"You Might Also Like:" Privacy Risks of Collaborative Filtering

Privacy and Security, Internet, Cloud Computing and Networks, the Internet, and Cloud Computing

Article Snapshot


Joseph Calandrino, Edward Felten, Ann Kilzer, Arvind Narayanan and Vitaly Shmatikov


2011 IEEE Symposium on Security and Privacy, pp. 231-246, 2011


When one shops online, recommender systems often display related purchases by other users. Researchers designed a cyberattack using these systems to discover what users had bought. The success of the attack shows that these systems leak information.

Policy Relevance

The use of large quantities of data drawn from private records can threaten privacy.

Main Points

  • Commercial websites such as Amazon.com use recommender systems to help consumers find related or recommended products.
  • These systems are based on “collaborative filtering,” that is, the system makes recommendations based on patterns detected by observing other users’ behavior; for example, consumers that buy item X often buy item Y.
  • Most systems use large quantities of private data aggregated from other users, but because the system displays only a list of items (but not information about users), most users do not think of these systems as a privacy risk.
  • A cyberattack can use a little information about an individual consumer and the public output of a recommender system to infer the consumer’s purchases.
    • The attacker notices the changes in the recommender’s output over time.
    • Information about individual consumers can be collected from item reviews, or social networking sites like Facebook.
    • Such an attack could be carried out by any Internet user.
  • In one attack, the attacker targets a user, creates fake users with similar transaction history, and waits for “recommended items” to appear; it is likely that these are the target user’s purchases.
  • Using similar attacks, researchers could infer private information from recommender displays. Attackers could:
    • Guess user’s answers to secret questions on Hunch with 70% accuracy.
    • Guess user’s music purchases from Last.fm with accuracy rates varying from 31% to 9%.
    • Guess several users’ purchases on Amazon.com accurately.


Get The Article

Find the full article online

Search for Full Article