OUTOPIA: private user discovery on the internet
Authors: 
Panagiotis Papadopoulos, Michalis Pachilakis, Antonios A. Chariton, Evangelos P. MarkatosAuthors Info & Claims
Panagiotis Papadopoulos, Michalis Pachilakis, Antonios A. Chariton, Evangelos P. MarkatosAuthors Info & ClaimsPages 8 - 14
Abstract
Before being able to communicate with one another over the Internet, users in messaging applications need to discover each other and learn their IP addresses. Today, this User Discovery process is closely coupled with the communication provider. As a result, these providers are able to find (i) who is talking to whom, (ii) who is friends with whom and (iii) where is everybody located in the Internet address space at any time, even when there was no communication channel ever established, positioning this way themselves as powerful "Big Brothers".
In this paper, we show that it is easy for friends to discover each other without the need of a centralised service provider that monitors each and every move they make. We propose OUTOPIA: a system to provide privacy-preserving User Discovery on the Internet. With OUTOPIA, users are able to discover each other, without revealing their social connections. We implemented a prototype of our approach and showed that it is inherently scalable, able to handle tens of thousands of users per server. Our preliminary performance results suggest that users are able to discover each other in no more than a few milliseconds, while generating negligible traffic overall.
References
[1]
Whatsapp. Whatsapp encryption overview - technical white paper. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf.
[2]
Facebook Inc. Messenger secret conversations - technical whitepaper. https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper-1.pdf.
[3]
Apple Inc. iOS Security Guide - White Paper. https://apple.com/business/docs/iOS_Security_Guide.pdf.
[4]
Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, and Thomas Schneider. All the numbers are us: Large-scale abuse of contact discovery in mobile messengers. In Proceedings of the Network and Distributed System Security Symposium, NDSS'20, 2020.
[5]
Alan Mislove, Bimal Viswanath, Krishna P. Gummadi, and Peter Druschel. You are who you know: Inferring user profiles in online social networks. In Proceedings of the Third ACM International Conference on Web Search and Data Mining, WSDM, 2010.
[6]
Elizabeth Denham. Why we should worry about whatsapp accessing our personal information. https://www.theguardian.com/commentisfree/2016/nov/10/whatsapp-access-personal-information-privacy-facebook-consumers-information-commission, 2016.
[7]
Andrea Peterson. Bankrupt radioshack wants to sell off user data. but the bigger risk is if a facebook or google goes bust. https://www.washingtonpost.com/news/the-switch/wp/2015/03/26/bankrupt-radioshack-wants-to-sell-off-user-data-but-the-bigger-risk-is-if-a-facebook-or-google-goes-bust/, 2015.
[8]
Yael Grauer. What are data brokers, and why are they scooping up information about you? https://motherboard.vice.com/en_us/article/bjpx3w/what-are-data-brokers-and-how-to-stop-my-private-data-collection.
[9]
Federal Trade Commission. FTC sues failed website, toysmart.com, for deceptively offering for sale personal information of website visitors. https://www.ftc.gov/news-events/press-releases/2000/07/ftc-sues-failed-website-toysmartcom-deceptively-offering-sale, 2000.
[10]
Parmy Olson. Facebook closes 19 billion whatsapp deal. www.forbes.com/sites/parmyolson/2014/10/06/facebook-closes-19-billion-whatsapp-deal.
[11]
Greg Mahlich Robert-Jan Bartunek, Philip Blenkinsop. Eu fines facebook 110 million euros over whatsapp deal. http://www.reuters.com/article/us-eu-facebook-antitrust-idUSKCN18E0LA, 2017.
[12]
Julie Tate Barton Gellman and Ashkan Soltani. In nsa-intercepted data, those not targeted far outnumber the foreigners who are. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html, 2014.
[13]
Andy Greenberg. Google hands over user data for 94% of u.s. law enforcement requests. https://www.forbes.com/sites/andygreenberg/2011/06/27/google-hands-over-user-data-for-94-of-law-enforcement-requests/#7f8f1dc62f89.
[14]
Joon Ian Wong. Here's how often apple, google, and others handed over data when the us government asked for it. https://qz.com/620423/heres-how-often-apple-google-and-others-handed-over-data-when-the-us-government-asked-for-it/.
[15]
Carter Jernigan and Behram FT Mistree. Gaydar: Facebook friendships expose sexual orientation. First Monday, 14(10), 2009.
[16]
Moxie Marlinspike. Technology preview: Private contact discovery for signal. https://signal.org/blog/private-contact-discovery/, 2017.
[17]
Alma Whitten and J. D. Tygar. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium (USENIX Security 99), Washington, D.C., August 1999. USENIX Association.
[18]
Jelle Van Den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. Vuvuzela: Scalable private messaging resistant to traffic analysis. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP'15, 2015.
[19]
Ben Laurie. Apres-a system for anonymous presence. Technical Report, 2004.
[20]
Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An anonymous messaging system handling millions of users. arXiv preprint arXiv:1503.06115, 2015.
[21]
David Isaac Wolinsky, Henry Corrigan-Gibbs, Bryan Ford, and Aaron Johnson. Dissent in numbers: Making strong anonymity scale. In Presented as part of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI, 2012.
[22]
Sebastian Angel and Srinath Setty. Unobservable communication over fully untrusted infrastructure. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI'16, 2016.
[23]
Nikita Borisov, George Danezis, and Ian Goldberg. Dp5: A private presence service. In Proceedings on Privacy Enhancing Technologies, PETs'15, 2015.
[24]
Raymond Cheng, William Scott, Elisaweta Masserova, Irene Zhang, Vipul Goyal, Thomas Anderson, Arvind Krishnamurthy, and Bryan Parno. Talek: Private group messaging with hidden access patterns. In Annual Computer Security Applications Conference, pages 84--99, 2020.
[25]
Ania M Piotrowska, Jamie Hayes, Nethanel Gelernter, George Danezis, and Amir Herzberg. Anonotify: A private notification service. IACR Cryptol. ePrint Arch., 2016:466, 2016.
[26]
Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. In Foundations of Computer Science, 1995. Proceedings., 36th Annual Symposium on, FCC'95. IEEE, 1995.
[27]
Panagiotis Papadopoulos, Antonios A Chariton, Elias Athanasopoulos, and Evangelos P Markatos. Where's wally? how to privately discover your friends on the internet. In Proceedings of 13th ACM ASIA Conference on Information, Computer and Communications Security, ASIACCS'18, 2018.
[28]
David McCandless. World's biggest data breaches. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/, 2015.
[29]
Brian Krebs. Privacy 101: Skype leaks your location. http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/, 2013.
[30]
Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, and Walid Dabbous. I know where you are and what you are sharing: exploiting p2p communications to invade users' privacy. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC'11, pages 45--60. ACM, 2011.
[31]
Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, and Evangelos P Markatos. K-subscription: Privacy-preserving microblogging browsing through obfuscation. In Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC'13, 2013.
[32]
Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, and Evangelos P. Markatos. Is privacy possible without anonymity? the case for microblogging services. In Proceedings of the 12th European Workshop on Systems Security, EuroSec, 2019.
[33]
Victor Shoup. A proposal for an iso standard for public key encryption (version 2.1). IACR E-Print Archive, 112, 2001.
[34]
V Gayoso Martínez, L Hernández Encinas, and C Sánchez Ávila. A survey of the elliptic curve integrated encryption scheme. ratio, 2010.
[35]
Sharad Goel, Mark Robson, Milo Polte, and Emin Sirer. Herbivore: A scalable and efficient protocol for anonymous communication. Technical report, Cornell University, 2003.
[36]
George Danezis, Claudia Diaz, Carmela Troncoso, and Ben Laurie. Drac: An architecture for anonymous low-volume communications. In Privacy Enhancing Technologies, PETs'10, 2010.
[37]
Ania M Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. The loopix anonymity system. In 26th {USENIX} Security Symposium ({USENIX} Security 17), pages 1199--1216, 2017.
[38]
David Lazar and Nickolai Zeldovich. Alpenhorn: Bootstrapping secure communication without leaking metadata. In In proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI'16, 2016.
Index Terms
- OUTOPIA: private user discovery on the internet
Recommendations
Mining uncertain data for constrained frequent sets
IDEAS '09: Proceedings of the 2009 International Database Engineering & Applications SymposiumData mining aims to search for implicit, previously unknown, and potentially useful pieces of information---such as sets of items that are frequently co-occurring together---that are embedded in data. The mined frequent sets can be used in the discovery ...
Efficient algorithms for mining constrained frequent patterns from uncertain data
U '09: Proceedings of the 1st ACM SIGKDD Workshop on Knowledge Discovery from Uncertain DataMining of frequent patterns is one of the popular knowledge discovery and data mining (KDD) tasks. It also plays an essential role in the mining of many other patterns such as correlation, sequences, and association rules. Hence, it has been the subject ...
Efficient algorithms for mining high-utility itemsets in uncertain databases
High-utility itemset mining (HUIM) is a useful set of techniques for discovering patterns in transaction databases, which considers both quantity and profit of items. However, most algorithms for mining high-utility itemsets (HUIs) assume that the ...
Comments
Information & Contributors
Information
Published In
April 2022
70 pages
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 April 2022
Check for updates
Qualifiers
- Research-article
Funding Sources
- EU H2020 Research and Innovation programme
Conference
EuroSys '22
Sponsor:
Acceptance Rates
Overall Acceptance Rate 241 of 1,308 submissions, 18%
Upcoming Conference
EuroSys '25
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 75Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)4
Reflects downloads up to 28 Dec 2024
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in