Exploiting Autocorrect to Attack Privacy
Text prediction algorithms present in many devices use machine learning to help a user type but they also present the opportunity to leak information about the user. This raises privacy and security concerns for users that are trying to remain anonymous. We present an attack inspired by IND–CPA to demonstrate how autocorrect could be used to identify a user. We show that, with prior knowledge of the user, they could be identified with as little as 512 kB of written text with a probability of 95%.
- 2.Grover, D., King, M., Kuschler, C.: Patent no. US5818437, reduced keyboard disambiguating computer. Tegic communications, Inc., Seattle (1998)Google Scholar
- 5.Palacios, R.: Autocomplete or: how I learned to stop spelling and love our AI overlords. https://github.com/rodricios/autocomplete. Accessed 29 Jan 2016
- 6.Norvig, P.: How to write a spelling corrector. http://norvig.com/spell-correct.html. Accessed 29 Jan 2016
- 7.Graham-Cumming, J.: Naive Bayesian text classification. Dr. Dobb’s J. 372, 16–20 (2005)Google Scholar