xBook: Redesigning Privacy Control in Social Networking Platforms Kapil Singh∗ Sumeer Bhola∗ Wenke Lee SchoolofComputerScience Google SchoolofComputerScience Georgia Institute of Technology
[email protected] Georgia Institute of Technology
[email protected] [email protected] Abstract in social networks. Social networking websites have recently evolved from With the advent of Web 2.0 technologies, web appli- being service providers to platforms for running third cation development has become much more distributed party applications. Users have typically trusted the so- with a growing number of users acting as developers and cial networking sites with personal data, and assume that source of online content. This trend has also influenced their privacy preferences are correctly enforced. However, social networks that now act as platforms allowing de- they are now being asked to trust each third-party applica- velopers to run third-party content on top of their frame- tion they use in a similar manner. This has left the users’ work. Facebook opened up for third-party application private information vulnerable to accidental or malicious development by releasing its development APIs in May leaks by these applications. 2007 [22]. Since the release of the Facebook platform, In this work, we present a novel framework for build- several other sites have joined the trend by supporting ing privacy-preservingsocial networking applications that Google’s OpenSocial [10], a cross-site social network de- retains the functionality offered by the current social net- velopment platform. works. We use information flow models to control what These third-party applications further escalate the pri- untrusted applications can do with the information they vacy concerns as user data is shared with these applica- receive.