ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
FlyByNight: mitigating the privacy risks of social networking
Full text PdfPdf (884 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 7th ACM workshop on Privacy in the electronic society table of contents
Alexandria, Virginia, USA
SESSION: Social networking and emerging social issues table of contents
Pages 1-8  
Year of Publication: 2008
ISBN:978-1-60558-289-4
Authors
Matthew M. Lucas  University of Illinois at Urbana-Champaign, Urbana, IL, USA
Nikita Borisov  University of Illinois at Urbana-Champaign, Urbana, IL, USA
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 116,   Downloads (12 Months): 709,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456403.1456405
What is a DOI?

ABSTRACT

Social networking websites are enormously popular, but they present a number of privacy risks to their users, one of the foremost of which being that social network service providers are able to observe and accumulate the information that users transmit through the network. We aim to mitigate this risk by presenting a new architecture for protecting information published through the social networking website, Facebook, through encryption. Our architecture makes a trade-off between security and usability in the interests of minimally affecting users' workflow and maintaining universal accessibility. While active attacks by Facebook could compromise users' privacy, our architecture dramatically raises the cost of such potential compromises and, importantly, places them within a framework for legal privacy protection because they would violate a user's reasonable expectation of privacy. We have built a prototype Facebook application implementing our architecture, addressing some of the limitations of the Facebook platform through proxy cryptography.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Acquisti, Alessandro and Ralph Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In George Danezis and Philippe Golle, editors, Workshop on Privacy Enhancing Technologies, volume 4258 of Lecture Notes in Computer Science, Cambridge, UK, June 2006. Springer.
 
2
Blaze, M., G. Bleumer, and M. Strauss. Divertible Protocols and Atomic Proxy Cryptography. Lecture notes in computer science, pages 127--144.
 
3
Felt, Adrienne, and Evans, David. Privacy Protection for Social Networking APIs. University of Virginia, 2008.
4
Keith B. Frikken , Philippe Golle, Private social network analysis: how to assemble pieces of a graph privately, Proceedings of the 5th ACM workshop on Privacy in electronic society, October 30-30, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179601.1179619]
 
5
Greasemonkey. http://www.greasespot.net, 2008.
6
Ralph Gross , Alessandro Acquisti , H. John Heinz, III, Information revelation and privacy in online social networks, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA  [doi>10.1145/1102199.1102214]
 
7
Hanewinkel, Herbert. PGP / GnuPG / OpenPGP message Encryption in JavaScript. http://www.hanewin.net/encrypt/, 2005.
 
8
Hodge, Matthew J. The Fourth Amendment and Privacy Issues on the "New" Internet: Facebook.com and MySpace.com. Southern Illinois University Law Journal.
 
9
"Hushmail -- Free Email with Privacy." Hush Communications Corp, 2008. http://www.hushmail.com.
 
10
Ivan, A. and Y. Dodis. Proxy Cryptography Revisited. Proceedings of the Network and Distributed System Security Symposium (NDSS), February, 2003.
 
11
Katz v. United States, 389 U.S. 347 (1967).
 
12
Kerr, Orin S. "A User's Guide to the Stored Communications Act and a Legislator's Guide to Amending it." George Washington University Law Review, 2004: 1208--1227.
13
Himanshu Khurana , Adam Slagell , Rafael Bonilla, SELS: a secure e-mail list service, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico  [doi>10.1145/1066677.1066752]
 
14
Laurie, Ben. Apres: A System for Anonymous Presence. http://www.apache-ssl.org/apres.pdf, 2004.
 
15
Perrig, Adrian and Dawn Song. "Hash Visualization: a New Technique to Improve Real-World Security." In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC), Hong Kong, July 1999.
 
16
Charles Reis , Steven D. Gribble , Tadayoshi Kohno , Nicholas C. Weaver, Detecting in-flight page changes with web tripwires, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.31-44, April 16-18, 2008, San Francisco, California
 
17
Signel, Ryan. "Encrypted E-mail Company Hushmail Spills to Feds." http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html, 2007.
 
18
"Scoop: Facebook Employees know what profiles you look at." Valleywag, October 10, 2007. http://valleywag.com/tech/scoop/facebook-employees-know-what-profiles-you-look-at-315901.php.
 
19
"Statistics | Facebook." Facebook Inc. http://www.facebook.com/press/info.php?statistics, 2008.
 
20
Walker, John. Javascrypt: Browser-based Cryptography Tools. http://www.fourmilab.ch/javascrypt/, 2005.
 
21
"You've Been Poked by University Police." Daily Illini, July 25, 2006. http://media.www.dailyillini.com/media/storage/paper736/news/2006/07/25/Opinions/Editorial.Youve.Been.Poked.By.University.Police-2133945.shtml

CITED BY  2
Randy Baden , Adam Bender , Neil Spring , Bobby Bhattacharjee , Daniel Starin, Persona: an online social network with user-defined privacy, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009
Mouna Kacimi , Stefano Ortolani , Bruno Crispo, Anonymous opinion exchange over untrusted social networks, Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, p.26-32, March 31-31, 2009, Nuremberg, Germany

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy

Additional Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Public key cryptosystems

  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.5 On-line Information Services
          Subjects: Commercial services; Web-based services
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.3 Group and Organization Interfaces
          Subjects: Web-based interaction


General Terms:
Legal Aspects, Security


Keywords:
privacy, social networks

Collaborative Colleagues:
Matthew M. Lucas: colleagues
Nikita Borisov: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player