skip to main content
research-article

Virtual private social networks and a facebook implementation

Published:30 September 2013Publication History
Skip Abstract Section

Abstract

The popularity of Social Networking Sites (SNS) is growing rapidly, with the largest sites serving hundreds of millions of users and their private information. The privacy settings of these SNSs do not allow the user to avoid sharing some information (e.g., name and profile picture) with all the other users. Also, no matter the privacy settings, this information is always shared with the SNS (that could sell this information or be hacked). To mitigate these threats, we recently introduced the concept of Virtual Private Social Networks (VPSNs).

In this work we propose the first complete architecture and implementation of VPSNs for Facebook. In particular, we address an important problem left unexplored in our previous research—that is the automatic propagation of updated profiles to all the members of the same VPSN. Furthermore, we made an in-depth study on performance and implemented several optimization to reduce the impact of VPSN on user experience.

The proposed solution is lightweight, completely distributed, does not depend on the collaboration from Facebook, does not have a central point of failure, it offers (with some limitations) the same functionality as Facebook, and apart from some simple settings, the solution is almost transparent to the user. Thorough experiments, with an extended set of parameters, we have confirmed the feasibility of the proposal and have shown a very limited time-overhead experienced by the user while browsing Facebook pages.

References

  1. Aimeur, E., Gambs, S., and Ho, A. 2009. Upp: User privacy policy for social networking sites. In Proceedings of the International Conference on Internet and Web Applications and Services (ICIW'09). 267--272. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Aimeur, E., Gambs, S., and Ho, A. 2010. Towards a privacy-enhanced social networking site. In Proceedings of the International Conference on Availability, Reliability, and Security (ARES'10). 172--179.Google ScholarGoogle Scholar
  3. AOL. 2011. Web page test. http://www.webpagetest.org/.Google ScholarGoogle Scholar
  4. Archiveexploits. 2012. Facebook's servers was hacked again by inj3ct0r team. http://inj3ct0r.com/exploits/13403.Google ScholarGoogle Scholar
  5. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., and Starin, D. 2009. Persona: an online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM Data Communications Festival(SIGCOMM'09). 135--146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Beato, F., Kohlweiss, M., and Wouters, K. 2011. Scramble! your social network data. In Proceedings of the 11th International Conference on Privacy Enhancing technologies (PETS'11). 211--225. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Boyd, D. M. and Ellison, N. B. 2007. Social network sites: Definition, history, and scholarship. J. Comput.-Mediated Commun. 13, 1, Article 11.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Carminati, B., Ferrari, E., Morasca, S., and Taibi, D. 2011. A probability-based approach to modeling the risk of unauthorized propagation of information in on-line social networks. In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY'11). 51--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Carzaniga, A., Rosenblum, D. S., and Wolf, A. L. 2001. Design and evaluation of a wide-area event notification service. ACM Trans. Comput. Syst. 19, 3, 332--383. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Conti, M., Hasani, A., and Crispo, B. 2011. Virtual private social networks. In ACM Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY'11). 39--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Cutillo, L. A., Molva, R., and Strufe, T. 2009. Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Comm. Mag. 47, 12, 94--101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Daniel, G., Maxwell, S., Raphael, S., and Ilya, Z. 2010. Diaspora*. http://www.joindiaspora.com/.Google ScholarGoogle Scholar
  13. De Cristofaro, E., Soriente, C., Tsudik, G., and Williams, A. 2011. Hummingbird: Privacy at the time of twitter. Cryptology ePrint Archive, Report 2011/640. http://eprint.iacr.org/.Google ScholarGoogle Scholar
  14. Durr, M., Werner, M., and Maier, M. 2010. Re-socializing online social networks. In Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & International Conference on Cyber, Physical and Social Computing (GreenCom-CPSCom'10). 786--791. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Dybwad, B. 2010. Facebook and others caught sending user data to advertisers. http://mashable.com/2010/05/20/facebook-caught-sending-user-data-to-advertisers/.Google ScholarGoogle Scholar
  16. Facebook. 2012a. http://www.facebook.com.Google ScholarGoogle Scholar
  17. Facebook. 2012b. Facebook data use policy. http://www.facebook.com/about/privacy/.Google ScholarGoogle Scholar
  18. Felt, A. and Evans, D. 2008. Privacy protection for social networking apis. In Proceedings of the Workshop on Web 2.0 Security and Privacy (W2SP'08).Google ScholarGoogle Scholar
  19. Figueiredo, R. J., Boykin, P. O., Juste, P. S., and Wolinsky, D. 2008. Integrating overlay and social networks for seamless p2p networking. In Proceedings of the IEEE International Conference on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE'08). 93--98. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Foundation, X. S. 2012. Xep-0060: Publish-subscribe. http://xmpp.org/extensions/xep-0060.html.Google ScholarGoogle Scholar
  21. Ganguly, A., Agrawal, A., Boykin, P. O., and Figueiredo, R. 2006. Ip over p2p: enabling self-configuring virtual ip networks for grid computing. In Proceedings of the International Parallel and Distributed Processing Symposium (IPDPS'06). 49--49. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Golbeck, J. 2009. Trust and nuanced profile similarity in online social networks. ACM Trans. Web 3, 12:1--12:33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Gross, R. and Acquisti, A. 2005. Information revelation and privacy in online social networks. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES'05). 71--80. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Guha, S., Tang, K., and Francis, P. 2008. Noyb: Privacy in online social networks. In Proceedings of the 1st Workshop on Online Social Networks (WOSN'08). 49--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Hasani, A. 2012. Virtual private social networks website. http://sites.google.com/site/fbprivacy2010/.Google ScholarGoogle Scholar
  26. Hay, M., Miklau, G., Jensen, D., Weis, P., and Srivastava, S. 2007. Anonymizing social networks. Tech. rep. 07-19, University of Massachusetts Amherst.Google ScholarGoogle Scholar
  27. Isode.com. 2012. M-link server. http://www.isode.com/products/m-link.html.Google ScholarGoogle Scholar
  28. Jabberes.Org. 2011. http://www.jabberes.org/servers/.Google ScholarGoogle Scholar
  29. Jin, L., Takabi, H., and Joshi, J. B. 2011. Towards active detection of identity clone attacks on online social networks. In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY'11). ACM, 27--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Kacimi, M., Ortolani, S., and Crispo, B. 2009. Anonymous opinion exchange over untrusted social networks. In Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems (SNS'09). 26--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Korolova, A., Motwani, R., Nabar, S. U., and Xu, Y. 2008. Link privacy in social networks. In Proceedings of the International Conference on Information and Knowledge Management (CIKM'08). 289--298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kumari, P., Pretschner, A., Peschla, J., and Kuhn, J.-M. 2011. Distributed data usage control for web applications: a social network implementation. In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY'11). 85--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Lucas, M. M. and Borisov, N. 2008. Flybynight: Mitigating the privacy risks of social networking. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES'08). 1--8. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Luo, W., Xie, Q., and Hengartner, U. 2009. Facecloak: An architecture for user privacy on social networking sites. In Proceedings of the International Conference on Computational Science and Engineering (CSE'09). 26--33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. McCune, J. M., Perrig, A., and Reiter, M. K. 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'05). 110--124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Mislove, A., Viswanath, B., Gummadi, K. P., and Druschel, P. 2010. You are who you know: Inferring user profiles in online social networks. In Proceedings of the ACM International Conference on Web Search and Data Mining (WSDM'10). 251--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Mozilla. 2012a. Chrome registration. https://developer.mozilla.org/en-US/docs/Chrome_Registration#content accessible.Google ScholarGoogle Scholar
  38. Mozilla. 2012b. Http requests observers. https://developer.mozilla.org/en-US/docs/Setting_HTTP_request_headers.Google ScholarGoogle Scholar
  39. Mozilla. 2012c. Observer notifications. https://developer.mozilla.org/en/Observer_Notifications.Google ScholarGoogle Scholar
  40. Mozilla. 2012d. Venkman javascript debugger project page. https://developer.mozilla.org/en-US/docs/Venkman.Google ScholarGoogle Scholar
  41. Mozilla. 2012e. Xpcom nsiprocess interface. https://developer.mozilla.org/en-US/docs/Code_snippets/Running_applications.Google ScholarGoogle Scholar
  42. Narayanan, A. and Shmatikov, V. 2009. De-anonymizing social networks. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'09). 173--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Paci, F., Mecella, M., Ouzzani, M., and Bertino, E. 2011. Acconv -- an access control model for conversational web services. ACM Trans. Web 5, 13:1--13:33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Primelife. 2011. Clique. http://clique.primelife.eu/.Google ScholarGoogle Scholar
  45. Reay, I., Dick, S., and Miller, J. 2009. A large-scale empirical study of p3p privacy policies: Stated actions vs. legal obligations. ACM Trans. Web 3, 6:1--6:34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Rowstron, A., Kermarrec, A.-M., Castro, M., and Druschel, P. 2001. Scribe: The design of a large-scale event notification infrastructure. In Proceedings of the Third International COST264 Workshop on Networked Group Communication. 30--43. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Saint-Andre, P. 2010. Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. http://xmpp.org/rfcs/rfc3921.html.Google ScholarGoogle Scholar
  48. Saint-Andre, P. 2011a. Extensible Messaging and Presence Protocol (XMPP): Core. RFC 6120.Google ScholarGoogle Scholar
  49. Saint-Andre, P. 2011b. Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. RFC 6121.Google ScholarGoogle Scholar
  50. Sorniotti, A. and Molva, R. 2010. Secret interest groups (sigs) in social networks with an implementation on Facebook. In Proceedings of the ACM Symposium on Applied Computing (SAC'10). 621--628. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Tabakoff, N. 2009. Facebook users are sitting ducks for identity theft. http://www.dailytelegraph.com.au/news/facebook-users-sitting-ducks-for-identity-theft/story-e6freuy9-122580713389/.Google ScholarGoogle Scholar
  52. TheCoccinella.Org. 2011. http://thecoccinella.org/servers/servers_by_pubsub_pep.html.Google ScholarGoogle Scholar
  53. van Amstel, B., Groeneveld, F., and Borsboom, B. 2010. Please rob me. http://pleaserobme.com/.Google ScholarGoogle Scholar
  54. Vu, L.-H., Aberer, K., Buchegger, S., and Datta, A. 2009. Enabling secure secret sharing in distributed online social networks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC'09). 419--428. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Wolfe-Wylie, W. 2010. The harm of facebook pictures. http://www.torontosun.com/life/2010/08/10/14978476.html.Google ScholarGoogle Scholar
  56. XMPP Protocol. 2011. http://xmpp.org//.Google ScholarGoogle Scholar
  57. XMPP.org. 2011. http://xmpp.org/services/.Google ScholarGoogle Scholar
  58. Young, A. L. and Quan-Haase, A. 2009. Information revelation and internet privacy concerns on social network sites: a case study of Facebook. In Proceedings of the 4th International Conference on Communities and Technologies (C&T'09). 265--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Yuksel, A. S., Yuksel, M. E., and Zaim, A. H. 2010. An approach for protecting privacy on social networks. In Proceedings of the International Conference on Systems and Networks Communications (ICSNC'10). 154--159. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Zheleva, E. and Getoor, L. 2009. To join or not to join: The illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the International World Wide Web Conference (WWW'09). 531--540. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Virtual private social networks and a facebook implementation

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!