short-paper

Where's Wally?: How to Privately Discover your Friends on the Internet

Authors:

Panagiotis Papadopoulos,

Antonios A. Chariton,

Elias Athanasopoulos,

Evangelos P. MarkatosAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 425 - 430

https://doi.org/10.1145/3196494.3196496

Published: 29 May 2018 Publication History

Abstract

Internet friends who would like to connect with each other (e.g., VoIP, chat) use point-to-point communication applications such as Skype or WhatsApp. Apart from providing the necessary communication channel, these applications also facilitate contact discovery, where users upload their address-book and learn the network address of their friends. Although handy, this discovery process comes with a significant privacy cost: users are forced to reveal to the service provider every person they are socially connected with, even if they do not ever communicate with them through the app. In this paper, we show that it is possible to implement a scalable User Discovery service, without requiring any centralized entity that users have to blindly trust. Specifically, we distribute the maintenance of the users» contact information, and allow their friends to query for it, just as they normally query the network for machine services. We implement our approach in PROUD: a distributed privacy-preserving User Discovery service, which capitalizes on DNS. The prevalence of DNS makes PROUD immediately applicable, able to scale to millions of users. Preliminary evaluation shows that PROUD provides competitive performance for all practical purposes, imposing an overhead of less than 0.3 sec per operation.

References

[1]

M. Ali, R. Shea, J. Nelson, and M. J. Freedman. Blockstack: A new internet for decentralized applications. Technical Report, 2017.

[2]

S. Angel and S. Setty. Unobservable communication over fully untrusted infrastructure. In OSDI'16.

Digital Library

[3]

BI Intelligence. Messaging apps are now bigger than social networks. http://www.businessinsider.com/the-messaging-app-report-2015--11, 2016.

[4]

N. Borisov, G. Danezis, and I. Goldberg. Dp5: A private presence service. In PET'15.

[5]

A. A. Chariton, E. Degkleri, P. Papadopoulos, P. Ilia, and E. P. Markatos. Dcsp: Performant certificate revocation a dns-based approach. In EuroSec '16.

Digital Library

[6]

B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. In FOCS'95, 1995.

Digital Library

[7]

B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In ATC '05.

Digital Library

[8]

Google. Google ipv6 statistics. https://www.google.com/intl/en/ipv6/statistics.html.

[9]

P. Hoffman and J. Schlyter. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. https://tools.ietf.org/html/rfc6698, 2012.

[10]

C. Jernigan and B. F. Mistree. Gaydar: Facebook friendships expose sexual orientation. First Monday, 14(10), 2009.

[11]

T. Kato, N. Ishikawa, H. Sumino, J. Hjelm, Y. Yu, and S. Murakami. A platform and applications for mobile peer-to-peer communications. In MobEA '03, 2003.

[12]

J. Kopstein. The mission to decentralize the internet. http://www.newyorker.com/tech/elements/the-mission-to-decentralize-the-internet, 2013.

[13]

M. Krochmal and S. Cheshire. Dns-based service discovery. 2013.

[14]

B. Laurie. Apres-a system for anonymous presence. Technical Report.

[15]

S. Le Blond, C. Zhang, A. Legout, K. Ross, and W. Dabbous. I know where you are and what you are sharing: Exploiting p2p communications to invade users' privacy. In IMC '11.

Digital Library

[16]

Legion of the Bouncy Castle Inc. Bouncy castle crypto apis. http://www.bouncycastle.org/.

[17]

J. R. Levine. Dns based blacklists and whitelists. 2010.

[18]

R. Ling and N. S. Baron. Text messaging and im linguistic comparison of american college data. Journal of Language and Social Psychology, 2007.

[19]

M. Marlinspike. Technology preview: Private contact discovery for signal. https://signal.org/blog/private-contact-discovery/, 2017.

[20]

P. Maymounkov and D. Mazières. Kademlia: A peer-to-peer information system based on the xor metric. In IPTPS'01.

Digital Library

[21]

A. Mislove, B. Viswanath, K. P. Gummadi, and P. Druschel. You are who you know: Inferring user profiles in online social networks. In WSDM '10, 2010.

Digital Library

[22]

T. Narten, R. Draves, and S. Krishnan. Privacy extensions for stateless address autoconfiguration in ipv6. 2007.

[23]

P. Olson. Facebook closes 19 billion whatsapp deal. www.forbes.com/sites/parmyolson/2014/10/06/facebook-closes-19-billion-whatsapp-deal.

[24]

E. P. Papadopoulos, M. Diamantaris, P. Papadopoulos, T. Petsas, S. Ioannidis, and E. P. Markatos. The long-standing privacy debate: Mobile websites vs mobile apps. In WWW'17.

Digital Library

[25]

P. Papadopoulos, N. Kourtellis, and E. P. Markatos. The cost of digital advertisement: Comparing user and advertiser views. In WWW'18.

Digital Library

[26]

P. Papadopoulos, N. Kourtellis, and E. P. Markatos. Exclusive: How the (synced) cookie monster breached my encrypted vpn session. In Eurosec'18.

Digital Library

[27]

P. Papadopoulos, N. Kourtellis, P. R. Rodriguez, and N. Laoutaris. If you are not paying for it, you are the product: How much do advertisers pay to reach you? In IMC '17.

Digital Library

[28]

P. Papadopoulos, A. Papadogiannakis, M. Polychronakis, A. Zarras, T. Holz, and E. P. Markatos. K-subscription: Privacy-preserving microblogging browsing through obfuscation. In ACSAC '13.

Digital Library

[29]

A. Peterson. Bankrupt radioshack wants to sell off user data. but the bigger risk is if a facebook or google goes bust. https://www.washingtonpost.com/news/the-switch/wp/2015/03/26/bankrupt-radioshack-wants-to-sell-off-user-data-but-the-bigger-risk-is-if-a-facebook-or-google-goes-bust/, 2015.

[30]

Ratatype. Average typing speed infographic. http://www.ratatype.com/learn/average-typing-speed/.

[31]

M. Richtel. F.t.c. moves to halt sale of database at toysmart. http://www.nytimes.com/2000/07/11/business/ftc-moves-to-halt-sale-of-database-at-toysmart.html, 2000.

[32]

G. M. Robert-Jan Bartunek, Philip Blenkinsop. Eu fines facebook 110 million euros over whatsapp deal. http://www.reuters.com/article/us-eu-facebook-antitrust-idUSKCN18E0LA, 2017.

[33]

S. Rowlands. Mobile messaging: War of the words. Whitepaper, 2014.

[34]

D. Solove. Going bankrupt with your personal data. https://www.teachprivacy.com/going-bankrupt-with-your-personal-data/, 2015.

[35]

I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In SIGCOMM'01.

Digital Library

[36]

J. Van Den Hooff, D. Lazar, M. Zaharia, and N. Zeldovich. Vuvuzela: Scalable private messaging resistant to traffic analysis. In SOSP'15.

Digital Library

[37]

M. Wachs, M. Schanzenbach, and C. Grothoff. A censorship-resistant, privacy-enhancing and fully decentralized name system. In CANS'14.

Digital Library

[38]

B. Wellington. The dnsjava project. http://www.xbill.org/dnsjava/, 2002.

[39]

J. I. Wong. Here's how often apple, google, and others handed over data when the us government asked for it. https://qz.com/620423/heres-how-often-apple-google-and-others-handed-over-data-when-the-us-government-asked-for-it/, 2016.

[40]

Z. Xiao, L. Guo, and J. Tracey. Understanding instant messaging traffic characteristics. In ICDCS '07.

Digital Library

Cited By

Kales DRechberger CSchneider TSenker MWeinert CHeninger NTraynor P(2019)Mobile private contact discovery at scaleProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361439(1447-1464)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361439
Liu FTang YWang L(2019)eHAPAC: A Privacy-Supported Access Control Model for IP-Enabled Wireless Sensor NetworksSensors10.3390/s1907151319:7(1513)Online publication date: 28-Mar-2019
https://doi.org/10.3390/s19071513
Kornilakis APapadopoulos PMarkatos E(2019)Incognitus: Privacy-Preserving User Interests in Online Social NetworksInformation and Operational Technology Security Systems10.1007/978-3-030-12085-6_8(81-95)Online publication date: 30-Jan-2019
https://doi.org/10.1007/978-3-030-12085-6_8

Index Terms

Where's Wally?: How to Privately Discover your Friends on the Internet
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Privacy-preserving protocols
    2. Pseudonymity, anonymity and untraceability

Recommendations

Measuring the Leakage of Onion at the Root: A measurement of Tor's .onion pseudo-TLD in the global domain name system
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic Society

The Tor project provides individuals with a mechanism of communicating anonymously on the Internet. Furthermore, Tor is capable of providing anonymity to servers, which are configured to receive inbound connections only through Tor---more commonly ...
Where's @wally?: a classification approach to geolocating users based on their social ties
HT '13: Proceedings of the 24th ACM Conference on Hypertext and Social Media

This paper presents an approach to geolocating users of online social networks, based solely on their 'friendship' connections. We observe that users interact more regularly with those closer to themselves and hypothesise that, in many cases, a person's ...
A Longitudinal Analysis of .i2p Leakage in the Public DNS Infrastructure
SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM Conference

The Invisible Internet Project (I2P) is an overlay network that provides secure and anonymous communication channels. EepSites are the anonymous websites hosted in the I2P network. To access the eepSites, DNS requests of a domain name suffixed with the {...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

European Union's Marie Sklodowska-Curie

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
171
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kales DRechberger CSchneider TSenker MWeinert CHeninger NTraynor P(2019)Mobile private contact discovery at scaleProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361439(1447-1464)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361439
Liu FTang YWang L(2019)eHAPAC: A Privacy-Supported Access Control Model for IP-Enabled Wireless Sensor NetworksSensors10.3390/s1907151319:7(1513)Online publication date: 28-Mar-2019
https://doi.org/10.3390/s19071513
Kornilakis APapadopoulos PMarkatos E(2019)Incognitus: Privacy-Preserving User Interests in Online Social NetworksInformation and Operational Technology Security Systems10.1007/978-3-030-12085-6_8(81-95)Online publication date: 30-Jan-2019
https://doi.org/10.1007/978-3-030-12085-6_8

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents