Traffic Analysis Attack on Google+ Circles

I wrote yesterday about my first impressions with the Google Plus social network.  One of the things I really like is the ability to segment my social graph into circles and share content with subsets of the people I know.  When you place someone into a Google+ Circle the person knows that they are in one of your circles but the system does not tell them which one.  Which is good.  It would be awkward to have to explain why I chose to place someone in a very restricted circle.

But it turns out that you can glean some knowledge about what circles a friend may have added you to.  When items are shared on Google Plus it will show the visibility level of the item.  The choices I've seen so far are Public and Limited.  If the item is Limited you can click and see with whom that item has been shared.  If I have some knowledge of my connection's social network, I can look at the list of people with which an item is shared and guess about which circles I might be a member of.  For example if everything they post is shared with everyone else they know on Google Plus, the two possibilities are that they share everything with everyone or else I am not a member of any of their more restrictive circles.

If I see that a coworker has shared an item with me and all my other coworkers it implies I am a member of their professional relationships circle.  That doesn't preclude the possibility that I might also be a member of other circles but if the only content I ever see has either unlimited distribution or only me and my coworkers I can guess my membership.

To gather this kind of data requires the target to be active enough in posting to Google+ to have a corpus of shared data to view the sharing visibility.  And without other techniques such as looking for comments from third parties mentioning content that I didn't see, this technique will only help me understand what circles I might be a member of and not, by itself, reveal any information about Circles to which I do not belong.  The other caveat is that content can be shared with multiple circles so when I look at the visibility I may be seeing a union of multiple sets but having a large corpus of content would help identify that and could lead to identification of circles of which I am not a member.

Still I hadn't seen anything written about this yet, so I thought I'd write it up.