POP-SNAQ: Privacy-preserving Open Platform for Social

Download Report

Transcript POP-SNAQ: Privacy-preserving Open Platform for Social

POP-SNAQ:
Privacy-preserving Open Platform for
Social Network Application Queries
Brian Thompson
Huijun Xiong
Online Social Networks
• Use of OSNs continues to increase
Online Social Networks
• To accommodate growing needs, a
greater variety of OSNs has appeared
Motivation
• Need a way to collect info from many
different OSNs and provide it to the
user in a clean and organized fashion
Must also be
careful not to
compromise
users’ privacy!
Brian and Huijun at the Concert
Motivation
• Current Solution:
many individual queries
Face
My
iLike
Space
book
“Where is my friend Huijun?”
Motivation
• Our Proposed Solution:
cross-network query
QUERY
ALL
“Where is my friend Huijun?”
POP-SNAQ
Privacy-preserving Open Platform for
Social Network Application Queries
• provides a unified framework that
supports cross-network queries
• uses a common language
• employs security measures to
protect users’ privacy
POP-SNAQ
Privacy-preserving Open Platform for
Social Network Application Queries
• provides a unified framework that
supports cross-network queries
• uses a common language
• employs security measures to
protect users’ privacy
POP-SNAQ
System architecture
POP-SNAQ
Privacy-preserving Open Platform for
Social Network Application Queries
• provides a unified framework that
supports cross-network queries
• uses a common language
• employs security measures to
protect users’ privacy
POP-SNAQ
• OpenSocial
– By Google
– A common API for
social network apps
– “Develop once,
Use Everywhere”
– Supported by >20
social networks
POP-SNAQ
Privacy-preserving Open Platform for
Social Network Application Queries
• provides a unified framework that
supports cross-network queries
• uses a common language
• employs security measures to
protect users’ privacy
POP-SNAQ
Communication Model
POP-SNAQ
• server-side app means OSNs have
control over release of data
– filter data before releasing
– limit output to public profile info
– “Free Input, Selective Output”
• two kinds of filtering
1) based on user preferences
2) based on social network preferences
POP-SNAQ
• text-to-image conversion
– performed server-side
– built into communication protocol
• open source implementations
already available
– GD library
imagettftext()
• protects against large-scale
data harvesting attacks
Analysis of POP-SNAQ
• To evaluate our project, we compare
it with an existing system:
Facebook Connect
Facebook Connect
• similar platform to Facebook Apps
• allows information sharing between
Facebook and external websites
• enables external websites to
access Facebook’s user database
• potential websites must first be
reviewed and approved by Facebook
THE BATTLE
Facebook Connect
POP-SNAQ
BATTLE 1: Utility
Facebook Connect
POP-SNAQ
• direct access to
user database
• access all public
profile info
• two-way
communication
• single-network
solution
• filtered access to
user database
• apps can use
private info too!
• one-way
communication
• cross-network
solution
TIE!
BATTLE 2: Openness
Facebook Connect
POP-SNAQ
• approve apps
after careful
inspection
• look into every
submission. . .
eventually
• applications are
automatically
approved
• accept every
submission
immediately
POP-SNAQ
WINS!
BATTLE 3: Privacy
Facebook Connect
• privacy enforced
by policies
• manually check
for data abuse
• external website
controls data
flow to users
POP-SNAQ
• privacy enforced
by technology
• built-in protection
against abuse
• social networks
control data flow
to users
POP-SNAQ
WINS!
VICTORY: POP-SNAQ!
Facebook Connect
POP-SNAQ
VICTORY: POP-SNAQ!
Sounds great!
But can it be true?
Is POP-SNAQ just a
dream, or can it be
reality?
Simulation
Hold on to your seats!
Conclusions
• POP-SNAQ is a solution to the problem
of performing cross-network queries
• Achieves a balance between providing
utility and protecting users’ privacy
• Improves on existing solution of
Facebook Connect
• Future work: Requires implementation
of extended OpenSocial API
Questions?