]. The authors discovered that 22% of Facebook applications and 69% of RenRen applications leak, intentionally (via an HTTP request) or unintentionally (via the Referer header), a user's PII to forth-parties, that is, parties other than the third-parties who serve the OSN application.…”

Section: Referer-based Studiesmentioning

confidence: 99%

“…The rise of extremely popular online services offered at no fiscal cost to users has given rise to a rich online ecosystem of third party trackers and online advertisers. Indeed, this phenomenon has been studied extensively on generic websites [16], online social networks [6,17], and in mobile applications [8,13]. It has also raised the ire of online privacy advocates [38] who highlight the potential of tracking to compromise user privacy.…”

Section: Introductionmentioning

confidence: 99%

Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms

Starov

Gill

Nikiforakis

2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

The majority of commercial websites provide users the ability to contact them via dedicated contact pages. In these pages, users are typically requested to provide their names, email addresses, and reason for contacting the website. This effectively makes contact pages a gateway from being anonymous or pseudonymous, i.e., identified via stateful and stateless identifiers, to being eponymous. As such, the environment where users provide their personally identifiable information (PII) has to be trusted and free from intentional and unintentional information leaks. In this paper, we report on the first large-scale study of PII leakage via contact pages of the 100,000 most popular sites of the web. We develop a reliable methodology for identifying and interacting with contact forms as well as techniques that allow us to discover the leakage of PII towards thirdparties, even when that information is obfuscated. Using these methods, we witness the leakage of PII towards third-parties in a wide range of ways, including the leakage through third-party form submissions, third-party scripts that collect PII information from a first-party page, and unintended leakage through a browser’s Referer header. To recover the lost control of users over their PII, we design and develop Formlock, a browser extension that warns the user when contact forms are using PII-leaking practices, and provides the ability to comprehensively lock-down a form so that a user’s details cannot be, neither accidentally, nor intentionally, leaked to third parties

show abstract

A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information?

Cited by 17 publications

References 9 publications

Privacy and Security Issues in Online Social Networks

Privacy and Security Issues in Online Social Networks

Unintentional and Involuntary Personal Information Leakage on Facebook from User Interactions

Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms

Contact Info

Product

Resources

About