The High School Profiling Attack: How Privacy Laws Can Increase

Minors’ RiskRatan Dey, Yuan Ding, Keith W. Ross

Dept. of Computer Science and Engineering

Third-Party Profiling of ChildrenQuestion:

Is it possible to automatically build detailed profiles of most of the teenagers (ages 12-17) in a target high school?

Profiles might include:

• Full name, gender, birth year, current school name, school year

• Home street address, photo of home• SkypeID, email address• Names and profiles of family members; names and

profiles of school friends• Interests, wall postings, hundreds of photos

The Danger

Data brokers:• sell profiles to advertisers,

spammers, malware distributors, employment agencies, college admission offices.

• teen market surpasses $200B in USPedophiles:• many already luring victims with FacebookSpear-phishing attacks:• Large-scale, automated and highly

personalized

Natural Approach: Begin w/ Facebook

• Find a child on FB, download his information.

• Visit his friends’ pages.• Repeat with friends.

• Then try to enhance profiles with other sources.

What a stranger sees about a minor:

What a stranger sees about an adult

Default and Worst-Case Information Available to

Strangersin Facebook

Challenge

• For a given high school, how do we find the students in Facebook and build profiles???

–Minors are not searchable by school in FB

– Only name, profile photo, cover photo album, and gender available for minor.

Attack Ingredients

• COPPA, a law designed to protect the privacy of children, indirectly facilitates the attack.

• “Reverse Friend Lookup,” an attacker can infer a user’s friends even if the user’s friend list is private.

• High-school students tend to have a relatively large number of friends from the same high school in the same graduating class year.

Children’s

Online

Privacy

Protection

Act

Some children lie about their ages

High-School Profiling Attack

• Pick target HS• Search FB by HS– Mostly get adults (alumni)– But get some lying minors w/ future

grad year: “core users”

• Collect all friends of core users: “candidates”

• Identify candidates with many friends in core set

Identify candidates w/ many core friends

core

use

rs

candid

ate

stud

en

ts

Lying minors in 10th

grade in Springfield HS

Harry likely:• lives in Springfield• goes to Springfield High• 10th grade• 16 years old• friends with Lisa, Etienne

Honest minor:name and pic

Honest minors are vulnerable

Data sets – One private & two public high schools

Estimating the crawling efforts

High-School #1• 362 students; found FB pages for 325• Attack:18 core users; 6,282

candidates

Top 300 has 75% w/ 22%

false negatives

High-School #2,3

Profile for honest minor:• Full name, gender, profile picture

• City, school name, school year, birth year• Friends in same school; their profiles

• Home street address, photo of home• Names of parents

• SkypeID• Facebook pages of parents• ……

What if no COPPA ?

Counter-measure: remove Harry from others’ friend lists

Take away

• Component of COPPA law actually facilitates privacy leakages to third parties.

• OSNs can take additional measures to significantly protect children’s privacy.– Remove minors from public friend lists– Detect lying minors

Some Current/Future Research• Defenses– Government polices, OSN measures– Quantify privacy leakage

• City attack– Attempt to find and profile all middle-school

and high-school children– Active attack: “friend” minors, get more info

• Information from photos– Big data approach

IMDB Database

Poly Students

Component graphs for students

Component # 1 Component # 2

Obtaining relative height estimates

1. Use openCV for face detection2. Use midpoints of boxes to determine

height differences in pixels = pij

3. Determine average box size in pixels = b4. Determine height differences wrt box

height

5. e.g., S = 15 cm

b

pb ijij

ijij bSx .

CDF for School Database

0 1 2 3 4 5 6 7 80

0.2

0.4

0.6

0.8

1

1.2

Estimated error for Mean approach

Estimated error for Baseline

Error in cm

C

DF