Fig 1 - uploaded by Filipe Beato
Content may be subject to copyright.
Source publication
Social network sites (SNS) allow users to share information with friends, family, and other contacts. However, current SNS
sites such as Facebook or Twitter assume that users trust SNS providers with the access control of their data. In this paper
we propose Scramble, the implementation of a SNS-independent Firefox extension that allows users to en...
Context in source publication
Similar publications
Development of mobile web-centric OS such as Firefox OS has created new challenges, and opportunities for digital investigators. Network traffic forensic plays an important role in cybercrime investigation to detect subject(s) and object(s) of the crime. In this chapter, we detect and analyze residual network traffic artefacts of Firefox OS in rela...
The development of a mobile web-centric OS such as Firefox OS (FxOS) has created new challenges and opportunities for digital investigators. Network traffic forensics plays an important role in cybercrime investigation to detect subject(s) and object(s) of the crime. In this chapter we detect and analyze residual network traffic artifacts of FxOS i...
Citations
... Scramble [3] allows users to enforce access control over their data. It is an SNindependent Firefox extension allowing users to define access control lists (ACL) of authorised users for each piece of data, based on their preferences. ...
Social networks such as Facebook (Since October 2021 is also known as META) (FB) and Instagram are known for tracking user online behaviour for commercial gain. To this day, there is practically no other way of achieving privacy in said platforms other than renouncing their use. However, many users are reluctant in doing so because of convenience or social and professional reasons. In this work, we propose a means of balancing convenience and privacy on FB through obfuscation. We have created MetaPriv, a tool based on simulating user interaction with FB. MetaPriv allows users to add noise interactions to their account so as to lead FB’s profiling algorithms astray, and make them draw inaccurate profiles in relation to their interests and habits. To prove our tool’s effectiveness, we ran extensive experiments on a dummy account and two existing user accounts. Our results showed that, by using our tool, users can achieve a higher degree of privacy in just a couple of weeks. We believe that MetaPriv can be further developed to accommodate other social media platforms and help users regain their privacy, while maintaining a reasonable level of convenience. To support open science and reproducible research, our source code is publicly available online.
... Scramble [3] allows users to enforce access control over their data. It is an SNindependent Firefox extension allowing users to define access control lists (ACL) of authorised users for each piece of data, based on their preferences. ...
Social networks such as Facebook (FB) and Instagram are known for tracking user online behaviour for commercial gain. To this day, there is practically no other way of achieving privacy in said platforms other than renouncing their use. However, many users are reluctant in doing so because of convenience or social and professional reasons. In this work, we propose a means of balancing convenience and privacy on FB through obfuscation. We have created MetaPriv, a tool based on simulating user interaction with FB. MetaPriv allows users to add noise interactions to their account so as to lead FB's profiling algorithms astray, and make them draw inaccurate profiles in relation to their interests and habits. To prove our tool's effectiveness, we ran extensive experiments on a dummy account and two existing user accounts. Our results showed that, by using our tool, users can achieve a higher degree of privacy in just a couple of weeks. We believe that MetaPriv can be further developed to accommodate other social media platforms and help users regain their privacy, while maintaining a reasonable level of convenience. To support open science and reproducible research, our source code is publicly available online.
... Subsequently, opportunity assessment and diminishment are the essential moves to be made to wards Info Security Hazard Control (ISRM). Right now, most researchers are dealing with danger assessment yet frequently lack of (Beato et al., 2011) concern the danger diminishing point of view. As an effect of danger assessment alone, IS hazard just gets analyzed, however, not diminished or diminished, since, danger diminishment is really troublesome and loaded with uncertainty. ...
... Authors in [9] proposed "Scramble" which is based on asymmetric cryptography, to share data. A user must own all the associated public keys of all his friends. ...
... The data owner generates cipher-texts for all the sub-structures of τ , then he sends the encrypted data to the cloud as shown in Figure 1 step (5) and (6), a reference is posted in social network Step (7). Decryption phase: When the user U m wants to have access to data stored in cloud, he should first send an access request to the corresponding data as illustrated in Figure 1 step (8), then the cloud fetches the corresponding structure τ associated with data and sends it back to user U m as shown in Figure 1 step (9). We have the attribute set owned by U m noted AT m . ...
... In the following subsection, we compare our proposed solution CloudSN with similar solutions found in the literature. We compare our solution to Scramble your data proposed in [9] and Persona proposed in [5]. The comparison is illustrated in Table I, in which we take several parameters such as: attributes management, access control, storage based platform and storage of sensitive data. ...
In this paper, we present a new framework for
protecting privacy on online social networks based on two
main concepts: cloud computing and Attribute-Based Encryption
system (ABE). The cloud computing is used to store outsourcing
data by a third party. However, the issues of entrusting these
third-party losing control over data arise. Thus, one does not
know where data are stored. In the proposed framework we
propose to use a distributed multi-authority ABE scheme, which
provides flexible access to private data, and only users with the
right keys can have access to it. The performance evaluation is
conducted by simulations with different parameters including the
number of attributes, encryption time and decryption time. The
obtained results and security analysis show that our solution
outperforms the classical solutions in terms of security and
robustness.
... We seek user-centered privacy protection mechanisms instead: one that can be applied to existing services (instead of graph sanitization applied by the service provider), one that either hides user information or that is capable of preventing large-scale re-identification. For instance, Scramble is a good example for such solutions: it is independent of the service provider and allows a fine-grained access control for managing the sharing process of user data by encryption [6]. ...
... Several types of user data can be considered as a sensitive attribute: either sensitive personal attributes (e.g., religious or political preferences), free-text profile information (e.g., link to a website) or the content the user shares (e.g., wall messages). However, managing such a vast amount of information by hand can be difficult, and this process should be supported by an identity manager software (e.g., Scramble is such a proof-of-concept utility [6]). With such a support, the user could be able to achieve fine-grained control over her profile and safely reveal the secret information only for the selected audience with ease, while separated identities would be represented as different users for the attacker, but also for the social network platform and its users. ...
Connections between users of social networking services pose a significant privacy threat. Recently, several social network de-anonymization attacks have been proposed that can efficiently re-identify users at large scale, solely considering the graph structure. In this paper, we consider these privacy threats and analyze de-anonymization attacks at the model level against a user-controlled privacy-enhancing technique called identity separation. The latter allows creating seemingly unrelated identities in parallel, even without the consent of the service provider or other users. It has been shown that identity separation can be used efficiently against re-identification attacks if user cooperate with each other. However, while participation would be crucial, this cannot be granted in a real-life scenario. Therefore, we introduce the y-identity model, in which the user creates multiple separated identities and assigns the sensitive attribute to one of them according to a given strategy. For this, we propose a strategy to be used in real-life situations and formally prove that there is a higher bound for the expected privacy loss which is sufficiently low.
... Therefore, it is timely and important to investigate new techniques that could help users protect their personal information. Researchers have previously proposed the use of obfuscation to protect users' personal information [1]. These mechanisms intercept user's personal information before it is processed by online service providers, including social networks, and obfuscate it by either encrypting the data [5] or substituting it with randomly generated fake information [8]. ...
Online forms often require users to provide a lot of personal information when registering for services, which puts their privacy at risk. While recent legislation has focused on how personal data is handled by organizations, the recent Cambridge Analytica revelations expose the limitations of relying on organizations to adhere to legislation or even their own privacy policies. In this research, we tackle this problem by taking the first steps towards providing users with more control over their personal data when registering for services. We employ a user-centered approach to design a privacy protection app, which, through the use of avatars, would provide users with greater control and flexibility over the personal information they disclose during online registrations. This paper reports on a set of design findings and observations extracted from a series of design workshops conducted to identify the design elements users would prefer in this novel privacy protection app.
... Moreover, privacy preferences are by default hard to use and do not correctly reflect the intentions of users [1,2], which may lead to leakage of information to a broader audience. The privacy issues on OSNs has been a topic of interest within the research community demonstrated by several studies [3,4,5,6,7,8]. Even though the offered 10 privacy controls are somehow effective to protect the data shared, they remain ineffective when safeguarding contextual information (such as the social network structure). ...
Online Social Networks (OSNs), such as Facebook, provide users with tools to share information along with a set of privacy controls preferences to regulate the spread of information. Current privacy controls are efficient to protect content data. However, the complexity of tuning them undermine their efficiency when shielding contextual information (such as the social network structure) that many users believe being kept private.
In this paper, we demonstrate the extent of the problem of information leakage in Facebook. In particular, we show the possibility of inferring, from the network “surrounding” a victim user, some information that the victim set as hidden. We developed a system, named OSSINT (Open Source Social Network INTelligence), on top of our previous tool SocialSpy, that can infer hidden information of a victim profile and retrieve private information from public one. OSSINT retrieves the friendship network of a victim and shows how it is possible to infer additional private information (e.g., personal user preferences and hobbies). Our proposed system OSSINT goes extra mile about the network topology information, i.e., predicting new friendships using the victim’s friends of friends network (2-hop of distance from the victim profile), and hence possibly deduce private information of the full Facebook network. OSSINT correctly improved the previous results of SocialSpy predicting an average of 11 new friendships with peaks of 20 new friends. Moreover, OSSINT, for the considered victim profiles demonstrated how it is possible to infer real-life information such as current city, hometown, university, supposed being private.
... • Solutions to collateral information collection on Facebook. Implementing privacy enhancing solutions on Facebook such as cryptographic countermeasures INTRODUCTION can be interesting but challenging to maintain [3,2,1] as they are frequently detected and blocked [196,26,68]. It is challenging to propose solutions aiming to help users making informed decisions and enhance transparency [130]. ...
... Scramble! [26] proposes an access control mechanism over a user's data, making the use of encryption techniques. According to this model, authorised users have partial access to the data, depending on the access control lists. ...
... For instance, flyByNight [196] and Scramble! [26] are utilising encryption schemes to ensure confidentiality and integrity of messages exchanged among Facebook users. However, encryption solutions on Facebook and other OSNs and are commonly detected and blocked from their systems. ...
Privacy by design, Security by design, Collateral Information Collection, Facebook, Car sharing, Privacy threats, Security threats
... Multiple proposals work on the establishment of anonymous interactions [31] [35]. Others focus on protecting users' data [16][10] [2] or users' relationships [34] [6] by applying cryptography. Several works in the context of social translucency have been proposed [14]. ...
Web-Based Social Networks (WBSNs) are used by millions of people worldwide. While WBSNs provide many benefits, privacy preservation is a concern. The management of access control can help to assure data is accessed by authorized users. However, it is critical to provide sufficient flexibility so that a rich set of conditions may be imposed by users. In this paper we coin the term user provenance to refer to tracing users actions to supplement the authorisation decision when users request access. For example restricting access to a particular photograph to those which have “liked” the owners profile. However, such a tracing of actions has the potential to impact the privacy of users requesting access. To mitigate this potential privacy loss the concept of translucency is applied. This paper extends \(SoNeUCON_{ABC}\) model and presents \(SoNeUCON_{ABC}Pro\), an access control model which includes translucent user provenance. Entities and access control policies along with their enforcement procedure are formally defined. The evaluation demonstrates that the system satisfies the imposed goals and supports the feasibility of this model in different scenarios.
... For instance, flyByNight ( Lucas and Borisov, 2008 ) and Scramble! ( Beato et al., 2011 ) are proposing cryptographic schemes to ensure confidentiality and integrity of messages exchanged among Facebook users. Extending the functionality of such solutions, cryptographic tools such as Multi-Party Computation (MPC) ( Cramer et al., 2015 ) can be used by a user, to allow access only to selected apps and app providers for their data that are shared through their friends. ...
... Scramble! ( Beato et al., 2011 ) proposes an access control mechanism over a user's data, making the use of encryption techniques. According to this model, authorised users have partial access to the data, depending on the access control lists. ...
Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers.
