An empirical investigation of privacy via obfuscation in social networks

Large quantities of personal profile information are available on online social networks like Facebook. This profile information can be used by an attacker to uncover a user's private attributes; in response to this, previous researchers have demonstrated how to obfuscate user profiles to reduce this attack vector. However, existing research has not yet examined the combination of network structure with profile information in this context, and the effectiveness of obfuscation techniques against that. Moreover, previous work examined the case of balanced private attribute classes like gender; inference of imbalanced classes - such as sexual orientation, which has been examined in the literature - poses additional challenges. This thesis examines these issues. We found that previous obfuscation methods were less effective in reducing inference accu- racy and in some cases not effective at all when an attacker used a combination of profile and network vectors. Extending obfuscation strategies to network structure could reduce the accuracy significantly, with just 20% obfuscation resulting in a drop in accuracy from 80% to 35%. Unlike for balanced private attribute classes, the accuracy metric produces misleading results for imbalanced classes such as sexual orientation, where the F1 measure is more suitable. We show that there is a slightly higher risk of profile- plus network-based inference in this case and that network info is particularly useful here, in line with previous work, and show that obfuscation is required on both the network and profile side to reduce F1 for the positive class by half.