d² Deleting Diaspora: Practical attacks for profile discovery and deletion

Author

Schulz, Stephan ; Strufe, Thorsten

Author_Institution

Mercedes-Benz Res., Palo Alto, CA, USA

fYear

2013

fDate

9-13 June 2013

Firstpage

2042

Lastpage

2046

Abstract

With over 400,000 active users, Diaspora is the largest decentralized Online Social Network, today. Decentralization entails complications, especially for user discovery and meaningful authorization. Analysing the system, we identified two vulnerabilities and implemented exploits that could be used to first locate a large fraction of the users, and then delete their profiles including all information from the system entirely, without any privileges whatsoever. We show the feasibility of both attacks, and provide means for mitigation as well as general recommendations to avoid such vulnerabilities in decentralized systems in the future.

Keywords

authorisation; data privacy; social networking (online); authorization; d² deleting Diaspora; decentralized online social network; decentralized systems; profile deletion; profile discovery; user discovery; Authentication; Electronic mail; Feeds; Protocols; Servers; Social network services;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (ICC), 2013 IEEE International Conference on

Conference_Location

Budapest

ISSN

1550-3607

Type

conf

DOI

10.1109/ICC.2013.6654826

Filename

6654826

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2076099

d2 Deleting Diaspora: Practical attacks for profile discovery and deletion

Schulz, Stephan ; Strufe, Thorsten

conf

d² Deleting Diaspora: Practical attacks for profile discovery and deletion