Beruflich Dokumente
Kultur Dokumente
Balachander Krishnamurthy, Craig E. Wills Total number of words: 680 Anupama Aggarwal {MT10002} August 17, 2012
Motivation
Personally Identiable Information (PII) is the information about a person which can be used to trace an indivisuals identity which is unique to him. PII can either be used alone or linked with other information about the user to identify that person. With the popularity and prevalence of Online Social Networks (OSN), people are putting more and more information about themselves on Internet. However, the information which users provide ay be visible to more than just their friends on these OSNs. There has also been an increase in the use of third party applications to aggregate user activity data on OSNs. These third party servers can leak user information which they provided on OSNs
Problem Statement
They key question this study tries to answer is whether PII of a user present on a social media is being leaked to the third party servers via the OSN itself.
Results
Types of PII leakage : The authors identied four types of PII Leakage
transmission of OSN identier of a user to third party via external applications transmission of some pieces of PII to third party servers linking of PII leakage with other information about the user within and beyond the OSN Leakage of OSN identier : Referrer Header leaks Facebook id to doubleclick.net. Authors observed that 11 out of 12 OSNs had their user id leaked to the third party applications via the OSN itself. Leakage via external applications : The authors show that Facebook identier was leaked to socialmedia.com via Request-URI and Cookie. Similarly, other OSNs like MySpace also had their ids leaked via external applications. Leakage of pieces of PII : Authors observed leakage of age, gender, zip and email via RequestURI and cookie to ad.hi5.com, which is a DNS alias for a yieldmanager.com (Yahoo) server. This third party server is hidden and information is passed without user consent. Authors also observed direct PII leakage for 2 out of 12 OSNs Linking PII Leakage : When users visit another website while logged into the OSN, the cookie for that external website has some information from the cookie for the OSN session. This way, third party servers is able to link users to web accesses which they may not like to share with anybody.
Conclusion
Authors conclude that there exists an indirect leakage of PII via OSN to third party agents. External applications which have become very prevalent on OSNs like Facebook also leak information. OSNs should have a policy of hiding the OSN identier of a person so that it can not be exploited. 2