Social networking systems are usually huge centralized systems owned by a single company. However, this solution has many drawbacks (e.g., lack of privacy, lack of anonymity, risks of censorship, and operating costs). This chapter proposes a novel P2P system that leverages existing, widespread, and stable technologies such as DHTs and BitTorrent. In particular, it introduces a key-based identity system and a model of social relations for distributing content efficiently among interested readers. The proposed system, called Blogracy, is a micro-blogging social networking system focused on (1) anonymity and resilience to censorship, (2) authenticatable content, and (3) semantic interoperability using activity streams. This chapter presents the model and the implementation of the Blogracy system, discusses the experimentations to study its behavior, and presents their results regarding (1) communication delays for some simulations of node churn, (2) delays measured in test operations over PlanetLab in direct communication, and (3) through the I2P anonymizing network.
TopIntroduction
After the huge success of the early social networking systems, many other players came in the social networking market and nowadays hundreds of different social networking systems exist. Even if these social networking systems are greatly dissimilar in their user base and functionality, they are almost always centralized systems. The centralized nature allows a simple browser-based user experience and, moreover, many algorithms, e.g., friend suggestion, are far easier and more efficient to implement in this setting.
A drawback is that scaling centralized systems to tens or hundreds of millions of users is not an easy task. Certainly, existing systems demonstrate that the problem can be solved providing enough resources. However, the huge operative costs of supporting the infrastructure necessary to provide the service to millions of users can only be justified with robust business plans. While some social networking services have extremely differentiated business models (Hobart, 2011; McGrath, 2010), for most of them the primary source of income is advertisement and consequently they have a strong motive for: (i) using user provided data to increase performance for that purpose and (ii) even giving access to authorized commercial third parties to the data. This behavior poses serious threats to privacy and data protection issues and there are virtually no specific legislation or explicit guarantees.
Another problem is that many social networking systems have very demanding terms of service, essentially asking their users a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use content that they submit. Arguably, social networking sites tend to guide their users into “walled gardens,” without giving users full control over their own information because such information constitutes much of the company value (Berners-Lee, 2010; Shankland, 2010).
The last problem with centralized social networking systems is that service providers are in the position to perform a-priori or a-posteriori censorship and may be forced for legal reason: (i) to perform such actions, and (ii) to disclose all the information they have, no matter how private (Franchi, Poggi & Tomaiuolo, 2013). In fact, the recent clamor about the PRISM program and the release of classified documents by Edward Snowden (Greene, 2014) has raised many questions about the privacy issues of current social networking applications.
Thus, we believe that an approach based on peer-to-peer (P2P) or distributed technologies not only is viable but also highly desirable. First of all, P2P systems essentially achieve simpler resource scalability, in the sense that the availability of resources is roughly proportional to the number of users.
This property is especially desirable for media sharing social networking systems, considering the exceptionally high amount of resources needed. Secondly, the popularity over time of most content on such systems exhibits either a power-law or an exponential behavior (Avramova et al., 2009) and is consequently well suited for P2P distribution (Zink et al., 2009), possibly with fallback strategies for less popular content. Regarding censorship issues, a P2P system essentially solves them by design.
Without a central entity, nobody is in the position of censoring data systematically nor may be held legally responsible for the diffusion of censurable data: the sole owners and responsible of the data are the users themselves.
Attacks to distributed and P2P social platforms are yet possible, for example by introducing Sybil nodes in the network, i.e., nodes with forged identities created to subvert the reputation system in a P2P network. However, analyzing these kinds of attacks is not the focus of the article. A comprehensive list of such attacks and countermeasures is presented in (Franchi & Tomaiuolo, 2013).