This installment of Hacking Social Networks is about search and private data. The point we want to make is that public searches should never be allowed to return results based on private data. To be clear, we do not mean results that explicitly include private data, but results that, while only containing public data, are constraind by private data. Let's take three pieces of private data on Friendster: last name, zip, and email adress, and consider how they can be abused or discovered.
Last names in many social networks, including Friendster, are considered private data. To find the last name of someone on friendster we will use the user search feature. User search lets you search for people by first and last name. The user's profile reveals to you their first name and their user id (in the url). To abuse the user search, enter the user's first name, guess a last name and see if any of the returned users match the user we are interested in. This approach is reasonable because the distribution of last names is not even; it is in fact so uneven that one out of every one hundred people in the US have the last name Smith. The US Census Bureau provides us with the data. From this we see that after trying only twenty-eight last names we have a ten percent chance of having guessed the user's last name. As we go down the list the probability for each new name decreases so we have to try more and more names to increase our chance of getting a match. The 115th name gets us to twenty percent, 315th, thirty percent, 771th, forty percent, and so on. Clearly, this is too much to do by hand but not too much for a program to perform. Most last names can be discovered from Friendster profiles.
The second private data we consider is zip codes. Like last names, zip codes are not made available in profiles but are used as part of the Gallery search criteria. To perform this attack, first retreive the user id and location from a user's profile. Then, get all the zip codes for their location. For each zip code, change your location to that zip code, and perform a Gallery search for the user with the distance set to one mile*. Note which searches returned the user in question. Once all searches have been performed, you can deduce which zipcode the user acculy resides in using either a zip code map, which can be found in your phone book, or by looking at the distances between the zip codes.
*To search the Gallery with a distance of one mile you must save the page and edit the distance menu html to include 1 as a option.
Email addresses are the third data we discuss. There is no easy mapping from
user id to email address. Instead we do the opposite: find someone's Friendster account by email address. We have written about this once before, providing an example bookmarklet for finding people on Friendster. Besides the bookmarklet, we also have a program which generates reports of Friendster profiles by monitoring local network traffic. The privacy issue is: your email address, which most people use as if it is pseuodonymous, is no longer pseudonymous. Instead it is tightly coupled with your identity on any social network services you use.
Someone can post a personal ad on craigslist and check the picture and details of all the respondents before writing back. Suddenly, a total stranger knows what you look like, who your friends are, your gender and sexual orientation, what movies you like and how you spend your free time. This increase in transparency isn't evident when you sign up to these services.Posted by moore at 10.02.04 13:11