De-anonymizing Social Networks

TL;DR

This paper introduces a novel topology-based de-anonymization framework for social networks, demonstrating that a significant portion of users can be re-identified with minimal error, even under challenging conditions.

Contribution

The paper presents a new re-identification algorithm that effectively de-anonymizes social network graphs using only network topology information, without relying on dummy nodes or extensive auxiliary data.

Findings

Re-identified one-third of users across Twitter and Flickr with 12% error.

Algorithm is robust to noise and existing defenses.

Effective even with small overlap between networks.

Abstract

Operators of online social networks are increasingly sharing potentially sensitive information about users and their relationships with advertisers, application developers, and data-mining researchers. Privacy is typically protected by anonymization, i.e., removing names, addresses, etc. We present a framework for analyzing privacy and anonymity in social networks and develop a new re-identification algorithm targeting anonymized social-network graphs. To demonstrate its effectiveness on real-world networks, we show that a third of the users who can be verified to have accounts on both Twitter, a popular microblogging service, and Flickr, an online photo-sharing site, can be re-identified in the anonymous Twitter graph with only a 12% error rate. Our de-anonymization algorithm is based purely on the network topology, does not require creation of a large number of dummy "sybil" nodes, is robust to noise and all existing defenses, and works even when the overlap between the target network and the adversary's auxiliary information is small.