Online Social Networks are becoming the most important "places" where people share information about their lives. With the increasing concern that users have about privacy, most social networks offer ways to control the privacy of the user. Unfortunately, we believe that current privacy settings are not as effective as users might think. In this paper, we highlight this problem focusing on one of the most popular social networks, Facebook. In particular, we show how easy it is to retrieve information that a user might have set as (and hence thought as) "private". As a case study, we focus on retrieving the list of friends for users that did set this information as "hidden" (to non-friends). We propose four different strategies to achieve this goal, and we evaluate them. The results of our thorough experiments show the feasibility of our strategies as well as their effectiveness: our approach is able to retrieve a significant percentage of the names of the "hidden" friends: i.e., some 25% on average, and more than 70% for some users.
Published in Proceedings of the 9th International Conference on Risks and Security of Internet and Systems (CRiSIS 2014); Trento, Italy; August 27-29, 2014.