Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Privacy Plug-In Fakes out Facebook

Web News

Privacy Plug-In Fakes out Facebook

Page 2 of 2

Private updates: A user (John Doe, in this case) can specify that his name and birth date should be hidden by tagging the data with ”@@.” FaceCloak then populates drop-down menus with private versions of the information.

FaceCloak, implemented as a plug-in for Mozilla’s Firefox browser, allows a user to designate–using two “at” signs (“@@”), by default–what information should be encrypted and only made available to friends. A FaceCloak user holds a secret access key but also sends two other keys to her friends. Those keys are then used to access the real information, which is held on a separate server. While the same concept could be used on other social networks–such as Twitter and MySpace–Hengartner and his colleagues focused on the largest provider.

Similar tools are being developed by other academic teams to address the privacy issues plaguing social networks. A group of researchers from Cornell University created another Firefox plug-in, called None of Your Business (NOYB), that encrypts profile information so that it can only be read by a small group of friends. And two researchers from the University of Illinois at Urbana-Champaign have developed a Facebook application called flyByNight that encrypts users’ data.

Unlike those projects, however, FaceCloak works with any number of contacts and does not rely on the cooperation of the social-network provider. The University of Waterloo researchers attempt to hide which users are encrypting their data with FaceCloak by replacing the hidden data with arbitrary text taken from sources on the Internet. “Users who submit encrypted information stand out, both to Facebook and to other users who can see the profiles, and therefore might raise suspicion,” Hengartner says. “By using fake information, we can avoid this problem.”

There are still some major issues, however. Images are not yet supported by FaceCloak and the third-party hosting server used could potentially be compromised. Moreover, a FaceCloak user still has to be careful, Hengartner says. “The same problem arises in real life,” he says. “When you tell a friend some personal information about you, you need to trust your friend to deal with this information responsibly. If she misbehaves, you can’t erase the information from her brain.”

Pages

6 comments. Share your thoughts »

Images by Technology Review , Hengartner et al.

Tagged: Web, security, Facebook, social networking, privacy

Reprints and Permissions | Send feedback to the editor

Robert Lemos Guest Contributor

View Profile »

From the Archives