PoX: Protecting users from malicious Facebook applications

Authors:
Manuel Egele;Andreas Moser;Christopher Kruegel;Engin Kirda
Affiliations:
University of California, Santa Barbara, Harold Frank Hall, Santa Barbara, CA 93106, USA;Vienna University of Technology, Treitlstrasse 1, 1040 Vienna, Austria;University of California, Santa Barbara, Harold Frank Hall, Santa Barbara, CA 93106, USA;Northeastern University, 440 Huntington Avenue, 202 West Village H, Boston, MA 02115, USA
Venue:
Computer Communications
Year:
2012

Citing 8
Cited 2

Social phishing

Communications of the ACM
Antisocial Networks: Turning a Social Network into a Botnet

ISC '08 Proceedings of the 11th international conference on Information Security
FlyByNight: mitigating the privacy risks of social networking

Proceedings of the 7th ACM workshop on Privacy in the electronic society
Beyond User-to-User Access Control for Online Social Networks

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
All your contacts are belong to us: automated identity theft attacks on social networks

Proceedings of the 18th international conference on World wide web
FaceCloak: An Architecture for User Privacy on Social Networking Sites

CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Privacy preserving social networking through decentralization

WONS'09 Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services
xBook: redesigning privacy control in social networking platforms

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

Preserving user privacy from third-party applications in online social networks

Proceedings of the 22nd international conference on World Wide Web companion
Appinspect: large-scale evaluation of social networking apps

Proceedings of the first ACM conference on Online social networks

Quantified Score

Hi-index	0.24

Visualization

Abstract

Online social networks such as Facebook, MySpace, and Orkut store large amounts of sensitive user data. While a user can legitimately assume that a social network provider adheres to strict privacy standards, we argue that it is unwise to trust third-party applications on these platforms in the same way. Although the social network provider would be in the best position to implement fine-grained access control for third party applications directly into the platform, such mechanisms are still missing. Furthermore, recent press releases do not indicate that such mechanisms will be put in place in the near future. Therefore, we introduce PoX, an extension for Facebook that makes requests for private data explicit to the user and allows her to exert fine-grained access control over what profile data can be accessed by individual applications. By leveraging a client-side proxy that executes in the user's web browser, data requests can be relayed to Facebook without forcing the user to trust additional third parties. Of course, the presented system is backwards compatible and transparently falls back to the original behavior if a client does not support our system. Thus, we consider PoX to be a readily available alternative for privacy-aware users that do not want to wait for improvements implemented by Facebook itself.