|
@@ -20,7 +20,7 @@ After validating several available solutions for personal data protection, the r
|
|
|
\label{fig:facecloak-architecture}
|
|
|
\end{figure}
|
|
|
|
|
|
-During the setup phase, the browser extension is installed, and the encryption keys are generated. Afterwards, the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data is transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data is transmitted by the social network, the extension takes care of the replacement with the real data.
|
|
|
+During the setup phase, the browser extension is installed, and the encryption keys are generated. Afterwards, the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data are transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data are transmitted by the social network, the extension takes care of the replacement with the real data.
|
|
|
|
|
|
In addition to adhering to the above design principles, the proposed architecture makes the following contributions:
|
|
|
|
|
@@ -35,12 +35,12 @@ To protect the privacy of Facebook users, Luo, Xiu, and Hengartner have created
|
|
|
|
|
|
The extension uses \ac{AES} and a key length of 128 bits to encrypt the data. The indices for the encrypted data are calculated using SHA-1. The authors propose an e-mail for the key exchange. For this purpose, the browser extension automatically generates e-mail texts and recipient lists and forwards them to the standard e-mail program. The recipients then have to store the received keys in the extension manually.
|
|
|
|
|
|
-In order to protect data with FaceCloak, the prefix @@ must be added to the information in a text field. For other form elements such as dropdowns, radio buttons or checkboxes, the extension creates additional options that also start with @@. When submitting the form, the extension intervenes and replaces the data marked with @@ with fake data. The data to be protected is encrypted with the stored keys and transferred as a key-value pair to the third party server where it is stored. FaceCloak can protect all profile information, but only for name, birthday, and gender algorithms for the meaningful creation of fake data are implemented.
|
|
|
+In order to protect data with FaceCloak, the prefix @@ must be added to the information in a text field. For other form elements such as dropdowns, radio buttons or checkboxes, the extension creates additional options that also start with @@. When submitting the form, the extension intervenes and replaces the data marked with @@ with fake data. The data to be protected are encrypted with the stored keys and transferred as a key-value pair to the third party server where it is stored. FaceCloak can protect all profile information, but only for name, birthday, and gender algorithms for the meaningful creation of fake data are implemented.
|
|
|
|
|
|
In addition to profile information, the extension can also protect Facebook Wall and Facebook Notes data. The contents of arbitrary Wikipedia articles are transmitted as fake data to avoid attracting attention with random and unusual character strings.
|
|
|
|
|
|
-When loading a profile page that contains protected data, the extension with asynchronous \ac{HTTP} requests retrieves the information from the third party server, decrypts it, and replaces the fake data. A large part of the replacement can thus be performed during the load process so that the user does not see the fake data. However, since Facebook also loads content asynchronously, some replacements can only be performed with a time delay and the fake data is shortly visible.
|
|
|
+When loading a profile page that contains protected data, the extension with asynchronous \ac{HTTP} requests retrieves the information from the third party server, decrypts it, and replaces the fake data. A large part of the replacement can thus be performed during the load process so that the user does not see the fake data. However, since Facebook also loads content asynchronously, some replacements can only be performed with a time delay and the fake data are shortly visible.
|
|
|
|
|
|
-The keys have to be transferred to all devices and stored in the extension to use the same account. It is not possible to use multiple accounts with the same Firefox profile, as all data is stored in the extension and these are always bound to exactly one Facebook account.
|
|
|
+The keys have to be transferred to all devices and stored in the extension to use the same account. It is not possible to use multiple accounts with the same Firefox profile, as all data are stored in the extension and these are always bound to exactly one Facebook account.
|
|
|
|
|
|
The latest version 0.6 from August 2010 cannot be installed in the current Firefox (version 65). Furthermore, it is unknown if the server is still running. Therefore it is not possible to check if the extension still works. Due to the numerous updates and sometimes severe changes that Facebook has experienced in the last eight years, it is doubtful that the extension will still function today. At that time, however, it was successfully applied and proved that the proposed architecture worked.
|