In popular social networks such as Facebook, users can decide who can access their photos. A user may only allow his friends to view his photos or friends of friends to see his profile. This is the so-called relationship-based access control schemes where a user can only access a resource if he is in a certain relationship with the owner of the resource.
It is quite often for a user to be bothered by someone in social networks, such as due to different political views or stalking. Therefore, besides relationship-based access control, social networks normally allow a user to put someone on his blacklist. For example, you can be friend with your boss in Facebook but also put him on your blacklist. Thus, he won’t be able to see your party photos on Friday night anymore.
However, social network is a network about people, when you think beyond yourself, things almost always get complicated. Suppose that Alice and Bob are friends and Charlie is on Bob’s blacklist. If Alice wants to share one of her photos with her friends of friends, should she let Charlie access the photo or not?
At the moment, we (me with two colleagues in luxemboug) are working on modeling the blacklist in social networks. We consider using blacklist to control who can view a user’s resource in three dimensions where each dimension is a binary choice. Under our model, users can choose how strict they want to be on deciding who can view their resources. This is the first work on modeling blacklist in social networks and we believe it will improve the privacy protection for soical network users.