Online Social Networks (OSNs), such as Facebook, provide users with tools to share information along with a set of privacy controls preferences to regulate the spread of information. Current privacy controls are efficient to protect content data. However, the complexity of tuning them undermine their efficiency when shielding contextual information (such as the social network structure) that many users believe being kept private. In this paper, we demonstrate the extent of the problem of information leakage in Facebook. In particular, we show the possibility of inferring, from the network "surrounding" a victim user, some information that the victim set as hidden. We developed a system, named OSSINT (Open Source Social Network INTelligence), on top of our previous tool SocialSpy, that can infer hidden information of a victim profile and retrieve private information from public one. OSSINT retrieves the friendship network of a victim and shows how it is possible to infer additional private information (e.g., personal user preferences and hobbies). Our proposed system OSSINT goes extra mile about the network topology information, i.e., predicting new friendships using the victim's friends of friends network (2-hop of distance from the victim profile), and hence possibly deduce private information of the full Facebook network. OSSINT correctly improved the previous results of SocialSpy predicting an average of 11 new friendships with peaks of 20 new friends. Moreover, OSSINT, for the considered victim profiles demonstrated how it is possible to infer real-life information such as current city, hometown, university, supposed being private.
Published in Online Social Networks and Media, vol. 6 (2018), pp. 58-68.