Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Private updates: A user (John Doe, in this case) can specify that his name and birth date should be hidden by tagging the data with ”@@.” FaceCloak then populates drop-down menus with private versions of the information.

FaceCloak, implemented as a plug-in for Mozilla’s Firefox browser, allows a user to designate–using two “at” signs (“@@”), by default–what information should be encrypted and only made available to friends. A FaceCloak user holds a secret access key but also sends two other keys to her friends. Those keys are then used to access the real information, which is held on a separate server. While the same concept could be used on other social networks–such as Twitter and MySpace–Hengartner and his colleagues focused on the largest provider.

Similar tools are being developed by other academic teams to address the privacy issues plaguing social networks. A group of researchers from Cornell University created another Firefox plug-in, called None of Your Business (NOYB), that encrypts profile information so that it can only be read by a small group of friends. And two researchers from the University of Illinois at Urbana-Champaign have developed a Facebook application called flyByNight that encrypts users’ data.

Unlike those projects, however, FaceCloak works with any number of contacts and does not rely on the cooperation of the social-network provider. The University of Waterloo researchers attempt to hide which users are encrypting their data with FaceCloak by replacing the hidden data with arbitrary text taken from sources on the Internet. “Users who submit encrypted information stand out, both to Facebook and to other users who can see the profiles, and therefore might raise suspicion,” Hengartner says. “By using fake information, we can avoid this problem.”

There are still some major issues, however. Images are not yet supported by FaceCloak and the third-party hosting server used could potentially be compromised. Moreover, a FaceCloak user still has to be careful, Hengartner says. “The same problem arises in real life,” he says. “When you tell a friend some personal information about you, you need to trust your friend to deal with this information responsibly. If she misbehaves, you can’t erase the information from her brain.”

6 comments. Share your thoughts »

Credits: Technology Review , Hengartner et al.

Tagged: Web, security, Facebook, privacy, social networking

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me