Abstract
Usernames are ubiquitously used for identification and authentication purposes on web services and the Internet at large, ranging from the local-part of email addresses to identifiers in social networks. Usernames are generally alphanumerical strings chosen by the users and, by design, are unique within the scope of a single organization or web service. In this paper we investigate the feasibility of using usernames to trace or link multiple profiles across services that belong to the same individual. The intuition is that the probability that two usernames refer to the same physical person strongly depends on the “entropy” of the username string itself. Our experiments, based on usernames gathered from real web services, show that a significant portion of the users’ profiles can be linked using their usernames. In collecting the data needed for our study, we also show that users tend to choose a small number of related usernames and use them across many services. To the best of our knowledge, this is the first time that usernames are considered as a source of information when profiling users on the Internet.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Scrapers dig deep for data on web, http://online.wsj.com/article/SB1000142405274870335804575544381288117888.html
Balduzzi, M., Platzer, C., Holz, T., Kirda, E., Balzarotti, D., Kruegel, C.: Abusing social networks for automated user profiling. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, Springer, Heidelberg (2010)
Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All your contacts are belong to us: Automated identity theft attacks on social networks. In: 18th International World Wide Web Conference, pp. 551–560 (2009)
Cohen, W.W., Ravikumar, P., Fienberg, S.E.: A comparison of string distance metrics for name-matching tasks. In: Proceeding of IJCAI 2003 Workshop on Information Integrtation, pp. 73–78 (August 2003)
Cover, T.M., Thomas, J.A.: Elements of information theory. Wiley-Interscience, New York (1991)
Dell’Amico, M., Michiardi, P., Roudier, Y.: Measuring password strength: An empirical analysis
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010)
Elmagarmid, A.K., Ipeirotis, P.G., Verykios, V.S.: Duplicate record detection: A survey. IEEE Transactions on Knowledge and Data Engineering 19, 1–16 (2007)
Irani, D., Webb, S., Li, K., Pu, C.: Large online social footprints–an emerging threat. In: CSE 2009: Proceedings of the 2009 International Conference on Computational Science and Engineering, pp. 271–276. IEEE Computer Society Press, Washington, DC, USA (2009)
Jones, K.S.: A statistical interpretation of term specificity and its application in retrieval. Journal of Documentation 28, 11–21 (1972)
jr. Hussey. M.P., Baranov, P., McArdle, T., Boesenberg, T., Duggal, B.: personal information aggregator. Patent application number 20100010993 (2010), http://www.faqs.org/patents/app/20100010993.
Manning, C.D., Schuetze, H.: Foundations of Statistical Natural Language Processing, 1st edn. The MIT Press, Cambridge (1999)
Narayanan, A.: Fast dictionary attacks on passwords using time-space tradeoff. In: ACM Conference on Computer and Communications Security, pp. 364–372. ACM Press (2005)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks, pp. 173–187. IEEE Computer Society Press, Los Alamitos
Shannon, C.E.: Prediction and entropy of printed english. Bell Systems Technical Journal 30, 50–64 (1951)
Tata, S., Patel, J.M.: Estimating the selectivity of tf-idf based cosine similarity predicates. SIGMOD Rec. 36(6), 7–12 (2007)
von Ahn, L., Blum, M., Hopper, N., Langford, J.: Captcha: Using hard ai problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 646–646. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Perito, D., Castelluccia, C., Kaafar, M.A., Manils, P. (2011). How Unique and Traceable Are Usernames?. In: Fischer-Hübner, S., Hopper, N. (eds) Privacy Enhancing Technologies. PETS 2011. Lecture Notes in Computer Science, vol 6794. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22263-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-22263-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22262-7
Online ISBN: 978-3-642-22263-4
eBook Packages: Computer ScienceComputer Science (R0)