HOSN-app/thesis/content/04-concept/introduction.tex

The reason for the inadequate protection of personal data lies in the centralized system structure used by all leading social platforms (e.g., Facebook and Twitter). With this structure, the data are stored centrally and mostly unencrypted. The service provider therefore inevitably has access to this data. It is not transparent to users, which data the service provider record during the use and what happens to the data.
On the one hand, the user data are evaluated to improve the user experience (suggestions for content matching the user’s preferences using recommender systems), but on the other hand also to make a profit. With personalized advertisement and, in the worst case, by selling the data, revenues are generated. Furthermore, the protection of data against access by third parties via official interfaces (harvesting) or unauthorized hacking cannot be ruled out (e.g., Facebook's incident with Cambridge Analytica in March 2018 \cite{facebook2018cambridge-analytica}). Last but not least, due to applicable law, it may be necessary for data to be transferred to secret services or government agencies (e.g., Facebook had more than 100\,000 requests from governments between January and July 2018 \cite{facebookXXXXtake-down}).

The criticism of the protection of privacy on the Internet, especially in social networks, is not new. Already in 2010, the founders of diaspora* discovered that no social network sufficiently protects the privacy of users \cite{diaspora2010kickstarter-pitch}. Although the problems and dangers of centralized \acp{OSN} are known for a long time and new scandals regularly become known to the public, the users remain mostly loyal to the respective social networks. As a result of the Cambridge Analytica incident, Facebook lost only a few users in Europe but is in the meantime back on the previous level \cite{facebook2019reportq4}. Alternative social networks, which focus on privacy protection (e.g., Vero\footnote{https://www.vero.co}, Ello\footnote{https://ello.co}), lack attractiveness regarding their design, complexity, and functionality. As a consequence, they do not get enough users and often fail after a short time. The connection to the respective social network is so strong that the barrier for switching to another, more secure social network is not overcome. The amount of content already created, the social network built up, and a large number of contacts using the same platform all create this so-called lock-in effect.

If switching to another platform is not an option, it is necessary to look for better ways to protect privacy on existing platforms. The Researcher Training Group (RTG) \enquote{Privacy and Trust for Mobile Users}\footnote{https://www.informatik.tu-darmstadt.de/privacy-trust/privacy\_and\_trust/index.en.jsp} in area B \enquote{Privacy and Trust in Social Networks} conducts research in this field. Subarea B.2 focuses especially on the protection of privacy in hybrid social networks. A hybrid solution allows the users of centralized \ac{OSN} to use the platform as usual. Though, additional procedures for the protection of privacy are integrated so that users gain control over their data. The hybrid approach uses the idea of a private \ac{P2P} network that allows users to communicate securely. The business models of service providers often have data from their users as a central element. Therefore, a solution must be found to provide anonymous data from the private network so that the business models can continue to function. \cite{rtgXXXXarea-b, rtgXXXXarea-b2}

In the following, a concept for a hybrid \ac{OSN} will be worked out that takes into account the interests of the different stakeholders. Besides, functionality requirements and potential limitations are listed. Finally, a solution strategy and a possible architecture are presented.