Ahmadinejad, Seyed HosseinAnwar, MohdFong, Philip2010-11-012010-11-012010-11-01http://hdl.handle.net/1880/48251We study inference attacks that can be launched via the extension API of Facebook. We explain the threat of these attacks through a reduction to authentication attacks, devise a taxonomy for such attacks, and propose a risk metric to help subscribers of third-party applications refine their privacy expectations.engFacebookPrivacySocial Network Systems, Inference Attackstechnical report2010-982-3110.11575/PRISM/30600