Take this personally: Pollution attacks on personalized services

Xinyu Xing, Wei Meng, Dan Doozan, Alex C. Snoeren, Nick Feamster, Wenke Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Scopus citations


Modern Web services routinely personalize content to appeal to the specific interests, viewpoints, and contexts of individual users. Ideally, personalization allows sites to highlight information uniquely relevant to each of their users, thereby increasing user satisfaction - and, eventually, the service's bottom line. Unfortunately, as we demonstrate in this paper, the personalization mechanisms currently employed by popular services have not been hardened against attack. We show that third parties can manipulate them to increase the visibility of arbitrary content - whether it be a new YouTube video, an unpopular product on Amazon, or a low-ranking website in Google search returns. In particular, we demonstrate that attackers can inject information into users' profiles on these services, thereby perturbing the results of the services' personalization algorithms. While the details of our exploits are tailored to each service, the general approach is likely to apply quite broadly. By demonstrating the attack against three popular Web services, we highlight a new class of vulnerability that allows an attacker to affect a user's experience with a service, unbeknownst to the user or the service provider.

Original languageEnglish (US)
Title of host publicationProceedings of the 22nd USENIX Security Symposium
PublisherUSENIX Association
Number of pages16
ISBN (Electronic)9781931971034
StatePublished - 2013
Externally publishedYes
Event22nd USENIX Security Symposium - Washington, United States
Duration: Aug 14 2013Aug 16 2013

Publication series

NameProceedings of the 22nd USENIX Security Symposium


Conference22nd USENIX Security Symposium
Country/TerritoryUnited States

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Take this personally: Pollution attacks on personalized services'. Together they form a unique fingerprint.

Cite this