|
|
@@ -1,4 +1,4 @@
|
|
|
-Researchers Luo, Xiu, and Hengartner of the University of Waterloo in Ontario propose an architecture to protect personal information from social networking platforms \cite{luo2009facecloak}. Protection is achieved by transmitting fake data to the social network server and storing the correct data encrypted on a third party server. Authorized users can then replace the fake data with the correct data when they visit the site containing protected data. The prerequisite is that all users use a specific browser extension that communicates with the third party server and replaces content. In concrete terms, this was implemented for Facebook and both a server and an extension for the Firefox browser were developed and successfully tested.
|
|
|
+Researchers Luo, Xiu, and Hengartner of the University of Waterloo in Ontario propose an architecture to protect personal information on social networking platforms \cite{luo2009facecloak}. Protection is achieved by transmitting fake data to the social network server and storing the correct data encrypted on a third party server. Authorized users can then replace the fake data with the correct data when they visit the site containing protected data. The prerequisite is that all users use a specific browser extension that communicates with the third party server and replaces content. In concrete terms, this was implemented for Facebook and both a server and an extension for the Firefox browser were developed and successfully tested.
|
|
|
|
|
|
\subsubsection{Design Principles}
|
|
|
FaceCloak's design is based on the following four principles:
|
|
|
@@ -16,11 +16,11 @@ After validating several available solutions for personal data protection, the r
|
|
|
\begin{figure}[h!]
|
|
|
\centering
|
|
|
\includegraphics[width=0.7\textwidth]{facecloak-architecture}
|
|
|
- \caption{Schematic representation of the Setup Phase (1), Encryption Phase (2) and Decryption Phase (3) and the data flow taking place between the entities. \cite{luo2009facecloak}}
|
|
|
+ \caption{Schematic representation of the Setup Phase (1), Encryption Phase (2) and Decryption Phase (3) and the data flow taking place between the entities in FaceCloak's architecture. \cite{luo2009facecloak}}
|
|
|
\label{fig:facecloak-architecture}
|
|
|
\end{figure}
|
|
|
|
|
|
-During the setup phase, the browser extension is installed, and the encryption keys generated. Afterward, the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data is transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data is transmitted by the social network, the extension takes care of the replacement with the real data.
|
|
|
+During the setup phase, the browser extension is installed, and the encryption keys are generated. Afterwards, the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data is transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data is transmitted by the social network, the extension takes care of the replacement with the real data.
|
|
|
|
|
|
In addition to adhering to the above design principles, the proposed architecture makes the following contributions:
|
|
|
|
|
|
@@ -31,16 +31,16 @@ In addition to adhering to the above design principles, the proposed architectur
|
|
|
\end{itemize}
|
|
|
|
|
|
\subsubsection{FaceCloak for Facebook}
|
|
|
-To protect the privacy of Facebook users, Luo, Xiu, and Hengartner have developed a Firefox browser extension according to the previously described architecture, as well as a server application for storing encrypted real data.\footnote{Download: https://crysp.uwaterloo.ca/software/facecloak/download.html}
|
|
|
+To protect the privacy of Facebook users, Luo, Xiu, and Hengartner have developed a Firefox browser extension according to the previously described architecture, as well as a server application for storing encrypted real data \cite{facecloakXXXXdownload}.
|
|
|
|
|
|
The extension uses \ac{AES} and a key length of 128 bits to encrypt the data. The indices for the encrypted data are calculated using SHA-1. The authors propose an e-mail for the key exchange. For this purpose, the browser extension automatically generates e-mail texts and recipient lists and forwards them to the standard e-mail program. The recipients then have to store the received keys in the extension manually.
|
|
|
|
|
|
In order to protect data with FaceCloak, the prefix @@ must be added to the information in a text field. For other form elements such as dropdowns, radio buttons or checkboxes, the extension creates additional options that also start with @@. When submitting the form, the extension intervenes and replaces the data marked with @@ with fake data. The data to be protected is encrypted with the stored keys and transferred as a key-value pair to the third party server where it is stored. FaceCloak can protect all profile information, but only for name, birthday, and gender algorithms for the meaningful creation of fake data are implemented.
|
|
|
|
|
|
-In addition to profile information, the extension can also protect Facebook Wall and Facebook Notes data. To avoid attracting attention with random, unusual character strings, the contents of random Wikipedia articles are transmitted as fake data.
|
|
|
+In addition to profile information, the extension can also protect Facebook Wall and Facebook Notes data. The contents of arbitrary Wikipedia articles are transmitted as fake data to avoid attracting attention with random and unusual character strings.
|
|
|
|
|
|
When loading a profile page that contains protected data, the extension with asynchronous \ac{HTTP} requests retrieves the information from the third party server, decrypts it, and replaces the fake data. A large part of the replacement can thus be performed during the load process so that the user does not see the fake data. However, since Facebook also loads content asynchronously, some replacements can only be performed with a time delay and the fake data is shortly visible.
|
|
|
|
|
|
-To use the same account on multiple devices, the keys must be transferred to all devices and stored in the extension. It is not possible to use multiple accounts with the same Firefox profile, as all data is stored in the extension and these are always bound to exactly one Facebook account.
|
|
|
+The keys have to be transferred to all devices and stored in the extension to use the same account. It is not possible to use multiple accounts with the same Firefox profile, as all data is stored in the extension and these are always bound to exactly one Facebook account.
|
|
|
|
|
|
-The latest version 0.6 from August 2010 cannot be installed in the current Firefox (version 65). Furthermore, it is not known if the server is still running. Therefore it is not possible to check if the extension still works. Due to the numerous updates and sometimes serious changes that Facebook has experienced in the last 8 years, it is very unlikely that the extension will still work today. At that time, however, it was successfully applied and proved that the proposed architecture worked.
|
|
|
+The latest version 0.6 from August 2010 cannot be installed in the current Firefox (version 65). Furthermore, it is unknown if the server is still running. Therefore it is not possible to check if the extension still works. Due to the numerous updates and sometimes severe changes that Facebook has experienced in the last eight years, it is doubtful that the extension will still function today. At that time, however, it was successfully applied and proved that the proposed architecture worked.
|
