Undetectable Communication: The Online Social Networks Case

Online Social Networks (OSNs) provide users with an easy way to share content, communicate, and update others about their activities. They also play an increasingly fundamental role in coordinating and amplifying grassroots movements, as demonstrated by recent uprisings in, e.g., Egypt, Tunisia, and Turkey. At the same time, OSNs have become primary targets of tracking, profiling, as well as censorship and surveillance. In this paper, we explore the notion of undetectable communication in OSNs and introduce formal definitions, alongside system and adversarial models, that complement better understood notions of anonymity and confidentiality. We present a novel scheme for secure covert information sharing that, to the best of our knowledge, is the first to achieve undetectable communication in OSNs. We demonstrate, via an open-source prototype, that additional costs are tolerably low

Virtual private blockchains : security overlays for permissioned blockchains

Blockchain technology, while maturing, is still lacking features that would be considered indispensable in real-world business applications. In particular, the lack of transaction confidentiality in a public blockchain is a challenging problem. A possible solution might be the concept of a private blockchain. However, maintaining such permissioned blockchains requires resources, depends on a central authority and contradicts the original philosophy of pioneering blockchain systems such as bitcoin. In this paper, the concept of virtual Private Blockchain(VPBC) is proposed as a mechanism to create a blockchain architecture with properties akin to those of a private blockchain, however leveraging existing public blockchain functionality. A VPBC can be set up between individuals or organisations, does not require any significant administrative maintenance, inherits all the functionality from the public blockchain, and achieves anonymity and transaction confidentiality with respect to any public blockchain node who does not belong to the VPBC. Building on this theoretical concept, it is then shown how the cryptographic technique of secret sharing can be used in order to implement a simple VPBC architecture. A proof-of-concept architecture has been created and the first experiments indicate that the creation of VPBCs for potential real-world application scenarios might be feasible

Extended U+F social network protocol: interoperability, reusability, data protection and indirect relationships in web based social networks

An interconnected world is what current technologies look for, being Web Based Social Networks (WBSNs) a promising development in this regard. Four desirable WBSN features are identified, namely, interoperability, reusability, protection against WBSNs providers and indirect relationships. A protocol, called U+F, addressed interoperability and reusability of identity data, resources and access control policies between different WBSNs. In order to address the remaining couple of features, that is, achieving the protection of data against WBSNs providers and indirect relationships management across different WBSNs, this paper presents eU+F, an extension of U+F. A prototype is developed to verify the feasibility of implementing the proposed protocol in a real environment, as well as to compare its workload regarding three well-known WBSNs, Facebook, MySpace and LinkedIn

Collateral damage of Facebook third-party applications: a comprehensive study

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers