Researchers Luo, Xiu and Hengartner of the University of Waterloo in Ontario propose an architecture to protect personal information from social networking platforms. This is achieved by transmitting fake data to the social network server and storing the correct data encrypted on a third party server. Authorized users can then replace the fake data with the correct data when they visit the site containing protected data. The prerequisite is that all users use a specific browser extension that communicates with the third party server and replaces content. In concrete terms, this was implemented for Facebook and both a server and an extension for the Firefox browser were developed and successfully tested. \subsubsection{Design Principles} FaceCloak's design is based on the following four principles: \begin{itemize} \item \textbf{Preservation of normal browsing experience}: In order to provide the best possible user experience, the solution should function largely automatically and require only a minimum of interaction. \item \textbf{No server-side changes}: The mechanism for protecting personal data should not require any server-side changes. \item \textbf{Self-containment and minimal user configuration}: Regardless of the technical abilities of a user, the configuration effort (e.g. the installation of a certain software) should be limited to a minimum and be feasible by everyone. \item \textbf{Incremental deployment}: Compatibility between users with and without using the special extension should always be ensured and should never prevent users from no longer being able to contact each other. \end{itemize} \subsubsection{FaceCloak Architecture} After validating several available solutions for personal data protection, the researchers decided that a client-side architecture was the best solution for automated protection. Figure \ref{fig:facecloak-architecture} shows this architecture schematically. \begin{figure}[h!] \centering \includegraphics[width=0.7\textwidth]{facecloak-architecture} \caption{Schematic representation of the Setup Phase (1), Encryption Phase (2) and Decryption Phase (3) and the data flow taking place between the entities.} \label{fig:facecloak-architecture} \end{figure} During the setup phase, the browser extension is being installed and the encryption keys are generated. Afterwards the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data is transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data is transmitted by the social network, the extension takes care of the replacement with the real data. In addition to adhering to the above design principles, the proposed architecture makes the following contributions: \begin{itemize} \item The functionality of the service and the interface is not limited by the use of FaceCloak. \item The user decides which information should be protected and which not. \item The architecture can be applied to any social network. \end{itemize} \subsubsection{FaceCloak for Facebook} To protect the privacy of Facebook users, Luo, Xiu and Hengartner have developed a Firefox browser extension according to the previously described architecture, as well as a server application for storing encrypted real data.\footnote{Download: https://crysp.uwaterloo.ca/software/facecloak/download.html} To encrypt the data, the extension uses AES and a key length of 128 bits. The indices for the encrypted data are calculated using SHA-1. The authors propose e-mail for the key exchange. For this purpose, the browser extension automatically generates e-mail texts and recipient lists and forwards them to the standard e-mail program. The recipients then have to manually store the received keys in the extension. In order to protect data with FaceCloak, the prefix @@ must be added to information in a text field. For other form elements such as dropdowns, radio buttons or checkboxes, the extension creates additional options that also start with @@. When submitting the form, the extension intervenes and replaces the data marked with @@ with fake data. The data to be protected is encrypted with the stored keys and transferred as key-value pair to the third party server where it is stored. All profile information can be protected by FaceCloak, but only for name, birthday and gender algorithms for the meaningful creation of fake data are implemented. In addition to profile information, the extension can also protect Facebook Wall data and Facebook Notes. To avoid attracting attention with random, unusual character strings, the contents of random Wikipedia articles are transmitted as fake data. When loading a profile page that contains protected data, the extension with asynchronous HTTP requests retrieves the information from the third party server, decrypts it, and replaces the fake data. A large part of the replacement can thus be performed during the load process, so that the user does not see the fake data. But since Facebook also loads content asynchronously, some replacements can only be performed with a time delay and the fake data is shortly visible. To use the same account on multiple devices, the keys must be transferred to all devices and stored in the extension. It is not possible to use multiple accounts with the same Firefox profile, as all data is stored in the extension and these are always bound to exactly one Facebook account. The latest version 0.6 from August 2010 cannot be installed in the current Firefox (version 65). Furthermore, it is not known if the server is still running. Therefore it is not possible to check if the extension still works. Due to the numerous updates and sometimes serious changes that Facebook has experienced in the last 8 years, it is very unlikely that the extension will still work today. At that time, however, it was successfully applied and proved that the proposed architecture worked.