INFERENCE ATTACK ON BROWSING HISTORY OF TWITTER USERS USING PUBLIC CLICK ANALYTICS AND TWITTER METADATA
0 likes472 views
The document discusses practical inference attack techniques to determine which shortened URLs are clicked by Twitter users using publicly available information, specifically Twitter metadata and click analytics from URL shortening services. The evaluation demonstrates that these attacks can compromise user privacy with high accuracy, contrasting them with conventional browser history stealing methods. The authors present a detailed analysis of their methodology and findings, indicating significant privacy risks for Twitter users.
![CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249)
MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com
Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com
experiments, we have shown that our attacks can infer the candidates in most
cases.
REFERENCES
[1] L. Backstrom, C. Dwork, and J. Kleinberg, “Wherefore art thou r3579x?
anonymized social networks, hidden patterns, and structural steganography,”
in Proc. 16th Int. World Wide Web Conf., 2007, pp. 181–190.
[2] D. Boyd, S. Golder, and G. Lotan, “Tweet, tweet, retweet: Conversational
aspects of retweeting on twitter,” in Proc. 43rd Hawaii Int. Conf. Syst. Sci.,
2010, pp. 1–10.
[3] Bugzilla. (2000). Bug 57351: css on a:visited can load an image and/or
reveal if visitor been to a site. [Online]. Available:
https://bugzilla.mozilla.org/show_bug.cgi? id=57351
[4] Bugzilla. (2002). Bug 147777: visited support allows queries into global
history. [Online]. Available: https://bugzilla.
mozilla.org/show_bug.cgi?id=147777
[5] J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov,
““You might also like:” Privacy risks of collaborative filtering,” in Proc. IEEE
Symp. Secur. Privacy, 2011, pp. 231–246.
[6] A. Chaabane, G. Acs, and M. A. Kaafar, “You are what you like! Information
leakage through users’ interests,” in Proc. 19th Network and Distributed
System Security Symp., 2012.](https://image.slidesharecdn.com/inferenceattackonbrowsinghistorys-160722090823/85/INFERENCE-ATTACK-ON-BROWSING-HISTORY-OF-TWITTER-USERS-USING-PUBLIC-CLICK-ANALYTICS-AND-TWITTER-METADATA-2-320.jpg)
![CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249)
MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com
Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com
[7] Z. Cheng, J. Caverlee, and K. Lee, “You are where you tweet: A content-
based approach to geo-locating twitter users,” in Proc. 19th ACM Int. Conf.
Inform. Knowl. Manage., 2010, pp. 759–768.
[8] A. Clover. (2002). Css visited pages disclosure. [Online]. Available:
http://seclists.org/bugtraq/2002/Feb/271
[9] C. Dwork, “Differential privacy,” in Proc. 33rd Int. Colloquium Automata,
Languages Programm., Springer Berlin Heidelberg, 2006. pp. 1–12.
[10] E. W. Felten and M. A. Schneider, “Timing attacks on web privacy,” in Proc.
7th ACM Conf. Comput. Comm. Secur. (CCS), 2000, pp. 25–32. [11] L. Grangeia,
“Dns cache snooping or snooping the cache for fun and profit,” in SideStep
Seguranca Digitial, Tech. Rep., (2004), [Online]. Available:
http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf.](https://image.slidesharecdn.com/inferenceattackonbrowsinghistorys-160722090823/85/INFERENCE-ATTACK-ON-BROWSING-HISTORY-OF-TWITTER-USERS-USING-PUBLIC-CLICK-ANALYTICS-AND-TWITTER-METADATA-3-320.jpg)
INFERENCE ATTACK ON BROWSING HISTORY OF TWITTER USERS USING PUBLIC CLICK ANALYTICS AND TWITTER METADATA
- 1. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com INFERENCE ATTACK ON BROWSING HISTORY OF TWITTER USERS USING PUBLIC CLICK ANALYTICS AND TWITTER METADATA ABSTRACT: Twitter is a popular online social network service for sharing short messages (tweets) among friends. Its users frequently use URL shortening services that provide (i) a short alias of a long URL for sharing it via tweets and (ii) public click analytics of shortened URLs. The public click analytics is provided in an aggregated form to preserve the privacy of individual users. In this paper, we propose practical attack techniques inferring who clicks which shortened URLs on Twitter using the combination of public information: Twitter metadata and public click analytics. Unlike the conventional browser history stealing attacks, our attacks only demand publicly available information provided by Twitter and URL shortening services. Evaluation results show that our attack can compromise Twitter users’ privacy with high accuracy. CONCLUSION In this paper, we proposed inference attacks to infer which shortened URLs clicked on by a target user. All the information needed in our attacks is public information: the click analytics of URL shortening services and Twitter metadata. To evaluate our attacks, we crawled and monitored the click analytics of URL shortening services and Twitter data. Throughout the
- 2. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com experiments, we have shown that our attacks can infer the candidates in most cases. REFERENCES [1] L. Backstrom, C. Dwork, and J. Kleinberg, “Wherefore art thou r3579x? anonymized social networks, hidden patterns, and structural steganography,” in Proc. 16th Int. World Wide Web Conf., 2007, pp. 181–190. [2] D. Boyd, S. Golder, and G. Lotan, “Tweet, tweet, retweet: Conversational aspects of retweeting on twitter,” in Proc. 43rd Hawaii Int. Conf. Syst. Sci., 2010, pp. 1–10. [3] Bugzilla. (2000). Bug 57351: css on a:visited can load an image and/or reveal if visitor been to a site. [Online]. Available: https://bugzilla.mozilla.org/show_bug.cgi? id=57351 [4] Bugzilla. (2002). Bug 147777: visited support allows queries into global history. [Online]. Available: https://bugzilla. mozilla.org/show_bug.cgi?id=147777 [5] J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov, ““You might also like:” Privacy risks of collaborative filtering,” in Proc. IEEE Symp. Secur. Privacy, 2011, pp. 231–246. [6] A. Chaabane, G. Acs, and M. A. Kaafar, “You are what you like! Information leakage through users’ interests,” in Proc. 19th Network and Distributed System Security Symp., 2012.
- 3. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com [7] Z. Cheng, J. Caverlee, and K. Lee, “You are where you tweet: A content- based approach to geo-locating twitter users,” in Proc. 19th ACM Int. Conf. Inform. Knowl. Manage., 2010, pp. 759–768. [8] A. Clover. (2002). Css visited pages disclosure. [Online]. Available: http://seclists.org/bugtraq/2002/Feb/271 [9] C. Dwork, “Differential privacy,” in Proc. 33rd Int. Colloquium Automata, Languages Programm., Springer Berlin Heidelberg, 2006. pp. 1–12. [10] E. W. Felten and M. A. Schneider, “Timing attacks on web privacy,” in Proc. 7th ACM Conf. Comput. Comm. Secur. (CCS), 2000, pp. 25–32. [11] L. Grangeia, “Dns cache snooping or snooping the cache for fun and profit,” in SideStep Seguranca Digitial, Tech. Rep., (2004), [Online]. Available: http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf.