ACADEMIC ARTICLE SUMMARY

"You Might Also Like:" Privacy Risks of Collaborative Filtering

2011 IEEE Symposium on Security and Privacy, pp. 231-246, 2011
2 minute read
Written By:

Ann Kilzer

Ann Kilzer

Arvind Narayanan

Arvind Narayanan

Joseph Calandrino

Joseph Calandrino

Vitaly Shmatikov

Vitaly Shmatikov

Search for the full article on Bing

ARTICLE SUMMARY

When one shops online, recommender systems often display related purchases by other users. Researchers designed a cyberattack using these systems to discover what users had bought. The success of the attack shows that these systems leak information.

POLICY RELEVANCE

The use of large quantities of data drawn from private records can threaten privacy.

KEY TAKEAWAYS

  • Commercial websites such as Amazon.com use recommender systems to help consumers find related or recommended products.
  • These systems are based on “collaborative filtering,” that is, the system makes recommendations based on patterns detected by observing other users’ behavior; for example, consumers that buy item X often buy item Y.
  • Most systems use large quantities of private data aggregated from other users, but because the system displays only a list of items (but not information about users), most users do not think of these systems as a privacy risk.
  • A cyberattack can use a little information about an individual consumer and the public output of a recommender system to infer the consumer’s purchases.
    • The attacker notices the changes in the recommender’s output over time.
    • Information about individual consumers can be collected from item reviews, or social networking sites like Facebook.
    • Such an attack could be carried out by any Internet user.
  • In one attack, the attacker targets a user, creates fake users with similar transaction history, and waits for “recommended items” to appear; it is likely that these are the target user’s purchases.
  • Using similar attacks, researchers could infer private information from recommender displays. Attackers could:
    • Guess user’s answers to secret questions on Hunch with 70% accuracy.
    • Guess user’s music purchases from Last.fm with accuracy rates varying from 31% to 9%.
    • Guess several users’ purchases on Amazon.com accurately.

QUOTE

TAGS

Edward Felten

About Edward Felten

Professor Edward Felten's research interests include computer security and privacy, and public policy issues relating to information technology. Specific topics include software security, Internet security, electronic voting, cybersecurity policy, technology for government transparency, network neutrality and Internet policy.

Read full Bio

See more with Edward Felten

Related Academic Articles

See All Article Summaries