Sai Teja Peddinti

On the internet, nobody knows you're a dog: a twitter case study of anonymity in social networks

Twitter does not impose a Real-Name policy for usernames, giving users the freedom to choose how they want to be identified. This results in some users being Identifiable (disclosing their full name) and some being Anonymous (disclosing neither their first nor last name). In this work we perform a large-scale analysis of Twitter to study the prevalence and behavior of Anonymous and Identifiable users. We employ Amazon Mechanical Turk (AMT) to classify Twitter users as Highly Identifiable, Identifiable, Partially Anonymous, and Anonymous. We find that a significant fraction of accounts are Anonymous or Partially Anonymous, demonstrating the importance of Anonymity in Twitter. We then select several broad topic categories that are widely considered sensitive--including pornography, escort services, sexual orientation, religious and racial hatred, online drugs, and guns--and find that there is a correlation between content sensitivity and a users choice to be anonymous. Finally, we find that Anonymous users are generally less inhibited to be active participants, as they tweet more, lurk less, follow more accounts, and are more willing to expose their activity to the general public. To our knowledge, this is the first paper to conduct a large-scale data-driven analysis of user anonymity in online social networks.

Cloak and Swagger: Understanding Data Sensitivity through the Lens of User Anonymity

Most of what we understand about data sensitivity is through user self-report (e.g., surveys), this paper is the first to use behavioral data to determine content sensitivity, via the clues that users give as to what information they consider private or sensitive through their use of privacy enhancing product features. We perform a large-scale analysis of user anonymity choices during their activity on Quora, a popular question-and-answer site. We identify categories of questions for which users are more likely to exercise anonymity and explore several machine learning approaches towards predicting whether a particular answer will be written anonymously. Our findings validate the viability of the proposed approach towards an automatic assessment of data sensitivity, show that data sensitivity is a nuanced measure that should be viewed on a continuum rather than as a binary concept, and advance the idea that machine learning over behavioral data can be effectively used in order to develop product features that can help keep users safe.

On the limitations of query obfuscation techniques for location privacy

A promising approach to location privacy is query obfuscation, which involves reporting k -- 1 false locations along with the real location. In this paper, we examine the level of privacy protection provided by the current query obfuscation techniques against adversarial location service providers. As a representative and realistic implementation of query obfuscation, we focus on SybilQuery. We present two types of attacks depending upon whether or not a short-term query history is available. When history is available, using machine learning, we were able to identify 93.67% of user trips, with only 2.02% of fake trips misclassified, for the security parameter k = 5. In the absence of history, we used trip correlations to form a smaller set of trips effectively increasing the user query identification probability from 20% to about 40%. Our work demonstrates that the use of aggregate statistical information alone is not sufficient to generate simulated trips. We identify areas for improvement in the existing query obfuscation techniques.

Cover locations: availing location-based services without revealing the location

Location-Based Services (LBSs) have been gaining popularity due to a wide range of interesting and important applications being developed. However, the users availing such services are concerned about their location privacy, in that they are forced to reveal their sensitive location information to untrusted third-parties. In this paper, we propose a new privacy-preserving approach, Cover Locations, which allows a user to access an LBS without revealing his/her actual location. Based on its current location, the users device queries for a few specifically chosen surrounding locations and constructs the results corresponding to its location from the results obtained for each queried location. Since the user location does not leave the users device - as either a latitude and longitude pair, or as an obfuscated region - the user is guaranteed very high level of privacy. The Cover Locations approach only requires minimal changes on the users device and can be readily deployed by privacy-conscious users. An adversary, trying to identify the user location, can only resolve the location to few triangular regions and not to the actual location itself. We evaluate the privacy provided by Cover Locations based on the number of locations queried and the total area under the resolved triangular regions. We also ascertain the robustness of Cover Locations approach when the adversary has access to a short-term user history, employing machine learning techniques. Overall, our results show that the proposed solution, which requires minor computations without the need for any out-of-band information such as traffic densities in a region or the road network information, is superior to other client-based solutions.