Not Recommended
I had the chance to read a recent paper on the privacy risks of collaborative filtering. These are the types of systems which provide recommendations and suggestions based on other users' activity, such as products bought or looked at.
The paper "You Might Also Like:" Privacy Risks of Collaborative Filtering by Joseph A. Calandrino, Ann Kilzer, Arvind Narayanan, Edward W. Felten and Vitaly Shmatikov is summarised on Joseph Calandrino's blog, but describes inference of individual transactions from the outputs of collaborative filtering systems, thus revealing information without a user's knowledge or consent.
The approach described in the paper does not require the creation of fake user accounts or enter purchases or ratings into the target systems, and it does not assume the target user's transactions are available in either an identifiable or anonymised form. Instead the algorithm monitors changes to the recommender systems over a period of time, which when combined with auxilliary information, can be used to infer some of the target user's previous transactions i.e. not to predict future events but to infer past events.
There is some fairly serious mathematics in the paper, but don't let that put you off reading the rest of the paper.
I wonder if this approach could be used to infer answers in personal knowledge question based password recovery functions?
Posted on: 21 June 2011 at 22:14 hrs
Comments are filtered automatically and should appear shortly after they been checked.