I know what you're buying

Privacy breaches on eBay

Tehila Minkus, Keith W. Ross

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.

    Original languageEnglish (US)
    Title of host publicationPrivacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings
    PublisherSpringer Verlag
    Pages164-183
    Number of pages20
    Volume8555 LNCS
    ISBN (Print)9783319085050
    DOIs
    StatePublished - 2014
    Event14th International Symposium on Privacy Enhancing Technologies, PETS 2014 - Amsterdam, Netherlands
    Duration: Jul 16 2014Jul 18 2014

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume8555 LNCS
    ISSN (Print)03029743
    ISSN (Electronic)16113349

    Other

    Other14th International Symposium on Privacy Enhancing Technologies, PETS 2014
    CountryNetherlands
    CityAmsterdam
    Period7/16/147/18/14

    Fingerprint

    Privacy
    Feedback Systems
    Feedback
    Reputation System
    Accumulate
    Leakage
    Transactions
    Recommendations
    Demonstrations
    Attack
    Defects
    Series

    ASJC Scopus subject areas

    • Computer Science(all)
    • Theoretical Computer Science

    Cite this

    Minkus, T., & Ross, K. W. (2014). I know what you're buying: Privacy breaches on eBay. In Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings (Vol. 8555 LNCS, pp. 164-183). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8555 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-08506-7_9

    I know what you're buying : Privacy breaches on eBay. / Minkus, Tehila; Ross, Keith W.

    Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings. Vol. 8555 LNCS Springer Verlag, 2014. p. 164-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8555 LNCS).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Minkus, T & Ross, KW 2014, I know what you're buying: Privacy breaches on eBay. in Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings. vol. 8555 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8555 LNCS, Springer Verlag, pp. 164-183, 14th International Symposium on Privacy Enhancing Technologies, PETS 2014, Amsterdam, Netherlands, 7/16/14. https://doi.org/10.1007/978-3-319-08506-7_9
    Minkus T, Ross KW. I know what you're buying: Privacy breaches on eBay. In Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings. Vol. 8555 LNCS. Springer Verlag. 2014. p. 164-183. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-08506-7_9
    Minkus, Tehila ; Ross, Keith W. / I know what you're buying : Privacy breaches on eBay. Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings. Vol. 8555 LNCS Springer Verlag, 2014. pp. 164-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{68f4477ac4d04f6b8cd0d43c3a41c7bf,
    title = "I know what you're buying: Privacy breaches on eBay",
    abstract = "eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.",
    author = "Tehila Minkus and Ross, {Keith W.}",
    year = "2014",
    doi = "10.1007/978-3-319-08506-7_9",
    language = "English (US)",
    isbn = "9783319085050",
    volume = "8555 LNCS",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    publisher = "Springer Verlag",
    pages = "164--183",
    booktitle = "Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings",

    }

    TY - GEN

    T1 - I know what you're buying

    T2 - Privacy breaches on eBay

    AU - Minkus, Tehila

    AU - Ross, Keith W.

    PY - 2014

    Y1 - 2014

    N2 - eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.

    AB - eBay is an online marketplace which allows people to easily engage in commerce with one another. Since the market's online nature precludes many physical cues of trust, eBay has instituted a reputation system through which users accumulate ratings based on their transactions. However, the eBay Feedback System as currently implemented has serious privacy flaws. When sellers leave feedback, buyers' purchase histories are exposed through no action of their own. In this paper, we describe and execute a series of attacks, leveraging the feedback system to reveal users' potentially sensitive purchases. As a demonstration, we collect and identify users who have bought gun-related items and sensitive medical tests. We contrast this information leakage with eBay users' privacy expectations as measured by an online survey. Finally, we make recommendations towards better privacy in the eBay feedback system.

    UR - http://www.scopus.com/inward/record.url?scp=84904012962&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84904012962&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-08506-7_9

    DO - 10.1007/978-3-319-08506-7_9

    M3 - Conference contribution

    SN - 9783319085050

    VL - 8555 LNCS

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 164

    EP - 183

    BT - Privacy Enhancing Technologies - 14th International Symposium, PETS 2014, Proceedings

    PB - Springer Verlag

    ER -