53,004 research outputs found
XRay: Enhancing the Web's Transparency with Differential Correlation
Today's Web services - such as Google, Amazon, and Facebook - leverage user
data for varied purposes, including personalizing recommendations, targeting
advertisements, and adjusting prices. At present, users have little insight
into how their data is being used. Hence, they cannot make informed choices
about the services they choose. To increase transparency, we developed XRay,
the first fine-grained, robust, and scalable personal data tracking system for
the Web. XRay predicts which data in an arbitrary Web account (such as emails,
searches, or viewed products) is being used to target which outputs (such as
ads, recommended products, or prices). XRay's core functions are service
agnostic and easy to instantiate for new services, and they can track data
within and across services. To make predictions independent of the audited
service, XRay relies on the following insight: by comparing outputs from
different accounts with similar, but not identical, subsets of data, one can
pinpoint targeting through correlation. We show both theoretically, and through
experiments on Gmail, Amazon, and YouTube, that XRay achieves high precision
and recall by correlating data from a surprisingly small number of extra
accounts.Comment: Extended version of a paper presented at the 23rd USENIX Security
Symposium (USENIX Security 14
Homomorphic Encryption for Speaker Recognition: Protection of Biometric Templates and Vendor Model Parameters
Data privacy is crucial when dealing with biometric data. Accounting for the
latest European data privacy regulation and payment service directive,
biometric template protection is essential for any commercial application.
Ensuring unlinkability across biometric service operators, irreversibility of
leaked encrypted templates, and renewability of e.g., voice models following
the i-vector paradigm, biometric voice-based systems are prepared for the
latest EU data privacy legislation. Employing Paillier cryptosystems, Euclidean
and cosine comparators are known to ensure data privacy demands, without loss
of discrimination nor calibration performance. Bridging gaps from template
protection to speaker recognition, two architectures are proposed for the
two-covariance comparator, serving as a generative model in this study. The
first architecture preserves privacy of biometric data capture subjects. In the
second architecture, model parameters of the comparator are encrypted as well,
such that biometric service providers can supply the same comparison modules
employing different key pairs to multiple biometric service operators. An
experimental proof-of-concept and complexity analysis is carried out on the
data from the 2013-2014 NIST i-vector machine learning challenge
Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation
The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand
Weblogs in Higher Education - Why Do Students (Not) Blog?
Positive impacts on learning through blogging, such as active knowledge construction and reflective writing, have been reported. However, not many students use weblogs in informal contexts, even when appropriate facilities are offered by their universities. While motivations for blogging have been subject to empirical studies, little research has addressed the issue of why students choose not to blog. This paper presents an empirical study undertaken to gain insights into the decision making process of students when deciding whether to keep a blog or not. A better understanding of students' motivations for (not) blogging may help decision makers at universities in the process of selecting, introducing, and maintaining similar services. As informal learning gains increased recognition, results of this study can help to advance appropriate designs of informal learning contexts in Higher Education. The method of ethnographic decision tree modelling was applied in an empirical study conducted at the Vienna University of Technology, Austria. Since 2004, the university has been offering free weblog accounts for all students and staff members upon entering school, not bound to any course or exam. Qualitative, open interviews were held with 3 active bloggers, 3 former bloggers, and 3 non‑ bloggers to elicit their decision criteria. Decision tree models were developed out of the interviews. It turned out that the modelling worked best when splitting the decision process into two parts: one model representing decisions on whether to start a weblog at all, and a second model representing criteria on whether to continue with a weblog once it was set up. The models were tested for their validity through questionnaires developed out of the decision tree models. 30 questionnaires have been distributed to bloggers, former bloggers and non‑ bloggers. Results show that the main reasons for students not to keep a weblog include a preference for direct (online) communication, and concerns about the loss of privacy through blogging. Furthermore, the results indicate that intrinsic motivation factors keep students blogging, whereas stopping a weblog is mostly attributable to external factors
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
Critical review of the e-loyalty literature: a purchase-centred framework
Over the last few years, the concept of online loyalty has been examined extensively in the literature, and it remains a topic of constant inquiry for both academics and marketing managers. The tremendous development of the Internet for both marketing and e-commerce settings, in conjunction with the growing desire of consumers to purchase online, has promoted two main outcomes: (a) increasing numbers of Business-to-Customer companies running businesses online and (b) the development of a variety of different e-loyalty research models. However, current research lacks a systematic review of the literature that provides a general conceptual framework on e-loyalty, which would help managers to understand their customers better, to take advantage of industry-related factors, and to improve their service quality. The present study is an attempt to critically synthesize results from multiple empirical studies on e-loyalty. Our findings illustrate that 62 instruments for measuring e-loyalty are currently in use, influenced predominantly by Zeithaml et al. (J Marketing. 1996;60(2):31-46) and Oliver (1997; Satisfaction: a behavioral perspective on the consumer. New York: McGraw Hill). Additionally, we propose a new general conceptual framework, which leads to antecedents dividing e-loyalty on the basis of the action of purchase into pre-purchase, during-purchase and after-purchase factors. To conclude, a number of managerial implementations are suggested in order to help marketing managers increase their customers’ e-loyalty by making crucial changes in each purchase stage
An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies
A dominant regulatory model for web privacy is "notice and choice". In this
model, users are notified of data collection and provided with options to
control it. To examine the efficacy of this approach, this study presents the
first large-scale audit of disclosure of third-party data collection in website
privacy policies. Data flows on one million websites are analyzed and over
200,000 websites' privacy policies are audited to determine if users are
notified of the names of the companies which collect their data. Policies from
25 prominent third-party data collectors are also examined to provide deeper
insights into the totality of the policy environment. Policies are additionally
audited to determine if the choice expressed by the "Do Not Track" browser
setting is respected.
Third-party data collection is wide-spread, but fewer than 15% of attributed
data flows are disclosed. The third-parties most likely to be disclosed are
those with consumer services users may be aware of, those without consumer
services are less likely to be mentioned. Policies are difficult to understand
and the average time requirement to read both a given site{\guillemotright}s
policy and the associated third-party policies exceeds 84 minutes. Only 7% of
first-party site policies mention the Do Not Track signal, and the majority of
such mentions are to specify that the signal is ignored. Among third-party
policies examined, none offer unqualified support for the Do Not Track signal.
Findings indicate that current implementations of "notice and choice" fail to
provide notice or respect choice
The Impacts of Privacy Rules on Users' Perception on Internet of Things (IoT) Applications: Focusing on Smart Home Security Service
Department of Management EngineeringAs communication and information technologies advance, the Internet of Things (IoT) has changed the way people live. In particular, as smart home security services have been widely commercialized, it is necessary to examine consumer perception. However, there is little research that explains the general perception of IoT and smart home services. This article will utilize communication privacy management theory and privacy calculus theory to investigate how options to protect privacy affect how users perceive benefits and costs and how those perceptions affect individuals??? intentions to use of smart home service. Scenario-based experiments were conducted, and perceived benefits and costs were treated as formative second-order constructs. The results of PLS analysis in the study showed that smart home options to protect privacy decreased perceived benefits and increased perceived costs. In addition, the perceived benefits and perceived costs significantly affected the intention to use smart home security services. This research contributes to the field of IoT and smart home research and gives practitioners notable guidelines.ope
- …