New Web 2.0 applications, with their emphasis on collaboration and communication, hold the promise of major advances in social connectivity and coordination; however, they also increase the threats to user privacy. An important, yet under-researched privacy risk results from social inferences about user identity, location, and activities. In this paper, we frame the 'social inference problem'. We then present the results from a 292 subject experiment that highlights: 1) the prevalence of social inference risks; 2) people's difficulties in accurately predicting social inference risks; and 3) the relation between information entropy and social inference. We also show how to predict possible social inferences by modeling users' background knowledge and calculating information entropy and discuss how social inference support systems can be deployed that protect user privacy.