Log in

No account? Create an account
Quick note on the social networks paper - Arvind Narayanan's journal [entries|archive|friends|userinfo]

Quick note on the social networks paper [Mar. 26th, 2009|07:09 pm]
Arvind Narayanan
[Tags|, , , ]

Our social networks paper has been getting some press, including on slashdot and BBC news. The de-anonymization attack in our paper is very broad in scope, and unsurprisingly, it has been whittled down into phrases like "we can find you on twitter."

Please read our FAQ. Our attack applies to a variety of scenarios, some involving very sensitive data, including phone call networks which are often shared in anonymous form. The paper is online (html) and most of it is readable with a minimal technical background. I hope our "State of the Union" section will convince you that social network anonymity is a rather important issue.

On a personal level, working on this paper was very gratifying for me--the de-anonymization algorithm is far deeper than the one in the Netflix paper, and took far longer to develop.

Finally, a plug for 33bits.org, my blog about the de-anonymization work I've been part of.

Edit. And I also have a shiny new web page! After testing about 15 different widgets for embedding an RSS feed into a page, and finding none of them satisfactory, I gave up and wrote the damn thing myself :-)

From: (Anonymous)
2009-04-06 07:47 pm (UTC)

The problem of false details: Monitoring Sex Offenders who use deception.

The problem of false details

By now it is clear that the problem with sex offenders on MySpace, Facebook, Bebo, Orkut, and other social networks is a mainstream news/social issue. I have noticed one problem while trying to monitor these people on Facebook.

When a sex offender uses their real name and other details (as is often the case, surprisingly), it makes things pretty easy to monitor. However, it is widely known that sex offenders, particularly those who harm children are some of the most deceitful, deceptive, and even sometimes, although I am loathed to use the term, cunning, people.

When a sex offender uses false names, false dates of birth, false photos, and false employee details, this means it can be near impossible to discover their real identity within the format of social networking, certainly from a civilian perspective, and absolutely impossible without access to Facebook's ip logs and subpoenas for ip holder records.

(Reply) (Thread)
From: (Anonymous)
2009-04-06 07:48 pm (UTC)

The problem of false details: Monitoring Sex Offenders who use deception.

False Details: Issues

1) Is the sex offender thinking up a random name, and random other details, and then stealing random photos of people on the internet?

2) Do sex offenders steal other people's full identity in order to make their MySpace/Facebook profiles more believable? This would mean they are committing a crime in order to fulfill another crime.

3) What percentage of U.S. Sex Offenders are utilizing false details on a) MySpace b) Facebook?

4) Are there more Sex Offenders on MySpace and Facebook using false details, then there are using their real details?

5) Is there a link between "level of deception" and criminal intent? Some sex offenders may be using MySpace and/or Facebook WITHOUT criminal intent, but are so ashamed of their sex offender status and registration profiles, that they feel they have to hide who they really are in order to a) Not get banned from the social networking site they are on b) get in trouble with law enforcement and c) get outed as a sex offender amongst friends on their "friends list".

6) A sex offender may feel that just by using their real name, they can be "discovered", or "outed", and so are they forced into using false details?

7) Sex Offenders may feel entitled to an "online social life" or "cyber social life", just as the rest of the majority of society does.

Methods to monitor sex offenders who use False Details (extremely hard to do!)

1) Have every state impose laws that require email addresses and instant messenger usernames to be registered with State Sex Offender Registries, Local Police, and Sheriff's Departments. In some states which require this already, there are claims that this "drives sex offenders underground and forces them to setup other accounts". However, a reasonable number have been found using these registered these details, which is a violation, and has resulted in imprisonment.

2) Make it mandatory for a sex offender with a conviction against children, to inform the SOR's of their ISP (Internet Service Provider), the range of their I.P. address, whether their I.P. Address (Internet Protocol Number) is static (doesn't change) or dynamic (does change). This would require MySpace and Facebook to report suspicious IP addresses and activity, and possibly ban sex offenders IP's from their site.

3) Place monitoring software on all predatory sex offenders home computers. (not going to be a big one amongst fans of 'civil liberties', even though one could argue the issue of protecting children far outweighs it)

4) Ban them from the use of the internet at home (would be hard to achieve possibly).

5) Monitor, record, intercept, analyze, scan, and disseminate all incoming & outgoing phoneline/cable/fibre-optic transmissions coming from a sex offenders residence, and feed the results into a supercomputer, similar to those used at the National Security Agency (a new federal authority could be created, called the National Sex Offender Agency). The US Secret Service uses a network of over 40,000 computers to brute force encryption codes, so they clearly have some experience dealing with coded messages if those were found.

6) Sex Offenders who have convictions for possession/manufacture/distribution of child pornography are extremely likely to be using Encryption of plain text and/or files. They are also likely to try to use services such as TOR and Anonymizer. www.torproject.org - www.anonymizer.com

7) Use the federal level www.nsopr.gov and www.nsopw.gov websites, and state level SOR websites to compare the aliases of every US Sex Offender to membership databases on MySpace and Facebook. I have had pretty large success with this. Most sex offenders with convictions against children (of any type), tend to have aliases or fake names. I have found a high proportion of positive confirmed matches for sex offenders using alias names, but other real data such as a real photos of themself. It is clear some sex offenders think that by merely changing their "registered name" or "display name" on Facebook that they can escape detection.

Dr. David Webb, PhD
Intelligence Support Activity

(Reply) (Thread)