Entering watch dogs*: evaluating privacy risks against large-scale facial search and data collection

buir.contributor.authorDurmaz, Bahadır
dc.citation.epage6en_US
dc.citation.spage1en_US
dc.contributor.authorDurmaz, Bahadır
dc.contributor.authorAyday, Erman
dc.coverage.spatialVancouver, BC, Canadaen_US
dc.date.accessioned2022-01-28T13:42:52Z
dc.date.available2022-01-28T13:42:52Z
dc.date.issued2021-07-19
dc.departmentDepartment of Computer Engineeringen_US
dc.descriptionConference Name: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)en_US
dc.descriptionDate of Conference: 10-13 May 2021en_US
dc.description.abstractDiscovering friends on online platforms have become relatively easier with the introduction of contact discovery and ability to search using phone numbers. Such features conveniently connect users by acting as unique tokens across platforms, as opposed to other attributes, such as user names. Using this feature, in this work, one of our contributions is to explore how an attacker can easily create a massive dataset of individuals residing in a given region (e.g., country) that includes high amount of personal information about such individuals. To identify the active social network accounts of individuals in a given region, we show that brute force phone number verification is possible in popular online services, such as WhatsApp, Facebook Messenger, and Twitter. We also go beyond and show the feasibility of collecting several data points on discovered accounts, including multiple facial data belonging to each account owner along with 23 other attributes. Then, as our main contribution, we quantify the privacy risk for an attacker linking a total stranger (e.g., someone it randomly comes across in public) to one of the collected records via facial features. Our results show that accurate facial search is possible in the constructed dataset and that an attacker can link a randomly taken photo (i.e., a single facial photo) of an individual to their profile with 67% accuracy. This means that an attacker can, on a large scale, create a search engine that is capable of identifying individuals' records efficiently and accurately from just a single facial photo.en_US
dc.description.provenanceSubmitted by Betül Özen (ozen@bilkent.edu.tr) on 2022-01-28T13:42:52Z No. of bitstreams: 1 Entering_Watch_Dogs_Evaluating_Privacy_Risks_Against_Large-Scale_Facial_Search_and_Data_Collection.pdf: 2289703 bytes, checksum: 187f8a231c3c62af7e4c85d8dd854ecd (MD5)en
dc.description.provenanceMade available in DSpace on 2022-01-28T13:42:52Z (GMT). No. of bitstreams: 1 Entering_Watch_Dogs_Evaluating_Privacy_Risks_Against_Large-Scale_Facial_Search_and_Data_Collection.pdf: 2289703 bytes, checksum: 187f8a231c3c62af7e4c85d8dd854ecd (MD5) Previous issue date: 2021-07-19en
dc.identifier.doi10.1109/INFOCOMWKSHPS51825.2021.9484550en_US
dc.identifier.eisbn978-1-6654-0443-3en_US
dc.identifier.isbn978-1-6654-4714-0en_US
dc.identifier.urihttp://hdl.handle.net/11693/76890en_US
dc.language.isoEnglishen_US
dc.publisherIEEEen_US
dc.relation.isversionofhttps://dx.doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484550en_US
dc.source.titleIEEE Conference on Computer Communications Workshops, INFOCOM Wkspsen_US
dc.subjectPrivacyen_US
dc.subjectLinkage attacksen_US
dc.subjectOnline social networksen_US
dc.titleEntering watch dogs*: evaluating privacy risks against large-scale facial search and data collectionen_US
dc.typeConference Paperen_US

Files