Securing Content in Decentralized Online Social Networks: Solutions, Limitations, and the Road Ahead

The most popular On-line Social Networks (OSNs) are based on centralized architectures where service providers (e.g., Facebook, Twitter, or Instagram) have full control over the data published by their user---a requirement of their business model, based on the monetization of the cited data [2]. In addition, such centralized architectures also increase the risk of censorship, surveillance, and information leakage [3]. Distributed On-line Social Networks (DOSNs), instead, are typically based on a P2P architecture, where there is no central service provider in control of user data. Indeed, the contents that are published on DOSNs are stored on user-provided devices, that also cooperate to execute the tasks needed to realize the intended service. Most of the popular DOSNs, in an effort to help users smoothly regulate content sharing in adherence to their privacy preferences, allow to organize users in groups. In this way, each user can choose to share content with the users belonging to specific groups only. The lack of a (logically) centralized, third party managed, reliable infrastructure to guarantee content availability---whether a given user is on-line or not---has led to have the contents published by a user to be stored on the devices of other users as well. Indeed, such a choice increases the chances that at least one of the cooperating users device (and the contents stored therein) is online when the content is required. Given the two above introduced (conflicting) requirements: group-oriented privacy setting and distributed storage, a critical feature of DOSNs is that published contents must be properly protected by the DOSN infrastructure, in order to ensure that they can be accessed only by users that have the appropriate permissions---granted by the publishers. Hence, DOSNs require efficient solutions for protecting the privacy of the contents published by each user with respect to the other users of the social network. While some preliminary solutions have been proposed [1], the literature lacks of a general systematization of DOSNs, in particular for what concerns the access control models in place to secure access and to ensure content availability. The same lack of systematization can be noticed when considering the pros and cons of the different models in place, especially when analyzed through the lenses of performance.

In this talk, we investigate and compare the principal content privacy enforcement models adopted by current DOSNs. In particular, we will discuss their suitability to support different types of privacy policies based on different user-group modelling. The discussion is supported by an evaluation carried out by implementing several models and comparing their performance for the typical operations performed on groups, that is: content publishing, user join and leave. Further, we also highlight the limitations of current approaches and show future research directions to help DOSNs become a relevant player in the On-line Social Networks ecosystem, so as to put users back in control of their generated content.