Department of Computer Science and Technology

Technical reports

Privacy engineering for social networks

Jonathan Anderson

December 2012, 255 pages

This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College.

DOI: 10.48456/tr-825


In this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of todays centralised OSNs, but it does not trust centralised infrastructure to enforce security properties.

Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users interactions with OSNs, providing real control over online sharing.

I also demonstrate that todays OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks.

Footlights storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform.

The Footlights application platform allows third-party developers to write social applications without direct access to users private data. Applications run in a conned environment with a private-by-default security model: applications can only access user information with explicit user consent. I demonstrate that practical applications can be written on this platform.

The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The protocol is designed to be secure even in the face of malicious authentication agents.

Full text

PDF (3.5 MB)

BibTeX record

  author =	 {Anderson, Jonathan},
  title = 	 {{Privacy engineering for social networks}},
  year = 	 2012,
  month = 	 dec,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-825},
  number = 	 {UCAM-CL-TR-825}