Title :
d2 Deleting Diaspora: Practical attacks for profile discovery and deletion
Author :
Schulz, Stephan ; Strufe, Thorsten
Author_Institution :
Mercedes-Benz Res., Palo Alto, CA, USA
Abstract :
With over 400,000 active users, Diaspora is the largest decentralized Online Social Network, today. Decentralization entails complications, especially for user discovery and meaningful authorization. Analysing the system, we identified two vulnerabilities and implemented exploits that could be used to first locate a large fraction of the users, and then delete their profiles including all information from the system entirely, without any privileges whatsoever. We show the feasibility of both attacks, and provide means for mitigation as well as general recommendations to avoid such vulnerabilities in decentralized systems in the future.
Keywords :
authorisation; data privacy; social networking (online); authorization; d2 deleting Diaspora; decentralized online social network; decentralized systems; profile deletion; profile discovery; user discovery; Authentication; Electronic mail; Feeds; Protocols; Servers; Social network services;
Conference_Titel :
Communications (ICC), 2013 IEEE International Conference on
Conference_Location :
Budapest
DOI :
10.1109/ICC.2013.6654826
