Social networking services have been transformed from one-stop websites, to social interaction platforms deeply integrated with third-party websites, applications, and even operating systems. As prominent examples, social plugins such as Facebook's Like and Google's +1 buttons enable websites to offer personalized content and allow their visitors to seamlessly share and interact with their social circles, while Facebook and Twitter support is already integrated in iOS 6.
These social features offer multifaceted benefits to both users and content providers, and have driven their widespread adoption across the web and the mobile application ecosystem. However, this increasing integration has raised concerns about the implications of these social features to user privacy, as they enable social networking services to track a growing part of their members' activity, including their browsing histories, locations, and communications.
The research in this project seeks to address these privacy concerns by exploring a novel design for privacy-preserving virtual private social networks, which fulfills two seemingly contradicting requirements: it protects user privacy by minimizing the transmission of user-identifying information to the social networking platform, while preserving all existing functionality by delivering the same personalized content. The main insight of this approach is to shift content personalization from a server-side to a client-side process, by decoupling the retrieval of potentially sensitive social information from the presentation of personalized content that uses that information. The PIs are developing a personalized "information overlay" that prefetches information from a user's social circle independently of third-party accesses, and keeps this information consistent across the user's devices. The outcomes of this research effort are expected to significantly improve the privacy of members of social networking services, without degrading the current personalization experience to which they have grown accustomed.
Protecting Insecure Communications with Topology-aware Network Tunnels
Georgios Kontaxis, and Angelos D. Keromytis. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS). October 2016, Vienna, Austria.
How to Train your Browser: Preventing XSS Attacks Using Contextual Script Fingerprints
Dimitris Mitropoulos, Kostantinos Stroggylos, Diomidis Spinellis and Angelos D. Keromytis. ACM Transactions on Privacy and Security (TOPS), 19(1), July 2016.
The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Informations
Suphannee Sivakorn*, Iasonas Polakis*, and Angelos D. Keromytis. In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P). May 2016, San Jose, CA. (to appear)
*Joint primary authors
I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs
Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P). March 2016, Saarbrucken, Germany. (to appear)
Social Forensics: Searching for Needles in Digital Haystackss
Iasonas Polakis, Panagiotis Ilia, Zacharias Tzermias, Sotiris Ioannidis, and Paraskevi Fragopoulou. In Proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). November 2015, Kyoto, Japan.
Where's Wally? Precise User Discovery Attacks in Location Proximity Services
Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, and Angelos D. Keromytis. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). October 2015, Denver, CO.
Face/Off: Preventing Privacy Leakage From Photos in Social Networks
Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). October 2015, Denver, CO.
Tracking Protection in Firefox For Privacy and Performance
Georgios Kontaxis, and Monica Chew. In Proceedings of the 9th Workshop on Web 2.0 Security and Privacy (W2SP). May 2015, San Jose, CA.
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS). November 2014, Scottsdale, AZ.
Think before RT: An Experimental Study of Abusing Twitter Trends
Despoina Antonakaki, Iasonas Polakis, Elias Athanasopoulos, Vivi Fragopoulou, and Sotiris Ioannidis. In Proceedings of the International Workshop on Social Influence (SI). November 2014, Barcelona, Spain.
Security and Privacy Measurements in Social Networks: Experiences and Lessons Learned
Iasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis. In Proceedings of the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). September 2014, Wroclaw, Poland.
K-Subscription: Privacy-preserving Microblogging Browsing through Obfuscation
Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, and Evangelos P. Markatos. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC). December 2013, New Orleans, LA.
Privacy-Preserving Social Plugins
Georgios Kontaxis, Michalis Polychronakis, Angelos D. Keromytis, and Evangelos P. Markatos. In Proceedings of the 21st USENIX Security Symposium. August 2012, Bellevue, WA.
- SafeButton, an extension for the Firefox and Chrome Web browsers that provides privacy-preserving versions of the social widgets offered by major social networking services.
- LBSProximityAuditor, a framework that allows security researchers to evaluate the privacy offered by proximity-based services against attacks attempting to discover users' locations.