Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov."— Presentation transcript:

1 Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov

2 Context of this talk… Do we sacrifice privacy by using various network services (Internet, online social networks, mobile phones)? How does the structure/topology of a network affect its privacy properties? Techniques for enhancing privacy? Privacy is hard!

3 What do we mean by privacy? Louis Brandeis (1890) – “right to be left alone” – protection from institutional threat: government, press Alan Westin (1967) – “right to control, edit, manage, and delete information about themselves and decide when, how, and to what extent information is communicated to others”

4 Privacy vs. security Security helps enforce privacy policies Can be at odds with each other – e.g., invasive screening to make us more “secure” against terrorism Privacy: what information goes where? Security: protection against unauthorized access

5 Privacy-sensitive information Identity – name, address, SSN Location Activity – web history, contact history, online purchases Health records …and more

6 Tracking on the web IP address – Number identifying your computer on the Internet – Visible to site you are visiting – Not always permanent Cookies – Text stored on your computer by site – Sent back to site by your browser – Used to save prefs, shopping cart, etc. – Can track you even if IP changes 152.3.136.66 Internet 72.21.214.128

7 OSNs: State-of-the-Art Fun Popular Platform

8 “Facebook Wants You To Be Less Private”

9 Attack of the Zombie Photos

10 OSNs mishandle data Facebook Beacon Facebook employees abuse personal data

11 Threat: collusion among services

12 Online social networks Pros – Simplifies data analysis – High availability Cons – Single point of attack – No longer control access to own data Centralized structure

13 Personal data

14 Alternatives? Anonymization – Do not use real names Encryption – NOYB, flyByNight Decentralization – Tighter control over data

15 Anonymization Hide identity, remove identifying info Proxy server: connect through a third party to hide IP Health data released for research purposes: remove name, address, etc

16 Threat: deanonymization Netflix Prize dataset, released 2006 100,000,000 (private) ratings from 500,000 users Competition to improve recommendations – i.e., if user X likes movies A,B,C, will also like D Anonymized: user name replaced by a number

17 Threat: deanonymization Problem: can combine “private” ratings from Netflix with public reviews from IMDB to identify users in dataset May expose embarrassing info about members…

18 Threat: deanonymization UserMovieRating 1234Rocky II3/5 1234The Wizard4/5 1234The Dark Knight5/5 … 1234Girls Gone Wild5/5 UserMovieRating dukefanThe Wizard8/10 dukefanThe Dark Knight10/10 dukefanRocky II6/10 … User 1234 is dukefan!

19 Threat: deanonymization Lesson: cannot always anonymize data simply by removing identifiers Vulnerable to aggregating data from multiple sources/networks Humans are predictable – E.g., try Rock-paper-scissors vs AI

20 Personal data P2P Architecture

21 Decentralization: pros and cons True ownership of data Maintenance burden Cost Business model User experience

22 Location privacy Mobile phones: – Always in your pocket – Always connected – Always knows where it is: GPS Location-based services Location-based ads What are we giving up?

23

24 Mobile phones

25 Why, when and what to disclose? It is not a simple question! Tradeoff between functionality Also important whom to disclose it to? – Relatives – Co-workers – Friends There have been studies about this – Not easy to classify – People want to disclose only what is useful

26 How is your data used by apps? Many “free” apps supported by ads Analytics: profiling users Our research: found it common for popular free apps to send location+device ID to advertising and analytics servers What can we do? – More visibility into what app does with data once it reads it

27 AppScope Monitors app behavior to determine when privacy sensitive information leaves the phone

28 Application Study 30 popular Android applications that access Internet, camera, location or microphone Of 105 flagged connections, only 37 were legitimate

29 Findings - Location 15 of the 30 applications shared physical location with an ad server Most of this information was sent in the clear In no case was sharing obvious to user – Or written in the EULA – In some cases it occurred without app use!

30 Findings – Phone identifiers 7 applications sent device unique identifiers (IMEI) and 2 apps sent phone info (e.g. phone number) to a remote location without warning – One app’s EULA indicated the IMEI was sent Appeared to be sent to app developers “There has been cases in the past on other mobile platforms where well- intentioned developers are simply over-zealous in their data gathering, without having malicious intent.” -- Lookout

31 Takeaways Decentralized network structure can enhance privacy Difficult to achieve true anonymity Fine-grained control over data can help – Tension with usability

32 Resources Duke “Office Hours” on Privacy in Social Media – http://ondemand.duke.edu/video/23686/landon-cox-on-privacy-and-soci http://ondemand.duke.edu/video/23686/landon-cox-on-privacy-and-soci “Someone Is Watching Us” on WUNC – http://wunc.org/tsot/archive/Someone_Is_Watching_Us.mp3/view http://wunc.org/tsot/archive/Someone_Is_Watching_Us.mp3/view

33 Acknowledgments Thanks to Peter Gilbert, who prepared a significant amount of this material for us.

Download ppt "Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Tiffany Phillips CIS 1055-004 What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.

Tiffany Phillips CIS What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Social Networking facebook, bebo, MySpace and others.

Social Networking facebook, bebo, MySpace and others.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College

Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College
Cloud Computing Concept&nature Cloud computing refers to the applications delivered as services over the Internet and the hardware, and systems software.

Cloud Computing Concept&nature Cloud computing refers to the applications delivered as services over the Internet and the hardware, and systems software.
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
Social effect: Facebook is a site available to anyone. Many people use it in order to contact friends and relatives from all around the world, and to meet.

Social effect: Facebook is a site available to anyone. Many people use it in order to contact friends and relatives from all around the world, and to meet.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Protecting your Family From the dark places on the Internet Going beyond the standard PC Filter, and dealing with the multiple devices that access the.

Protecting your Family From the dark places on the Internet Going beyond the standard PC Filter, and dealing with the multiple devices that access the.

Similar presentations

Ads by Google