A Privacy-Aware Framework for Decentralized Online Social Networks Andrea De Salve 1,2(B ) , Paolo Mori 2 , and Laura Ricci 1 1 Department of Computer Science, Largo B. Pontecorvo, 56127 Pisa, Italy {desalve,ricci}@di.unipi.it 2 IIT-CNR, via G. Moruzzi 1, 56124 Pisa, Italy paolo.mori@iit.cnr.it Abstract. Online social networks based on a single service provider suffer several drawbacks, first of all the privacy issues arising from the delegation of user data to a single entity. Distributed online social net- works (DOSN) have been recently proposed as an alternative solution allowing users to keep control of their private data. However, the lack of a centralized entity introduces new problems, like the need of defining proper privacy policies for data access and of guaranteeing the availabil- ity of user’s data when the user disconnects from the social network. This paper introduces a privacy-aware support for DOSN enabling users to define a set of privacy policies which describe who is entitled to access the data in their social profile. These policies are exploited by the DOSN sup- port to decide the re-allocation of the profile when the user disconnects from the social network. The proposed approach is validated through a set of simulations performed on real traces logged from Facebook. Keywords: Decentralized online social network · Privacy · Data avail- ability 1 Introduction In the last few years, Online Social Networks (OSNs) have become one of the most popular Internet services and they have changed the way of how people interact with each other. The most popular OSNs are based on a centralized architecture where the service provider takes control over users’ information. Centralized OSN architectures present several problems that include both tech- nical and social issues that emerge as a consequence of the centralized manage- ment of the services [8]. If not properly protected, data of the OSNs can be used by malicious users to infer personal information or to perform other harm- ful activities [1]. Recent events have shown that, in addition to malicious users (internal or external to the OSN), also the centralized service provider [10] and the third-party applications [17] introduce new security and privacy risks. A current trend for developing OSN services is towards the decentralization of the OSN infrastructure. A DOSN [8] is an OSN implemented in a distributed c  Springer International Publishing Switzerland 2015 Q. Chen et al. (Eds.): DEXA 2015, Part II, LNCS 9262, pp. 479–490, 2015. DOI: 10.1007/978-3-319-22852-5 39