Model and service for privacy in decentralized online social networks

George Pacheco Pinto; José Ronaldo Leles Jr.; Cíntia da Costa Souza; Paulo R. de Souza; Frederico Araújo Durão; Cássio Prazeres

doi:10.1016/j.jnlest.2025.100302

Journal of Electronic Science and Technology ›› 2025, Vol. 23 ›› Issue (1) :100302 DOI: 10.1016/j.jnlest.2025.100302

research-article

Model and service for privacy in decentralized online social networks

Author information +

Department of Computer Science, Federal University of Bahia, 40.170-110, Salvador, Brazil

^* E-mail addresses: georgepacheco@ifba.edu.br (G.P. Pinto),

juniorleles80@gmail.com (J.R. Leles),

cintiacosta5@gmail.com (C. da Costa Souza),

paulo.prsdesouza@ufba.br (P.R. de Souza),

fdurao@ufba.br (F.A. Durão),

prazeres@ufba.br (C. Prazeres).

George Pacheco Pinto is currently a professor and pursuing the Ph.D. degree in computer science at the Federal University of Bahia (UFBA), Salvador, Brazil. He obtained the M.S. degree in computer and systems from Salvador University, Buenos Aires, Argentina. His research interests include the Internet of things, personal data stores, decentralized online social network, and privacy.

José Ronaldo Jr is a software developer with the M.S. degree in computer science from UFBA. His research interests include semantic web, decentralized online social networks, distributed systems, and software architecture.

Cíntia da Costa Souza is a technology professor with the M.S. degree in computer science from UFBA. Her research interests include web systems, decentralized social networks, and data provenance.

Paulo R. de Souza is an academic researcher and pursuing the Ph.D. degree in the Department of Computer Science, UFBA. He received the M.S. degree from UFBA in 2019. He also received the MBA degree in database administration from Faculty of Administration and Business of Sergipe, Aracaju, Sergipe, Brazil in 2016. He is a member of the RecSys Research Group and his main research interests include recommender systems, social web, and web development.

Frederico Araújo Durão is an associate professor with the Department of Computer Science, UFBA. He is a senior researcher and the Project Leader of the RecSys Research Group in Brazil. He completed his post-doctoral research at the Insight Centre for Data Analysis, University College Cork, Cork, Ireland, in 2016/2017. In 2012, he received the Ph.D. degree in computer science from Aalborg University, Aalborg, Denmark. His research focuses on information systems, recommender systems, and the semantic web.

Cássio Prazeres is an associate professor with the Department of Computer Science, UFBA. He received the Ph.D. degree from the University of São Paulo, São Paulo, Brazil. He co-founded the WISER Research Group and is an IEEE Senior Member. His research focuses on Internet of things, microservices, fog/edge computing, and edge artificial intelligence.

Show less

History +

PDF (4023KB)

Abstract

Intensely using online social networks (OSNs) makes users concerned about privacy of data. Given the centralized nature of these platforms, and since each platform has a particular storage mechanism, authentication, and access control, their users do not have the control and the right over their data. Therefore, users cannot easily switch between similar platforms or transfer data from one platform to another. These issues imply, among other things, a threat to privacy since such users depend on the interests of the service provider responsible for administering OSNs. As a strategy for the decentralization of the OSNs and, consequently, as a solution to the privacy problems in these environments, the so-called decentralized online social networks (DOSNs) have emerged. Unlike OSNs, DOSNs are decentralized content management platforms because they do not use centralized service providers. Although DOSNs address some of the privacy issues encountered in OSNs, DOSNs also pose significant challenges to consider, for example, access control to user profile information with high granularity. This work proposes developing an ontological model and a service to support privacy in DOSNs. The model describes the main concepts of privacy access control in DOSNs and their relationships. In addition, the service will consume the model to apply access control according to the policies represented in the model. Our model was evaluated in two phases to verify its compliance with the proposed domain. Finally, we evaluated our service with a performance evaluation, and the results were satisfactory concerning the response time of access control requests.

Keywords

Access control / Decentralized online social network / Ontology / Privacy

Cite this article

Download citation ▾

George Pacheco Pinto, José Ronaldo Leles Jr., Cíntia da Costa Souza, Paulo R. de Souza, Frederico Araújo Durão, Cássio Prazeres. Model and service for privacy in decentralized online social networks. Journal of Electronic Science and Technology, 2025, 23(1): 100302 DOI:10.1016/j.jnlest.2025.100302

登录浏览全文

4963

注册一个新账户忘记密码

Credit authorship contribution statement

George Pacheco Pinto: Writing–original draft and review, Methodology, Experiments, Evaluation. José Ronaldo Leles Jr.: Writing–original draft and review, Methodology, Experiments, Evaluation. Cíntia da Costa Souza: Writing–review, Evaluation. Paulo R. de Souza: Writing–review, Experiments. Frederico Araújo Durão: Writing–review, Experiments, Evaluation. Cássio Prazeres: Writing–review, Experiments, Evaluation.

Declaration of competing interest

The authors declare no conflicts of interest.

Acknowledgement

The authors would like to thank Fundação de Amparo à Pesquisa do Estado da Bahia (FAPESB), Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES), and Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq) organizations for supporting the Graduate Program in Computer Science at the Federal University of Bahia.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	R. Verborgh, Re-decentralizing the web, for good this time, O. Seneviratne, J. Hendler (Eds.), Linking the World’s Information: Essays on Tim Berners-Lee’s Invention of the World Wide, ACM, New York, USA, (2023), pp. 215-230.

[2]	B. Guidi, M. Conti, A. Passarella, L. Ricci, Managing social contents in decentralized online social networks: a survey, Online Social Networks and Media 7 (2018) 12-29.

[3]	A. Heravi, S. Mubarak, K.K.R. Choo, Information privacy in online social networks: uses and gratification perspective, Comput. Hum. Behav. 84 (2018) 441-459.

[4]	R. Verborgh, Decentralizing the semantic web through incentivized collaboration, in: Proc. of the 17th Intl. SemanticWeb Conf, (2018), pp. 1-5. Monterey, USA.

[5]	A. De Salve, P. Mori, L. Ricci, A survey on privacy in decentralized online social networks, Comput. Sci. Rev. 27 (2018) 154-176.

[6]	M. Westerkamp, S. Göndör, A. Küpper, Tawki: towards self-sovereign social communication, in: Proc. of IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), Newark, USA, (2019), pp. 29-38.

[7]	B. Guidi, A. Michienzi, K. Koidl, K. Kapanova, A multilayer social overlay for new generation dosns, in: Proc. of the 5th EAI Intl. Conf, Smart Objects and Technologies for Social Good, (2019), pp. 114-119. Valencia, Spain.

[8]	L.A. Cutillo, R. Molva, T. Strufe, Safebook: a privacy-preserving online social network leveraging on real-life trust, IEEE Commun. Mag. 47 (12) (2009) 94-101.

[9]	G. Cascavilla, F. Beato, A. Burattin, M. Conti, L.V. Mancini, OSSINT - Open Source Social Network Intelligence: an Efficient and Effective Way to Uncover “Private” Information in OSN Profiles, Online Social Networks and Media 6 (2018) 58-68.

[10]	E. Erdin, E. Klukovich, G. Gunduz, M.H. Gunes, POSN: a personal online social network, in: Proc. of the 30th IFIP TC 11 Intl. Conf. on ICT Systems Security and Privacy ProtectionHamburg, Germany, (2015), pp. 51-66.

[11]	S. Taheri-Boshrooyeh, A. Küpçü, Ö. Özkasap, Security and privacy of distributed online social networks, in: Proc. of the 35th Intl. Conf. on Distributed Computing Systems Workshops, Columbus, USA, 2015, 112–119.

[12]	D. Koll, J. Li, X.-M. Fu, The good left undone: advances and challenges in decentralizing online social networks, Comput. Commun. 108 (2017) 36-51.

[13]	A.J. Marcella, C. Stucki, Privacy Handbook: Guidelines, Exposures, Policy Implementation, and International Issues, John Wiley & Sons Inc., Hoboken, (2003).

[14]	A. De Salve, D. Di Francesco Maesa, P. Mori, L. Ricci, A. Puccia, A multi-layer trust framework for self sovereign identity on blockchain, Online Social Networks and Media 37–38 (2023), Article 100265.

[15]	I. Kayes, A. Iamnitchi, Privacy and security in online social networks: a survey, Online Social Networks and Media 3–4 (2017), pp. 1-21.

[16]	M. Buffa, C. Faron-Zucker, Ontology-based access rights management, F. Guillet, G. Ritschard, D.A. Zighed (Eds.), Advances in Knowledge Discovery and Management, Springer, Berlin, Germany, (2012), pp. 49-61.

[17]	R. Bhatia, M. Singh, An implementation model for privacy aware access control in web services environment, in: Proc. of Intl. Conf. on ICT for Sustainable Development, Springer, Singapore, (2016), pp. 475-484.

[18]	M. Belaazi, H.B. Rahmouni, A. Bouhoula, An ontology regulating privacy oriented access controls, in: Proc. of the 10th Intl. Conf. on Risks and Security of Internet and Systems, Mytilene, Greece, (2016), pp. 17-35.

[19]	J. Ahmed, Privacy in online social networks: an ontological model for self-presentation, in: Proc. of the 7th Intl. Conf. on Knowledge Engineering and Semantic Web, Prague, Czech Republic, (2016), pp. 56-70.

[20]	Y. Cheng, J. Park, R. Sandhu, An access control model for online social networks using user-to-user relationships, IEEE T. Depend. Secure 13 (4) (2016) 424-436.

[21]	A. De Salve, B. Guidi, A. Michienzi, Exploiting community detection to recommend privacy policies in decentralized online social networks, in: Proc. of European Conf. on Parallel Processing, (2018), pp. 573-584. Turin, Italy.

[22]	L. Bahri, B. Carminati, E. Ferrari, Decentralized privacy preserving services for online social networks, Online Social Networks and Media 6 (2018) 18-25.

[23]	E. Mansour, A.V. Sambra, S. Hawke, et al., A demonstration of the Solid platform for social web applications, in: Proc. of the 25th Intl. Conf. Companion on World Wide Web, Montréal, Canada, (2016), pp. 223-226.

[24]	B. Dodson, I. Vo, T. Purtell, A. Cannon, M. Lam, Musubi: disintermediated interactive social feeds for mobile devices, in: Proc. of the 21st Intl. Conf. on World Wide Web, Lyon, France, 2012, pp. 211–220.

[25]	M. Van Kleek, D.A. Smith, N. Shadbolt, M.C. Schraefel, A decentralized architecture for conSolidating personal information ecosystems: the webbox, in: Proc. of Personal Information Management (PIM), Seattle, USA, (2012), pp. 1-4.

[26]	A. Bielenberg, L. Helm, A. Gentilucci, D. Stefanescu, H.-G. Zhang, The growth of diaspora: a decentralized online socialnetwork in the wild, in: Proc. of IEEE INFOCOM Workshops, Orlando, USA, 2012, pp. 13–18.

[27]	B. Esteves, H.J. Pandit, V. Rodriguez-Doncel, ODRL profile for expressing consent through granular access control policies in Solid, in: Proc. of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria, 2021, pp. 298–306.

[28]	T. Berners-Lee, H. Story, S. Capadisli, Web Access Control [Online]. Available, https://Solid.github.io/web-access-control-spec/, June 2024.

[29]	L. Jiang, X.-L. Zhang, BCOSN: a blockchain-based decentralized online social network, IEEE T. Comput. Soc. Sy. 6 (6) (2019) 1454-1466.

[30]	R. Belchior, B. Putz, G. Pernul, M. Correia, A. Vasconcelos, S. Guerreiro, SSIBAC: self-sovereign identity based access control, in: Proc. of the 19th Intl. Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom), (2020), pp. 1935-1943. Guangzhou, China.

[31]	M.U. Rahman, B. Guidi, F. Baiardi, Blockchain-based Access Control Management for Decentralized Online Social Networks, J. Parallel Distr. Com. 144 (2020) 41-54.

[32]	S. Abid, I. Daud, Automated and dynamic access control management in OSN, in: Proc. of the Intl. Conf. on Innovative Computing (ICIC), Lahore, Pakistan, 2021, pp. 1–6.

[33]	C. Braun, T. Käfer, Attribute-based access control on Solid pods using privacy-friendly credentials, in: Proc. of Poster and Demo Track and Workshop Track of the 18th Intl. Conf. on Semantic Systems Co-located with 18th Intl. Conf. on Semantic Systems, SEMANTiCS 2022) (Vienna, Austria, (2022), 1-5.

[34]	D. Tama, A. Wicaksana, Performance evaluation of decentralized social media on near protocol blockchain, in: Proc. of the 17th Intl. Conf. on Ubiquitous Information Management and Communication (IMCOM), (2023), pp. 1-4. Seoul, Korea.

[35]	C. Gates, Access control requirements for web 2.0 security and privacy, IEEE Web 2 (2007) 1-3.

[36]	B. Carminati, E. Ferrari, Privacy-aware access control in social networks: issues and solutions, J. Nin, J. Herranz (Eds.), Privacy and Anonymity in Information Management Systems, Springer, London, UK, (2010), pp. 181-195.

[37]	F. Raji, A. Miri, M.D. Jazi, Preserving privacy in online social networks, in: Proc. of the 4th Canada-France MITACS Conf. on Foundations and Practice of Security, Paris, France, (2012), pp. 1-13.

[38]	R. Sayaf, D. Clarke, Access control models for online social networks, L. Caviglione, M. Coccoli, A. Merlo (Eds.), Social Network Engineering for Secure Web Data and Services, IGI Global, Hershey, PA, (2014), pp. 32-65.

[39]	S. Capadisli, A. Guy, R. Verborgh, C. Lange, S. Auer, T. Berners-Lee, Decentralised authoring, annotations and notifications for a read-write web with dokieli, in: Proc. of the 17th Intl. Conf. on Web Engineering, Rome, Italy, 2017, pp. 469–481.

[40]	S. Bechhofer, F. Van Harmelen, J. Hendler, et al., OWL web ontology language reference, W3C recommendation[Online]. Available, http://www.w3.org/TR/owl-ref/, February 2004.

[41]	A.V. Sambra, E. Mansour, S. Hawke, et al., Solid: a platform for decentralized social applications based on linked data, MIT CSAIL & Qatar Comput. Res. Inst., Tech. Rep.,, (2016).

[42]	S. Tramp, P. Frischmuth, T. Ermilov, S. Shekarpour, S. Auer, An architecture of a distributed semantic social network, Semantic Web 5 (1) (2014) 77-95.

[43]	C. Esposito, O. Hartig, R. Horne, C. Sun, Assessing the Solid protocol in relation to security & privacy obligations [Online]. Available, https://arxiv.org/abs/2210.08270, October 2022.

[44]	N.F. Noy, D.L. McGuinness, Ontology Development 101: A Guide to Creating Your First Ontology, Stanford University, Palo Alto, (2001).

[45]	D. Brickley, L. Miller, FOAF vocabulary specification 0.99 [Online]. Available, http://xmlns.com/foaf/0.1/, January 2014.

[46]	J. McKinney, R. Iannella, vCard ontology - for describing people and organizations [Online]. Available, http://www.w3.org/TR/vcard-rdf/, May 2014.

[47]	M.S. Fox, International Contact Ontology: Addresses, Phone Numbers and Emails [Online]. Available, http://ontology.eil.utoronto.ca/icontact.html, April 2015.

[48]	C. Mungall, M. Haendel, W. Dahdul, et al., Relation Ontology: Relationship Types Shared across Multiple Ontologies [Online]. Available, https://obofoundry.org/ontology/ro.html, January 2020.

[49]	D. Berrueta, D. Brickley, S. Decker, et al., SIOC core ontology specification, W3C member submission, W3C [Online]. Available, http://www.w3.org/Submission/2007/SUBM-sioc-spec-20070612/, June 2007.

[50]	E. Sirin, B. Parsia, B.C. Grau, A. Kalyanpur, Y. Katz, Pellet: a practical OWL-DL reasoner, J. Web Semant. 5 (2) (2007) 51-53.

[51]	R. Porzel, R. Malaka, A task-based approach for ontology evaluation, in: Proc. of the ECAI Workshop on Ontology Learning and Population, Valencia, Spain, 2004, pp. 1–6.

[52]	J.P. Orlando, A. Rivolli, K.J. Serique, D.A. Moreira, Uma ferramenta web para visualização e edição de regras SWRL, in: Proc. of the Anais Estendidos do XVIII Simpósio Brasileiro de Sistemas Multimídia e Web, São Paulo, Brazil, (2012), pp. 51-54.

[53]

M.J. O, R.D. Shankar, M.A. Musen, A.K. Das, C. Nyulas, The SWRLAPI: a development environment for working with SWRL rules, C. Dolbear, A. Ruttenberg, U. Sattler (Eds.), in: Proceedings of the Fifth OWLED Workshop on OWL: Experiences and Directions, Collocated with the 7th International Semantic Web Conference (ISWC-2008), Karlsruhe, Germany, (2008), pp. 26-27.

[54]	C. Santana, E. Batista, B. Mello, C. Prazeres, FoT-rules: a semantic rule-based approach for smart spaces through fog of things, Int. J. Semantic Comput. (IJSC) 15 (1) (2021) 23-55.