MIT Technology Review considers new mobile social networking software, Contrail, from Microsoft that is supposed to protect the privacy of users:
“When you share a photo or other information with a friend on [a site like] Flickr, their servers are also able to read that information,” explains Iqbal Mohomed, a researcher at Microsoft Research Silicon Valley, who developed the new network, called Contrail, with several colleagues. “With Contrail, the central location doesn’t ever know my information, or what particular users care about–it just sees encrypted stuff to pass on.”
When a Contrail user updates his information on the network, by adding a new photo, for example, the image file is sent to a server operating within the networks’ cloud, just as with a conventional social network. But it is encrypted and appended with a list that specifies which other users are allowed to see the file. When those users’ devices check in with the social network, they download the data and decrypt it to reveal the photo.
Contrail requires users to opt-in if they want to receive information from friends. When a person wants to receive a particular kind of update from a contact, a “filter” is sent to that friend’s device. If, for example, a mother wants to see all the photos tagged with the word “family” by her son, she creates the filter on her phone. The filter is encrypted and sent via the cloud to her son’s device.
Once decrypted, the filter ensures that every time he shares a photo tagged “family,” an encrypted version is sent to the cloud with a header directing it to the cell phone belonging to his mother (as well as anyone else who has installed a similar filter on his device). Encryption hides the mother’s preferences from the cloud, as well as the photos themselves. Each user has a cryptographic key on his or her device for every friend that is used to encrypt and decrypt shared information. […]
As well as the picture-sharing app, the researchers created a tool for sharing location information with friends. Friends can receive a notification when a user enters an area drawn on a map (see video of the app being demonstrated). But users restrict the amount of information shared by their phone. “It’s my location, so I get control,” says Mohomed. “If my boss wanted to track my location, I could allow them to do it only during the week, for example.” […]
“I may not care that Flickr can see my photos and messages, but people may feel differently about location sharing,” says Mohomed. “Imagine you are using an application that allows you to track your kid’s cell phone–what if their server is compromised?”