research-article

Lockr: better privacy for social networks

Authors:

Amin Tootoonchian,

Yashar Ganjali,

Alec WolmanAuthors Info & Claims

CoNEXT '09: Proceedings of the 5th international conference on Emerging networking experiments and technologies

Pages 169 - 180

https://doi.org/10.1145/1658939.1658959

Published: 01 December 2009 Publication History

Abstract

Today's online social networking (OSN) sites do little to protect the privacy of their users' social networking information. Given the highly sensitive nature of the information these sites store, it is understandable that many users feel victimized and disempowered by OSN providers' terms of service. This paper presents Lockr, a system that improves the privacy of centralized and decentralized online content sharing systems. Lockr offers three significant privacy benefits to OSN users. First, it separates social networking content from all other functionality that OSNs provide. This decoupling lets users control their own social information: they can decide which OSN provider should store it, which third parties should have access to it, or they can even choose to manage it themselves. Such flexibility better accommodates OSN users' privacy needs and preferences. Second, Lockr ensures that digitally signed social relationships needed to access social data cannot be re-used by the OSN for unintended purposes. This feature drastically reduces the value to others of social content that users entrust to OSN providers. Finally, Lockr enables message encryption using a social relationship key. This key lets two strangers with a common friend verify their relationship without exposing it to others, a common privacy threat when sharing data in a decentralized scenario.

This paper relates Lockr's design and implementation and shows how we integrate it with Flickr, a centralized OSN, and BitTorrent, a decentralized one. Our implementation demonstrates Lockr's critical primary benefits for privacy as well as its secondary benefits for simplifying site management and accelerating content delivery. These benefits were achieved with negligible performance cost and overhead.

References

[1]

M. Aspan. How sticky is membership on facebook? just try breaking free, 11 February 2008. New York Times.

[2]

R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An online social network with user-defined privacy. In Proc. of SIGCOMM, 2009.

Digital Library

[3]

BBC News. Brown apologises for records loss, November 2007. http://news.bbc.co.uk/1/hi/uk_politics/7104945.stm.

[4]

V. Berstis. Security and protection of data in the ibm system/38. In Proc. of the 7th Annual Symposium on Computer Architecture (ISCA), La Baule, France, May 1980.

Digital Library

[5]

A. Bhora, S. Smaldone, and L. Iftode. FRAC: Implementing role-based access control for network file systems. In Proc. of the 6th IEEE Symposium on Network Computing and Applications (NCA), Baltimore, MD, July 2007.

[6]

S. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. The MIT Press, 2000.

Digital Library

[7]

S. Buchegger and A. Datta. A case for p2p infrastructure for social networks - opportunities and challenges. In In 6th International Conference on Wireless On-demand Network Systems and Services (WONS), Snowbird, UT, Feb. 2009.

Digital Library

[8]

J. Camenisch and A. Lysyanskaya. Signature schemes with efficient protocols. In 3rd International Conference on Security in Communication Networks (SCN), Amalfi, Italy, September 2002.

Digital Library

[9]

D. Clarke. SPKI/SDSI HTTP server/certificate chain discovery in SPKI/SDSI, September 2001. Masters thesis, Massachusetts Institute of Technology.

[10]

E. Cohen and D. Jefferson. Protection in the hydra operating system. In Proc. of the 5th Symp. on Operating Systems Principles (SOSP), Austin, TX, November 1975.

Digital Library

[11]

L. A. Cutillo, R. Molva, and T. Strufe. Privacy preserving social networking through decentralization. In In 6th International Conference on Wireless On-demand Network Systems and Services (WONS), Snowbird, UT, Feb. 2009.

Digital Library

[12]

J. B. Dennis and E. C. V. Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9:143--155, March 1966.

Digital Library

[13]

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. Spki certificate documentation, 2001. http://world.std.com/~cme/html/spki.html.

[14]

Facebook Developers WiKi. Data Store API Documentation, 2008. http://wiki.developers.facebook.com/index.php/Data_Store_API_documentation.

[15]

U. Feige and A. Shamir. Witness indistinguishable and witness hiding protocols. In Proceedings of the ACM Symposium on Theory of Computing (STOC), Baltimore, MD, May 1990.

Digital Library

[16]

D. F. Ferraiolo and D. R. Kuhn. Role-based access controls. In Proceedings of the 15th National Security Conference, Baltimore, MD, October 1992.

[17]

M. J. Freedman and A. Nicolosi. Efficient private techniques for verifying social proximity. In Proc. of 6th Workshop on P2P Systems, Bellevue, WA, Feb 2007.

[18]

S. Garriss, M. Kaminsky, M. J. Freedman, B. Karp, D. Mazieres, and H. Yu. Re: Reliable email. In Proceedings of the 3rd Symposium on Networked Systems Design and Implementation (NSDI), San Jose, CA, May 2006.

Digital Library

[19]

R. Geambasu, M. Balazinska, S. D. Gribble, and H. M. Levy. Homeviews: Peer-to-peer middleware for personal data sharing applications. In Proc. of SIGMOD Conference on Management of Data, Beijing, China, June 2007.

Digital Library

[20]

S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. In Proceedings of the 17th Symposium on the Theory of Computation, Providence, Rhode Island, May 1985.

Digital Library

[21]

S. Goldwasser and E. Waisbard. Efficient transformation of well known signature schemes into designated confirmer signature schemes. Technical Report MCS03-13, The Weizmann Institute of Science, 2003.

[22]

S. Guha, K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. In Proceedings of the 1st ACM Sigcomm Workshop on Online Social Networks (WOSN), Seattle, WA, USA, August 2008.

Digital Library

[23]

P. J. Keleher, N. Spring, and B. Bhattacharjee. Chit-based access control. Technical Report CS-TR-4878, University of Maryland at College Park, 2007.

[24]

B. Krishnamurthy and C. Wills. On the leakage of personally identifiable information via online social networks. In Proceedings of the 2nd ACM Sigcomm Workshop on Online Social Networks (WOSN), Barcelona, Spain, August 2009.

Digital Library

[25]

H. M. Levy. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA, 1984.

Digital Library

[26]

D. L. Mills. RFC 1305: Network Time Protocol (Version 3) Specification, Implementation and Analysis, 1992. http://tools.ietf.org/html/rfc1305.

Digital Library

[27]

A. Noyes. Facebook averts ftc privacy complaint, 23 February 2009. Tech Daily Dose.

[28]

OpenID. OpenID, 2008. http://openid.net/.

[29]

A. Perrig, R. Canetti, D. Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium (NDSS), pages 35--46, Feb. 2001.

[30]

B. C. Popescu, B. Crispo, and A. S. Tanenbaum. A certificate revocation scheme for a large-scale highly replicated distributed system. In Proc. of the 8th Symp. on Computers and Communications (ISCC), Kemer, Turkey, July 2003.

Digital Library

[31]

A. Ramachandran and N. Feamster. Authenticated out-of-band communication over social links. In Proc. of the 1st ACM SIGCOMM Workshop on Online Social Networks (WOSN), Seattle, WA, August 2008.

Digital Library

[32]

R. L. Rivest and B. Lampson. SDSI 2.0 - a simple distributed security infrastructure, 1997. http://groups.csail.mit.edu/cis/sdsi.html.

[33]

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21:120--126, 1978.

Digital Library

[34]

B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley; 2nd edition, 1995.

Digital Library

[35]

A. Shakimov, A. Varshavsky, L. Cox, and R. Caceres. Privacy, cost, and availability tradeoffs in decentralized osns. In Proceedings of the Workshop on Online Social Networks (WOSN), Barcelona, Spain, Aug 2009.

Digital Library

[36]

M. Slot. Beginner's guide to OpenID phishing. http://openid.marcoslot.net/.

[37]

B. Stone and B. Stelter. Facebook withdraws changes in data use, 18 February 2009. New York Times.

[38]

T. Ullyot. Results of the inaugural facebook site governance vote, 23 April 2009. Facebook.

[39]

J. Vascellaro. Facebook's about-face on data, 19 February 2009. Wall Street Journal.

Cited By

Ernala SYang SWu YChen RWells KDas S(2021)Exploring the Utility Versus Intrusiveness of Dynamic Audience Selection on FacebookProceedings of the ACM on Human-Computer Interaction10.1145/34760835:CSCW2(1-30)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476083
Kumar CBharati TPrakash S(2021)Online Social Network Security: A Comparative Review Using Machine Learning and Deep LearningNeural Processing Letters10.1007/s11063-020-10416-3Online publication date: 5-Jan-2021
https://doi.org/10.1007/s11063-020-10416-3
Asim YMalik A(2020)A Survey on Access Control Techniques for Social NetworksInformation Diffusion Management and Knowledge Sharing10.4018/978-1-7998-0417-8.ch016(319-342)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-0417-8.ch016
Show More Cited By

Lockr: better privacy for social networks
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Preventing sensitive relationships disclosure for better social media preservation

A fundamental aspect of all social networks is information sharing. It is one of the most common forms of online interaction that is tightly associated with social media preservation and information disclosure. As such, information sharing is commonly ...
My Friend Leaks My Privacy: Modeling and Analyzing Privacy in Social Networks
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

With the dramatically increasing participation in online social networks (OSNs), huge amount of private information becomes available on such sites. It is critical to preserve users' privacy without preventing them from socialization and sharing. ...
Privacy in social networks

The only way to be aware of the risks and threats of Facebook, the most commonly used social networking site in the world and Turkey, is to be a careful user changing the default settings or simply not to have a Facebook account. In Turkey, there is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CoNEXT '09: Proceedings of the 5th international conference on Emerging networking experiments and technologies

December 2009

362 pages

ISBN:9781605586366

DOI:10.1145/1658939

General Chairs:
Jörg Liebeherr
University of Toronto, Canada
,
Giorgio Ventre
University of Napoli, Italy
,
Program Chairs:
Ernst Biersack
Eurecom, France
,
S. Keshav
University of Waterloo, Canada

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Co-NEXT '09

Sponsor:

SIGCOMM

Co-NEXT '09: Conference on emerging Networking EXperiments and Technologies

December 1 - 4, 2009

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 198 of 789 submissions, 25%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
1,479
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)6

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ernala SYang SWu YChen RWells KDas S(2021)Exploring the Utility Versus Intrusiveness of Dynamic Audience Selection on FacebookProceedings of the ACM on Human-Computer Interaction10.1145/34760835:CSCW2(1-30)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3476083
Kumar CBharati TPrakash S(2021)Online Social Network Security: A Comparative Review Using Machine Learning and Deep LearningNeural Processing Letters10.1007/s11063-020-10416-3Online publication date: 5-Jan-2021
https://doi.org/10.1007/s11063-020-10416-3
Asim YMalik A(2020)A Survey on Access Control Techniques for Social NetworksInformation Diffusion Management and Knowledge Sharing10.4018/978-1-7998-0417-8.ch016(319-342)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-0417-8.ch016
Malik AEmmanuel NZafar SKhattak HRaza BKhan SAl-Bayatti AAlassafi MAlfakeeh AAlqarni M(2020)From Conventional to State-of-the-Art IoT Access Control ModelsElectronics10.3390/electronics91016939:10(1693)Online publication date: 15-Oct-2020
https://doi.org/10.3390/electronics9101693
Boshrooyeh SKüpçü AÖzkasap Ö(2020)PrivadoACM Transactions on Privacy and Security10.1145/338615423:3(1-36)Online publication date: 6-Jun-2020
https://dl.acm.org/doi/10.1145/3386154
Guo GZhu YYu RChu WMa D(2020)A Privacy-Preserving Framework With Self-Governance and Permission Delegation in Online Social NetworksIEEE Access10.1109/ACCESS.2020.30160418(157116-157129)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3016041
Yan WWu XLiu F(2019)Progressive Scrambling for Social MediaCensorship, Surveillance, and Privacy10.4018/978-1-5225-7113-1.ch106(2133-2152)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7113-1.ch106
Abdulla ABakiras SKerschbaum FMashatan ANiu JLee A(2019)HITCProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325104(123-134)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325104
Elmendili FMoustir AEl Bouzekri El Idrissi Y(2019)New Privacy Defence Methodologies and Techniques Over Social NetworksInnovations in Smart Cities Applications Edition 210.1007/978-3-030-11196-0_61(742-756)Online publication date: 7-Feb-2019
https://doi.org/10.1007/978-3-030-11196-0_61
Wu XYan WLiu F(2018)Progressive Scrambling for Social MediaInternational Journal of Digital Crime and Forensics10.4018/IJDCF.201804010410:2(56-73)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.4018/IJDCF.2018040104
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents