Profiling high-school students with facebook

How online privacy laws can actually increase minors' risk

Ratan Dey, Yuan Ding, Keith Ross

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions. Copyright is held by the owner/author(s).

    Original languageEnglish (US)
    Title of host publicationIMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference
    Pages405-416
    Number of pages12
    DOIs
    StatePublished - 2013
    Event13th ACM Internet Measurement Conference, IMC 2013 - Barcelona, Spain
    Duration: Oct 23 2013Oct 25 2013

    Other

    Other13th ACM Internet Measurement Conference, IMC 2013
    CountrySpain
    CityBarcelona
    Period10/23/1310/25/13

    Fingerprint

    Students
    Joining
    Data mining
    Sales
    Internet

    Keywords

    • COPPA
    • Facebook
    • High school
    • Minor
    • Policy
    • Privacy

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Cite this

    Dey, R., Ding, Y., & Ross, K. (2013). Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk. In IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference (pp. 405-416) https://doi.org/10.1145/2504730.2504733

    Profiling high-school students with facebook : How online privacy laws can actually increase minors' risk. / Dey, Ratan; Ding, Yuan; Ross, Keith.

    IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. 2013. p. 405-416.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Dey, R, Ding, Y & Ross, K 2013, Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk. in IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. pp. 405-416, 13th ACM Internet Measurement Conference, IMC 2013, Barcelona, Spain, 10/23/13. https://doi.org/10.1145/2504730.2504733
    Dey R, Ding Y, Ross K. Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk. In IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. 2013. p. 405-416 https://doi.org/10.1145/2504730.2504733
    Dey, Ratan ; Ding, Yuan ; Ross, Keith. / Profiling high-school students with facebook : How online privacy laws can actually increase minors' risk. IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference. 2013. pp. 405-416
    @inproceedings{5f1937f0cb2e46aab1e2e51adbaf1c98,
    title = "Profiling high-school students with facebook: How online privacy laws can actually increase minors' risk",
    abstract = "Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions. Copyright is held by the owner/author(s).",
    keywords = "COPPA, Facebook, High school, Minor, Policy, Privacy",
    author = "Ratan Dey and Yuan Ding and Keith Ross",
    year = "2013",
    doi = "10.1145/2504730.2504733",
    language = "English (US)",
    isbn = "9781450319539",
    pages = "405--416",
    booktitle = "IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference",

    }

    TY - GEN

    T1 - Profiling high-school students with facebook

    T2 - How online privacy laws can actually increase minors' risk

    AU - Dey, Ratan

    AU - Ding, Yuan

    AU - Ross, Keith

    PY - 2013

    Y1 - 2013

    N2 - Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions. Copyright is held by the owner/author(s).

    AB - Lawmakers, children's advocacy groups and modern society at large recognize the importance of protecting the Internet privacy of minors (under 18 years of age). Online Social Networks, in particular, take precautions to prevent third parties from using their services to discover and profile minors. These precautions include displaying only minimal information in registered minors' public profiles, not listing minors when searching for users by high school or city, and banning young children from joining altogether. In this paper we show how an attacker can circumvent these precautions. We develop efficient crawling and data mining methodologies to discover and profile most of the high school students in a targeted high school. In particular, using Facebook and for a given target high school, the methodology finds most of the students in the school, and for each discovered student infers a profile that includes significantly more information than is available in a registered minor's public profile. Such profiles can be used for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as stalking, kidnapping and arranging meetings for sexual abuse. Ironically, the Children's Online Privacy Protection Act (COPPA), a law designed to protect the privacy of children, indirectly facilitates the approach. In order to bypass restrictions put in place due to the COPPA law, some children lie about their ages when registering, which not only increases the exposure for themselves but also for their non-lying friends. Our analysis strongly suggests there would be significantly less privacy leakage if Facebook did not have age restrictions. Copyright is held by the owner/author(s).

    KW - COPPA

    KW - Facebook

    KW - High school

    KW - Minor

    KW - Policy

    KW - Privacy

    UR - http://www.scopus.com/inward/record.url?scp=84890088162&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84890088162&partnerID=8YFLogxK

    U2 - 10.1145/2504730.2504733

    DO - 10.1145/2504730.2504733

    M3 - Conference contribution

    SN - 9781450319539

    SP - 405

    EP - 416

    BT - IMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference

    ER -