Lockr: Better Privacy for Social Networks

Today’s online social networking (OSN) sites do little to protect the privacy of their users’ social networking information. Given the highly sensitive nature of the information these sites store, it is understandable that many users feel victimized and disempowered by OSN providers’ terms of service. This paper presents Lockr, a system that improves the privacy of centralized and decentralized online content sharing systems. Lockr offers three significant privacy benefits to OSN users. First, it separates social networking content from all other functionality that OSNs provide. This decoupling lets users control their own social information: they can decide which OSN provider should store it, which third parties should have access to it, or they can even choose to manage it themselves. Such flexibility better accommodates OSN users’ privacy needs and preferences. Second, Lockr ensures that digitally signed social relationships needed to access social data cannot be re-used by the OSN for unintended purposes. This feature drastically reduces the value to others of social content that users entrust to OSN providers. Finally, Lockr enables message encryption using a social relationship key. This key lets two strangers with a common friend verify their relationship without exposing it to others, a common privacy threat when sharing data in a decentralized scenario. This paper relates Lockr’s design and implementation and shows how we integrate it with Flickr, a centralized OSN, and BitTorrent, a decentralized one. Our implementation demonstrates Lockr’s critical primary benefits for privacy as well as its secondary benefits for simplifying site management and accelerating content delivery. These benefits were achieved with negligible performance cost and overhead.