Giving away privacy by sharing online?
DUKE (US)—Millions of Internet users have been enjoying the fun—and free—services provided by advertiser-supported online social networks like Facebook. But are those users risking their privacy?
Landon Cox, a Duke University assistant professor of computer science, worries about privacy problems. When people post pictures or political opinions to share with their friends, they’re actually turning them over to the owners of the network as well.
“My concern is that they’re under the control of a central entity,” Cox says. “The social networks currently control all the information that users throw into them. I don’t think that’s necessarily evil. But it raises some concerns.”
For instance, MIT student experimenters have demonstrated the ability to sneak in and download more than 70,000 Facebook profiles. And a BBC technology program also showed how such personal information could be stolen.
“A disgruntled employee could leak information about social network users,” Cox says. “They could also become attractive targets for hackers and other computer ne’er-do-wells.”
Though users may not have caught this when they clicked to accept a site’s terms of service, they’ve largely signed away the rights to their own data by joining an online social network. “These rights commonly include a license to display and distribute all content posted by users in any way the provider sees fit,” Cox says.
Cox is collaborating with others to delve deeper into these issues and begin the search for alternatives. Cox’s notion is to create what network architects would call a “peer-to-peer” system architecture in which information is spread out. Being distributed, individual data is thus harder to steal or otherwise exploit.
“The basic idea is that users would control and store their own information and then share it directly with their friends instead of it being mediated through a site like Facebook. And there are some interesting challenges that go along with decomposing something like Facebook into a peer-to-peer system.
“Facebook is a great service because it’s highly available and really fast. When you break something into thousands and millions of different pieces instead, you’d want to try to recreate the same availability and performance. That’s the research challenge we’re going to be looking at over the next three years.”
Cox proposed three possible options in a report for the Association for Computing Machinery’s Workshop for Online Social Networks in Barcelona in August 2009. In each, users would load their personal information into what is called a “Virtual Individual Server,” or VIS.
One option would host each social network user’s VIS on his or her own desktop. “But the problem with desktop machines is that they go down all the time,” Cox says. “When desktops are shut off they are not available.”
An alternative idea is to distribute VISs within redundant “clouds” of servers such as those offered by the Amazon Elastic Computer Cloud. “Amazon will run little computers on your behalf out in their infrastructure,” Cox says. “The nice thing about that is the service will never go down. But the problem is that it’s very expensive. It costs about $50 a month to have just one server out in the cloud.”
A third notion is called “hybrid decentralization.” The idea is to keep VISs on desktops when possible but switch to the more costly and reliable cloud distribution option when individual desktops go offline.
“So there are these different tradeoffs,” Cox notes. “Users can try to put their information in clouds of servers, which are going to be highly available but expensive. Or they could try to store it on their own machines, which would be cheap but subject to service interruptions.”
Cox says the research will point in a couple of directions: “Can we get a desktop machine to intelligently switch over to a cloud? Can we reduce the cost by only using a cloud when the desktop is not available?”
Or perhaps the same information can be put in a number of places in the hope that at least one of those computers is always working. “So in addition to serving my own stuff I might ask my friends to serve my stuff as well,” Cox adds.
“The problem there is that now you’re trusting somebody else to serve and store your data. We have some interesting challenges ahead.”
The work is supported by the National Science Foundation and AT&T Labs in Florham Park, N.J.
Duke University news: www.dukenews.duke.edu/