ABSTRACT
Twitter is a popular social network service for sharing messages among friends. Because Twitter restricts the length of messages, many Twitter users use URL shortening services, such as bit.ly and goo.gl, to share long URLs with friends. Some URL shortening services also provide click analytics of the shortened URLs, including the number of clicks, countries, platforms, browsers and referrers. To protect visitors' privacy, they do not reveal identifying information about individual visitors. In this paper, we propose a practical attack technique that can infer who clicks what shortened URLs on Twitter. Unlike the conventional browser history stealing attacks, our attack methods only need publicly available information provided by URL shortening services and Twitter. Evaluation results show that our attack technique can compromise Twitter users' privacy with high accuracy.
- geonames. http://www.geonames.org/export/client-libraries.html.Google Scholar
- L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x? anonymized social networks, hidden patterns, and structural steganography. In WWW, 2007. Google ScholarDigital Library
- D. Baron. :visited support allows queries into global history, 2002. https://bugzilla.mozilla.org/show_bug.cgi?id=147777.Google Scholar
- D. boyd, S. Golder, and G. Lotan. Tweet, tweet, retweet: Conversational aspects of retweeting on twitter. In HICSS, 2010. Google ScholarDigital Library
- J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov. "you might also like:" privacy risks of collaborative filtering. In IEEE Security and Privacy, 2011. Google ScholarDigital Library
- A. Chaabane, G. Acs, and M. A. Kaafar. You are what you like! information leakage through users" interests. In NDSS, 2012.Google Scholar
- Z. Cheng, J. Caverlee, and K. Lee. You are where you tweet: A content-based approach to geo-locating twitter users. In ACM CIKM, 2010. Google ScholarDigital Library
- A. Clover. Css visited pages disclosure, 2002. http://seclists.org/bugtraq/2002/Feb/271.Google Scholar
- C. Dwork. Differential privacy. In ICALP, 2006. Google ScholarDigital Library
- E. W. Felten and M. A. Schneider. Timing attacks on web privacy. In ACM CCS, 2000. Google ScholarDigital Library
- L. Grangeia. Dns cache snooping or snooping the cache for fun and profit. In SideStep Seguranca Digitial, Technical Report, 2004.Google Scholar
- J. He, W. W. Chu, and Z. V. Liu. Inferring privacy information from social networks. In ISI, 2006. Google ScholarDigital Library
- B. Hecht, L. Hong, B. Suh, and E. H. Chi. Tweets from justin bieber's heart: The dynamics of the location field in user profiles. In ACM CHI, 2011. Google ScholarDigital Library
- C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell. Protecting browser state from web privacy attacks. In WWW, 2006. Google ScholarDigital Library
- M. Jakobsson and S. Stamm. Invasive browser sniffing and countermeasures. In WWW, 2006. Google ScholarDigital Library
- A. Janc and L. Olejnik. Feasibility and real-world implications of web browser history detection. In W2SP, 2010.Google Scholar
- A. Janc and L. Olejnik. Web browser history detection as a real-world privacy threat. In ESORICS, 2010. Google ScholarDigital Library
- S. Krishnan and F. Monrose. Dns prefetching and its privacy implications: When good things go bad. In USENIX LEET, 2010. Google ScholarDigital Library
- J. Lindamood, R. Heatherly, M. Kantarcioglu, and B. Thuraisingham. Inferring private information using social network data. In WWW, 2009. Google ScholarDigital Library
- A. Mislove, B. Viswanath, K. P. Gummadi, and P. Druschel. You are who you know: Inferring user profiles in online social networks. In WSDM, 2010. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse dataset. In IEEE Security and Privacy, 2008. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. De-anonymizing social networks. In IEEE Security and Privacy, 2009. Google ScholarDigital Library
- Semiocast. Twitter reaches half a billion accounts more than 140 millions in the u.s., 2012. http://semiocast.com/publications/2012_07_30_Twitter_reaches_half_a_billion_accounts_140m_in_the_US.Google Scholar
- Twitter blog. Links and twitter: Length should't matter, 2010. http://blog.twitter.com/2010/06/links-and-twitter-length-shouldnt.html.Google Scholar
- Twitter blog. One million registered twitter apps, 2011. http://blog.twitter.com/2011/07/one-million-registered-twitter-apps.html.Google Scholar
- Twitter blog. Shutting down spammers, 2012. http://blog.twitter.com/2012/04/shutting-down-spammers.html.Google Scholar
- Twitter developers. t.co redirection behavior, 2012. https://dev.twitter.com/docs/tco-redirection-behavior.Google Scholar
- Twitter developers. The t.co url wrapper, 2012. https://dev.twitter.com/docs/tco-url-wrapper.Google Scholar
- G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to de-anonymize social network users. In IEEE Security and Privacy, 2010. Google ScholarDigital Library
- E. Zheleva and L. Getoor. To join or not to join: The illusion of privacy in social networks with mixed public and private user profiles. In WWW, 2009. Google ScholarDigital Library
Index Terms
- I know the shortened URLs you clicked on Twitter: inference attack using public click analytics and Twitter metadata
Recommendations
A sentiment analysis of audiences on twitter: who is the positive or negative audience of popular twitterers?
ICHIT'11: Proceedings of the 5th international conference on Convergence and hybrid information technologyMicroblogging is a new informal communication medium of blogging that differs from a traditional blog in which content is much shorter. Microbloggers post about topics that describe their current status. Twitter is a popular microblogging service and ...
Information resonance on Twitter: watching Iran
SOMA '10: Proceedings of the First Workshop on Social Media AnalyticsTwitter has undoubtedly caught the attention of both the general public, and academia as a microblogging service worthy of study and attention. Twitter has several features that sets it apart from other social media/networking sites, including its 140 ...
Disinformation Warfare: Understanding State-Sponsored Trolls on Twitter and Their Influence on the Web
WWW '19: Companion Proceedings of The 2019 World Wide Web ConferenceOver the past couple of years, anecdotal evidence has emerged linking coordinated campaigns by state-sponsored actors with efforts to manipulate public opinion on the Web, often around major political events, through dedicated accounts, or “trolls.” ...
Comments