Privacy Threats from Social Networking Service Aggregators

Abstract

Social networking services (SNS) have increased in popularity over the last decade. They have become major platforms for e-commerce, personal branding, socialization and information. The success of social networking services like Facebook and Twitter as well as LinkedIn, LiveJournal andFoursquare and the variety of their usages leads their users to create a set of profiles on different SNS. Recently, social networking service aggregators have proposed centralizing the multiple social networking profiles of a given user in order to facilitate his interactions with social networking services. Such aggregators allow the messages received by a profile over multiple SNS to be retrieved, edited and posted with much less effort. Despite their obvious advantages, we highlight in this paper the risk of potential data leaks due to the inexperienced use of such tools. For this purpose, we provide a classification of online SNS and present their specificities with regard to the publicly exposed data of a user. Based on this classification, we investigate the possible insecure use of aggregators with an inappropriate set of SNS, which could lead to rendering sensitive data accessible to people it wasn't intended for. We present a decision tree approach for identifying a possible data leak based on the three following criteria: opinion, interest and location. We finally show the result of this approach on popular social networking aggregators.