Although Social Network Service (SNS) providers like Facebook and Google attempt to mitigate security and privacy-related concerns of their users, abuses and misuses of personal data still make the headlines. As centralized storage of personal data is a decisive factor for unintended information disclosure, several architectures for decentralized Online Social Networks (OSNs) have been proposed. System designs range from solutions based on a decentralized client server architecture like Diaspora to P2P systems like PeerSoN. Despite all efforts to accomplish strong decentralization, most proposals cannot achieve sufficient informational self-determination, i.e., users do not have full control over storage and dissemination of their personal data and published content. In this paper we follow a contrary approach and present Vegas, a secure and privacy-preserving P2P OSN which restricts the possibility to browse the social graph to the ego network. We show how Vegas achieves a maximum degree of security and privacy through encryption and decentralization. We present our mobile Vegas prototype and its context-dependent communication channel decision model. Finally we show how Vegas can be extended to support services like social-search and directory services in a secure and privacy-preserving way.