Private updates: A user (John Doe, in this case) can specify that his name and birth date should be hidden by tagging the data with ”@@.” FaceCloak then populates drop-down menus with private versions of the information.
FaceCloak, implemented as a plug-in for Mozilla’s Firefox browser, allows a user to designate–using two “at” signs (“@@”), by default–what information should be encrypted and only made available to friends. A FaceCloak user holds a secret access key but also sends two other keys to her friends. Those keys are then used to access the real information, which is held on a separate server. While the same concept could be used on other social networks–such as Twitter and MySpace–Hengartner and his colleagues focused on the largest provider.
Similar tools are being developed by other academic teams to address the privacy issues plaguing social networks. A group of researchers from Cornell University created another Firefox plug-in, called None of Your Business (NOYB), that encrypts profile information so that it can only be read by a small group of friends. And two researchers from the University of Illinois at Urbana-Champaign have developed a Facebook application called flyByNight that encrypts users’ data.
Unlike those projects, however, FaceCloak works with any number of contacts and does not rely on the cooperation of the social-network provider. The University of Waterloo researchers attempt to hide which users are encrypting their data with FaceCloak by replacing the hidden data with arbitrary text taken from sources on the Internet. “Users who submit encrypted information stand out, both to Facebook and to other users who can see the profiles, and therefore might raise suspicion,” Hengartner says. “By using fake information, we can avoid this problem.”
There are still some major issues, however. Images are not yet supported by FaceCloak and the third-party hosting server used could potentially be compromised. Moreover, a FaceCloak user still has to be careful, Hengartner says. “The same problem arises in real life,” he says. “When you tell a friend some personal information about you, you need to trust your friend to deal with this information responsibly. If she misbehaves, you can’t erase the information from her brain.”