A group of researchers from Princeton, Stanford and UT Austin have published "You Might Also Like:" Privacy Risks of Collaborative Filtering, presenting it at the 2011 IEEE Symposium on Security and Privacy. They describe attacks on recommendation systems (such as Amazon's "People who bought this also bought…") that can be used to draw potentially damaging inferences about their users. It's a good demonstration of the subtle difficulties associated with anonymity and privacy in the public systems of the Internet.
Although item similarity is only indirectly related to individual transactions, we determined that temporal changes in item similarity lists or scores can reveal details of those transactions. If you're a Mozart fan and you listen to a Justin Bieber song, this choice increases the perceived similarity between Justin Bieber and Mozart. Because similarity lists and scores are based on perceived similarity, your action may result in changes to these scores or lists.
Suppose that an attacker knows some of your past purchases on a site: for example, past item reviews, social networking profiles, or real-world interactions are a rich source of information. New purchases will affect the perceived similarity between the new items and your past purchases, possibility causing visible changes to the recommendations provided for your previously purchased items. We demonstrate that an attacker can leverage these observable changes to infer your purchases. Among other things, these attacks are complicated by the fact that multiple users simultaneously interact with a system and updates are not immediate following a transaction.
"You Might Also Like:" Privacy Risks of Collaborative Filtering (Freedom to Tinker blog)
"You Might Also Like:" Privacy Risks of Collaborative Filtering (PDF)
