On Social Network Engineering for Secure Web Data and Services

Introduction

In recent years, Online Social Network (OSN) services (Boyd & Ellison, 2007) are becoming a consistent part of the Internet and the World Wide Web (WWW). In fact, they are used every day by millions of people, interacting through such platforms according to different flavors. Specifically:

• •

  By using the OSN in a stand-alone manner from a Web browser, for exploiting social duties, such as, maintaining or establishing relationships according to common interests, real-life partnerships, or for business development;

• •

  By exploiting the social infrastructure as an integrated communication platform, thus for sharing data, exchanging messages, or for audio/video conferencing;

• •

  By syncing their real-world activities and social knowledge with remote peers, making OSNs as the first massive technological enabler for the mobile Internet. We mention, among the others, the sharing of physical locations, contacts and events, photos, and reviews or suggestions about commercial activities or trips. In this case, important components are the hardware equipment of handheld devices, the ubiquitous availability of the Internet, and the introduction of ad-hoc client interfaces making the access to, and the control of, digital alter egos simple and effective;

• •

  By considering the OSN as a third party component. For instance, to share comments relying on such platform as a trusted identity manager, to keep track of visited sites and to declare interests about specific topics or brands;

• •

  By consuming data via the Application Programming Interfaces (APIs) made available by many services to build new applications, or by adopting the OSN as a real development platform.

Consequently, OSNs can be considered one of the most relevant advancements for creating an Internet of People, thus making the individual a central entity. However, focusing on “humans”, rather than devices or services, is not a complete novel concept. In more details, the World Wide Web Consortium (W3C) put a relevant effort in the creation of a Social Web (W3C, 2010). Notwithstanding, such a vision has been not implemented under its organic guidance, rather it has been progressively built according to ad-hoc OSN platforms and other services, e.g., those for sharing photo or for audio/video communications. As a result, the social organization, with the acceptation of services, APIs, human-to-machine interactions, and business-to-business logics, constitute a very split-space, resulting into mostly overlapped or closed sets of functionalities.

Needless to say, data stored and managed have great potentialities for the following reasons:

• 1.

  Performances of OSNs are tightly coupled with the accuracy of data provided by users. As an example, the more a user offers personal details, the better will be the outcome of algorithms used to suggests friends, potential business partners, reconnect with past classmates, or to find people sharing common interests. On the contrary, this can expose individuals to threats similar to those happening in real life, e.g., bullying (accordingly defined as cyber-bullying);

• 2.

  The popularity of social applications, jointly with their ubiquitous integration, e.g., via mash-ups, plug-ins and task-specific code snippets, can lead to massive data volumes describing persons, habits, preferences, and personal details; also, these sets ofdata may be also accessed by malicious applications, thus potentially compromising the privacy of the user;

• 3.

  The individual-centric nature of OSNs intrinsically gives a lot of freedom to users. In fact, people are owners of data, and everyone has different needs when constructing his/her alter ego, thus making information management and privacy settings often delegated to users, which may be circumvented or forced to spread their own data to malicious targets.