The article covers the third-party application ability to aggregate and repurpose personal data as a weakness of a fundamental privacy. It also presents a background for these applications on the basis of Facebook, provides a threat model and suggest possible solutions.
Two problems have been analyzed and appropriate solutions have been proposed. The first problem is a Kevin Bacon attack in which an application shares user’s private information with his/her friends. When the application is run by the friend, it is accessible to him and then moves forward to a new set of friends. It has been suggested that in order to prevent this kind of attack, it is necessary to restrict the flow of information within 1-hop social network of the users. The second analyzed problem is granting developers aggregate access as they need access to aggregate application data to monitor, debug or create application functionality. It has been stated that this issue requires two solutions including a primer on differential privacy and querying aggregate user data.
The article also describes a prototype implementation of the proposed system and evaluates the tradeoff of privacy versus accuracy in the context of differential privacy of social networking applications. The suggested implementation does not need any ability for user credential validation and tight integration with the host OSN. For practical demonstration, a benchmark quiz application was built.