research-article

FlyByNight: mitigating the privacy risks of social networking

Authors:

Matthew M. Lucas,

Nikita BorisovAuthors Info & Claims

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

Pages 1 - 8

https://doi.org/10.1145/1456403.1456405

Published: 27 October 2008 Publication History

Abstract

Social networking websites are enormously popular, but they present a number of privacy risks to their users, one of the foremost of which being that social network service providers are able to observe and accumulate the information that users transmit through the network. We aim to mitigate this risk by presenting a new architecture for protecting information published through the social networking website, Facebook, through encryption. Our architecture makes a trade-off between security and usability in the interests of minimally affecting users' workflow and maintaining universal accessibility. While active attacks by Facebook could compromise users' privacy, our architecture dramatically raises the cost of such potential compromises and, importantly, places them within a framework for legal privacy protection because they would violate a user's reasonable expectation of privacy. We have built a prototype Facebook application implementing our architecture, addressing some of the limitations of the Facebook platform through proxy cryptography.

References

[1]

Acquisti, Alessandro and Ralph Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In George Danezis and Philippe Golle, editors, Workshop on Privacy Enhancing Technologies, volume 4258 of Lecture Notes in Computer Science, Cambridge, UK, June 2006. Springer.

Digital Library

[2]

Blaze, M., G. Bleumer, and M. Strauss. Divertible Protocols and Atomic Proxy Cryptography. Lecture notes in computer science, pages 127--144.

[3]

Felt, Adrienne, and Evans, David. Privacy Protection for Social Networking APIs. University of Virginia, 2008.

[4]

Frikken, Keith and Philippe Golle. Private Social Network Analysis: How to Assemble Pieces of a Graph Privately. In Roger Dingledine and Ting Yu, editors, Workshop on Privacy in Electronic Society, pages 89--97, New York, NY, 2006. ACM.

Digital Library

[5]

Greasemonkey. http://www.greasespot.net, 2008.

[6]

Gross, Ralph, Alessandro Acquisti, and H. John Heinz III. Information Revelation and Privacy in Online Social Networks. Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, 2005, p. 71--80.

Digital Library

[7]

Hanewinkel, Herbert. PGP / GnuPG / OpenPGP message Encryption in JavaScript. http://www.hanewin.net/encrypt/, 2005.

[8]

Hodge, Matthew J. The Fourth Amendment and Privacy Issues on the "New" Internet: Facebook.com and MySpace.com. Southern Illinois University Law Journal.

[9]

"Hushmail -- Free Email with Privacy." Hush Communications Corp, 2008. http://www.hushmail.com.

[10]

Ivan, A. and Y. Dodis. Proxy Cryptography Revisited. Proceedings of the Network and Distributed System Security Symposium (NDSS), February, 2003.

[11]

Katz v. United States, 389 U.S. 347 (1967).

[12]

Kerr, Orin S. "A User's Guide to the Stored Communications Act and a Legislator's Guide to Amending it." George Washington University Law Review, 2004: 1208--1227.

[13]

Khurana, Himanshu, Adam Slagell, and Rafael Bonilla. SELS: A Secure E-mail List Service. In Security Track of the ACM Symposium on Applied Computing (SAC), March 2005.

Digital Library

[14]

Laurie, Ben. Apres: A System for Anonymous Presence. http://www.apache-ssl.org/apres.pdf, 2004.

[15]

Perrig, Adrian and Dawn Song. "Hash Visualization: a New Technique to Improve Real-World Security." In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC), Hong Kong, July 1999.

[16]

Reis, Charles, Steven D. Gribble, Tadayoshi Kohno, and Nicholas C. Weaver. "Detecting In-Flight Page Changes with Web Tripwires." Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI '08), San Francisco, CA, April 2008.

Digital Library

[17]

Signel, Ryan. "Encrypted E-mail Company Hushmail Spills to Feds." http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html, 2007.

[18]

"Scoop: Facebook Employees know what profiles you look at." Valleywag, October 10, 2007. http://valleywag.com/tech/scoop/facebook-employees-know-what-profiles-you-look-at-315901.php.

[19]

"Statistics | Facebook." Facebook Inc. http://www.facebook.com/press/info.php?statistics, 2008.

[20]

Walker, John. Javascrypt: Browser-based Cryptography Tools. http://www.fourmilab.ch/javascrypt/, 2005.

[21]

"You've Been Poked by University Police." Daily Illini, July 25, 2006. http://media.www.dailyillini.com/media/storage/paper736/news/2006/07/25/Opinions/Editorial.Youve.Been.Poked.By.University.Police-2133945.shtml

Cited By

Kolenbrander JHusmann EHenshaw CRheault EBoswell MMichaels A(2024)Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy ExperimentationJournal of Cybersecurity and Privacy10.3390/jcp40300264:3(546-571)Online publication date: 11-Aug-2024
https://doi.org/10.3390/jcp4030026
Sathiya Devi SIndhumathi R(2023)Enhancing privacy for automatically detected quasi identifier using data anonymizationWeb Intelligence10.3233/WEB-22182321:1(71-91)Online publication date: 22-Mar-2023
https://doi.org/10.3233/WEB-221823
Yadav THales JSeamons KYin HStavrou ACremers CShi E(2022)PosterProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3563541(3499-3501)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3563541
Show More Cited By

Index Terms

FlyByNight: mitigating the privacy risks of social networking

Recommendations

Preventing sensitive relationships disclosure for better social media preservation

A fundamental aspect of all social networks is information sharing. It is one of the most common forms of online interaction that is tightly associated with social media preservation and information disclosure. As such, information sharing is commonly ...
Lockr: better privacy for social networks
CoNEXT '09: Proceedings of the 5th international conference on Emerging networking experiments and technologies

Today's online social networking (OSN) sites do little to protect the privacy of their users' social networking information. Given the highly sensitive nature of the information these sites store, it is understandable that many users feel victimized and ...
Graph publication when the protection algorithm is available

With the popularity of social networks, the privacy issues related with social network data become more and more important. The connection information between users, as well as their sensitive attributes, should be protected. There are some proposals ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

October 2008

128 pages

ISBN:9781605582894

DOI:10.1145/1456403

General Chair:
Vijay Atluri
Rutgers University, USA
,
Program Chair:
Marianne Winslett
University of Illinois at Urbana-Champaign, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27, 2008

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

126
Total Citations
View Citations
3,892
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kolenbrander JHusmann EHenshaw CRheault EBoswell MMichaels A(2024)Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy ExperimentationJournal of Cybersecurity and Privacy10.3390/jcp40300264:3(546-571)Online publication date: 11-Aug-2024
https://doi.org/10.3390/jcp4030026
Sathiya Devi SIndhumathi R(2023)Enhancing privacy for automatically detected quasi identifier using data anonymizationWeb Intelligence10.3233/WEB-22182321:1(71-91)Online publication date: 22-Mar-2023
https://doi.org/10.3233/WEB-221823
Yadav THales JSeamons KYin HStavrou ACremers CShi E(2022)PosterProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3563541(3499-3501)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3563541
Logas JSchlesinger ALi ZDas S(2022)Image DePO: Towards Gradual Decentralization of Online Social Networks using Decentralized Privacy OverlaysProceedings of the ACM on Human-Computer Interaction10.1145/35129076:CSCW1(1-28)Online publication date: 7-Apr-2022
https://dl.acm.org/doi/10.1145/3512907
Mohammad Safi SMovaghar AGhorbani M(2022)Privacy protection scheme for mobile social networkJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2022.05.01134:7(4062-4074)Online publication date: Jul-2022
https://doi.org/10.1016/j.jksuci.2022.05.011
Li YZhou FGe YXu Z(2021)Privacy-Enhancing k-Nearest Neighbors Search over Mobile Social NetworksSensors10.3390/s2112399421:12(3994)Online publication date: 9-Jun-2021
https://doi.org/10.3390/s21123994
Prajapati AGupta S(2021)A Survey : Data Mining and Machine Learning Methods for Cyber SecurityInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT217212(24-34)Online publication date: 1-Mar-2021
https://doi.org/10.32628/CSEIT217212
Zhang SYao TArthur Sandor VWeng TLiang WSu J(2021)A novel blockchain-based privacy-preserving framework for online social networksConnection Science10.1080/09540091.2020.1854181(1-21)Online publication date: 7-Jan-2021
https://doi.org/10.1080/09540091.2020.1854181
Safi SMovaghar ASafikhani Mahmoodzadeh K(2021)A Framework for Protecting Privacy on Mobile Social NetworksMobile Networks and Applications10.1007/s11036-021-01761-1Online publication date: 29-May-2021
https://doi.org/10.1007/s11036-021-01761-1
Schillinger FSchindelhauer C(2021)Concealed Communication in Online Social NetworksApplied Cryptography in Computer and Communications10.1007/978-3-030-80851-8_9(117-137)Online publication date: 5-Jul-2021
https://doi.org/10.1007/978-3-030-80851-8_9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten