Communications of the ACM
Antisocial Networks: Turning a Social Network into a Botnet
ISC '08 Proceedings of the 11th international conference on Information Security
FlyByNight: mitigating the privacy risks of social networking
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Beyond User-to-User Access Control for Online Social Networks
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
FaceCloak: An Architecture for User Privacy on Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Privacy preserving social networking through decentralization
WONS'09 Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Preserving user privacy from third-party applications in online social networks
Proceedings of the 22nd international conference on World Wide Web companion
Appinspect: large-scale evaluation of social networking apps
Proceedings of the first ACM conference on Online social networks
Hi-index | 0.24 |
Online social networks such as Facebook, MySpace, and Orkut store large amounts of sensitive user data. While a user can legitimately assume that a social network provider adheres to strict privacy standards, we argue that it is unwise to trust third-party applications on these platforms in the same way. Although the social network provider would be in the best position to implement fine-grained access control for third party applications directly into the platform, such mechanisms are still missing. Furthermore, recent press releases do not indicate that such mechanisms will be put in place in the near future. Therefore, we introduce PoX, an extension for Facebook that makes requests for private data explicit to the user and allows her to exert fine-grained access control over what profile data can be accessed by individual applications. By leveraging a client-side proxy that executes in the user's web browser, data requests can be relayed to Facebook without forcing the user to trust additional third parties. Of course, the presented system is backwards compatible and transparently falls back to the original behavior if a client does not support our system. Thus, we consider PoX to be a readily available alternative for privacy-aware users that do not want to wait for improvements implemented by Facebook itself.