Все статьи
Current news: "Facebook CEO Mark Zuckerberg testifies before Congress". Just take a minute and read the following abstract of the paper by my good friend, Amre Shakim. It was published 5 years ago!
"Services such as Facebook and Twitter host and disseminate data on behalf of billions of users. Because these services often manage personal data, they allow users to specify access policies controlling how their data is shared with others within the service. However, services also act as programming platforms, exporting users' data to third-party applications via remote APIs. Nearly all of these third-party applications execute on server infrastructure that is not controlled by the service. As a result, a service has no way to guarantee that data shared with a third-party application will be managed according to users' policies. Delegation protocols such as OAuth allow a user and service to confer or deny an application's right to access a data item, but once the item has been released there is no oversight of what the application does with it. In this paper, we present the design and implementation of a Multi-User Taint Tracker (MUTT), which ensures that third-party applications adhere to access policies defined by service users. We motivate MUTT's design by analyzing 170 Facebook apps and several services' Terms of Service, and demonstrate the feasibility of our design through experiments with a prototype implementation".
https://users.cs.duke.edu/~lpcox/shakimov-trios13.pdf