Management Information Systems Quarterly


User privacy protection is a vital issue of concern for online social networks (OSNs). Even though users often intentionally hide their private information in OSNs, since adversaries may conduct prediction attacks to predict hidden information using advanced machine learning techniques, private information that users intend to hide may still be at risk of being exposed. Taking the current city listed on Facebook profiles as a case, we propose a solution that estimates and manages the exposure risk of users’ hidden information. First, we simulate an aggressive prediction attack using advanced state-of-the-art machine learning algorithms by proposing a new current city prediction framework that integrates location indications based on various types of information exposed by users, including demographic attributes, behaviors, and relationships. Second, we study prediction attack results to model patterns of prediction correctness (as correct predictions lead to information exposures) and construct an exposure risk estimator. The proposed exposure risk estimator has the ability not only to notify users of exposure risks related to their hidden current city but can also help users mitigate exposure risks by overhauling and selecting countermeasures. Moreover, our exposure risk estimator can improve the privacy management of OSNs by facilitating empirical studies on the exposure risks of OSN users as a group. Taking the current city as a case, this work offers insight on how to protect other types of private information against machine-learning prediction attacks and reveals several important implications for both practice management and future research.