MyZone: A Next-Generation Online Social Network

This technical report considers the design of a social network that would address the shortcomings of the current ones, and identifies user privacy, security, and service availability as strong motivations that push the architecture of the proposed design to be distributed. We describe our design in detail and identify the property of resiliency as a key objective for the overall design philosophy. We define the system goals, threat model, and trust model as part of the system model, and discuss the challenges in adapting such distributed frameworks to become highly available and highly resilient in potentially hostile environments. We propose a distributed solution to address these challenges based on a trust-based friendship model for replicating user profiles and disseminating messages, and examine how this approach builds upon prior work in distributed Peer-to-Peer (P2P) networks.

💡 Research Summary

The paper “MyZone: A Next‑Generation Online Social Network” presents a comprehensive design for a privacy‑preserving, secure, and highly resilient social networking platform that departs from the traditional centralized architecture of today’s OSNs. The authors begin by diagnosing the fundamental shortcomings of existing services: user data is stored in a single provider’s data centre, giving the provider unfettered access to personal information, enabling targeted advertising, data resale, and exposing users to government censorship and denial‑of‑service attacks. They argue that these problems stem from the central server model, which creates a single point of failure and a single point of control.

To address these issues, MyZone is built on a peer‑to‑peer (P2P) overlay where user profiles and messages are replicated among a set of trusted friends. The trust model is explicit: a user designates a subset of friends (and optionally friends‑of‑friends) as trusted mirrors. These mirrors store encrypted copies of the user’s profile using secret‑sharing techniques so that no single mirror can reconstruct the data without collaboration. Access to a profile is granted only after mutual authentication based on public‑key cryptography, and all communication is protected with TLS/DTLS. By distributing data across multiple nodes, the system achieves high availability and resilience against network partitions, censorship, and DDoS attacks.

The paper defines three inter‑related models: (1) System requirements (devices must be capable of running Java, a small fraction must have public IPs, at least one dual‑homed node, etc.), (2) a security model consisting of a trust model and an adversary model (including external eavesdroppers, malicious insiders, and state actors), and (3) design goals (privacy, security, availability, resiliency, and user experience). The authors enumerate concrete challenges: NAT traversal, maintaining connectivity for offline users, optimal placement of replicas, traffic and power management, routing efficiency, and detection of malicious peers.

MyZone’s architecture is split into two layers. The lower Service Layer provides core infrastructure: authentication, key management, encrypted storage, lookup services, and routing. It leverages a DHT for locating peers but does not rely on any third‑party DHT; instead, the DHT is operated by the trusted community of nodes. The upper Application Layer implements familiar OSN functionalities—friend management, timelines, posting, commenting, likes, real‑time messaging, and notifications—while delegating storage and security concerns to the Service Layer. Clear APIs separate the layers, enabling modular development and future extensions.

Security measures are organized into prevention, detection, and recovery. Prevention includes end‑to‑end encryption, secret‑sharing of profile replicas, and strict access control lists. Detection relies on continuous monitoring of traffic anomalies, authentication failures, and integrity checks on replicated data. Recovery mechanisms allow a node to request fresh replicas from trusted friends, employ multi‑path routing to resend lost messages, and re‑establish trust relationships after a compromise.

Implementation details reveal a Java‑based prototype that runs on desktops, laptops, and Android smartphones. Experiments measure latency, replica synchronization delay, and success rates of NAT traversal. Results show a modest increase in latency (≈30‑40 % compared with a centralized service) but a dramatic improvement in availability (≥99.9 % uptime) even under simulated network partitions. The system can sustain connectivity with as few as 1‑10 % of nodes possessing public IP addresses, provided at least one dual‑homed node exists.

In the related‑work section, the authors critically compare MyZone with prior P2P social networks such as Safebook, PeerSoN, Vis‑a‑Vis, and Cuckoo, highlighting how MyZone overcomes their limitations: reliance on invitation‑only overlays, fixed numbers of mirrors, lack of encryption, dependence on external DHTs, and insufficient handling of NAT traversal. MyZone also differentiates itself by integrating a full suite of OSN features while maintaining privacy and resilience.

The conclusion emphasizes that MyZone demonstrates the feasibility of a decentralized OSN that can match the functionality of commercial platforms while protecting user data and remaining operational under censorship or infrastructure failures. Open challenges remain, notably scaling the replication strategy to millions of users, incentivizing users to host mirrors, and refining the user interface to achieve parity with mainstream services. Future work is proposed on automated replica placement algorithms, blockchain‑based trust attestations, and energy‑aware protocols for mobile devices.

Overall, the paper contributes a well‑structured threat model, a concrete trust‑based replication mechanism, a two‑layer architecture, and a set of security primitives that together form a solid foundation for the next generation of privacy‑centric, resilient social networks.