Skip to Main Content
In this paper we propose a new class of attacks that exploit advertising systems offering micro targeting capabilities in order to breach user privacy. We study the advertising system offered by the world's largest online social network, Face book, and the risks that the design of the system poses to the privacy of its users. We propose, describe and provide experimental evidence of several novel approaches to exploiting the advertising system in order to obtain private user information. We communicated our findings to Face book on July 13, 2010, and received a prompt response. On July 20, 2010, Face book launched a change to their advertising system that made the kind of attacks we describe more difficult but not impossible to implement.