Analysing the privacy policies of Wi-Fi trackers

International audienceWi-Fi-based tracking systems have recently appeared. By collecting radio signals emitted by Wi-Fi enabled devices, those systems are able to track individuals. They basically rely on the MAC address to uniquely identify each individual. If retailers and business have high expectations for physical tracking, it is also a threat for citizens privacy. We analyse the privacy policies used by the current tracking companies then we show the pitfalls of hash-based anonymization. More particularly we demonstrate that the hash-based anonymization of MAC address used in many Wi-Fi tracking systems can be easily defeated using of-the-shelf software and hardware. Finally we discuss possible solutions for MAC address anonymization in Wi-Fi tracking systems

Privacy and Data Protection Practices of Digital Lending Apps in Kenya

The Centre for Intellectual Property and Information Technology Law (CIPIT) has been studying the impact of digital identities on society.  This has included policy research on the legal and technical aspects of the national digital ID system Huduma Namba under which the Government is integrating all its identification documents. This research shows that the national digital identity system also integrates with privately issued digital identities such as mobile phone numbers and social media accounts.   We anticipate that as national digital ID uses increase, so will the linkage with private systems. This is already evident from e-government services, where payments for Government services, such as passport applications, drivers’ licences, national health insurance and hospital bills in public hospitals are made using mobile money platforms. We also appreciate that private digital ID is more developed and has more uses than national digital ID. For example, a 2019 survey, undertaken by the Central Bank of Kenya (CBK), estimates that access to financial products had risen from 26.7% in 2006 to 89% of the population in 2019. This is attributed partly to the availability of digital products such as “mobile banking, agency banking, digital finance and mobile apps”.  These products make use of personal data, which broadly falls under digital identities. This study seeks to understand the privacy implications of digital ID by looking at digital lending apps

A Generic Information and Consent Framework for the IoT

The Internet of Things (IoT) raises specific issues in terms of information and consent, which makes the implementation of the General Data Protection Regulation (GDPR) challenging in this context. In this report, we propose a generic framework for information and consent in the IoT which is protective both for data subjects and for data controllers. We present a high level description of the framework, illustrate its generality through several technical solutions and case studies, and sketch a prototype implementation

Practical Hash-based Anonymity for MAC Addresses

Given that a MAC address can uniquely identify a person or a vehicle, continuous tracking over a large geographical scale has raised serious privacy concerns amongst governments and the general public. Prior work has demonstrated that simple hash-based approaches to anonymization can be easily inverted due to the small search space of MAC addresses. In particular, it is possible to represent the entire allocated MAC address space in 39 bits and that frequency-based attacks allow for 50% of MAC addresses to be enumerated in 31 bits. We present a practical approach to MAC address anonymization using both computationally expensive hash functions and truncating the resulting hashes to allow for k-anonymity. We provide an expression for computing the percentage of expected collisions, demonstrating that for digests of 24 bits it is possible to store up to 168,617 MAC addresses with the rate of collisions less than 1%. We experimentally demonstrate that a rate of collision of 1% or less can be achieved by storing data sets of 100 MAC addresses in 13 bits, 1,000 MAC addresses in 17 bits and 10,000 MAC addresses in 20 bits.Comment: Accepted at the 17th International Conference on Security and Cryptography (SECRYPT 2020). To be presented between 8-10 July 202

Regulatory technologies for the study of data and platform power in the app economy

Tracking, the large-scale collection of data about user behaviour, is commonplace in mobile apps. While some see tracking as a necessary evil to making apps available at lower prices by showing users personalised advertising and selling their data to third parties, tracking can also have highly disproportionate effects on the lives of individuals and society as a whole. For example, tracking has significant effects on the rights to privacy and data protection, but also on other fundamental rights, such as the right to non-discrimination (e.g. when data from mobile tracking is used in AI systems, such as targeted ads for job offers) or the right to free and fair elections (e.g. when political microtargeting is used, as in the Brexit vote or the Trump election). This thesis develops and applies techno-legal methods to study choice over app tracking at four levels: the impact of the GDPR (Chapter 4), consent to tracking in apps (Chapter 5), differences between Android and iOS (Chapters 6), and the impact of Apple’s App Tracking Transparency (ATT) framework (Chapter 7). While many previous studies looked at data protection and privacy in apps, few studies analysed tracking over time, took a compliance angle, or looked at iOS apps at scale. Throughout our analysis of apps, we find compliance problems within apps as regards key aspects of US, EU and UK data protection and privacy law, particularly the need to seek consent before tracking. For instance, while user consent is usually required prior to tracking in the EU and UK (under the ePrivacy Directive), our empirical findings suggest that tracking takes place widely and usually without users’ awareness or explicit agreement. This thesis contributes 1) a scalable downloading and analysis framework for iOS and Android privacy and compliance analysis (PlatformControl), 2) an improved understanding of the legal requirements and empirical facts regarding app tracking, 3) a comprehensive database of the relations between companies in the app ecosystem (X-Ray 2020), and 4) an Android app to support the easy and independent analysis of apps’ privacy practices (TrackerControl)

Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions

For parents of young children and adolescents, the digital age has introduced many new challenges, including excessive screen time, inappropriate online content, cyber predators, and cyberbullying. To address these challenges, many parents rely on numerous parental control solutions on different platforms, including parental control network devices (e.g., WiFi routers) and software applications on mobile devices and laptops. While these parental control solutions may help digital parenting, they may also introduce serious security and privacy risks to children and parents, due to their elevated privileges and having access to a significant amount of privacy-sensitive data. In this paper, we present an experimental framework for systematically evaluating security and privacy issues in parental control software and hardware solutions. Using the developed framework, we provide the first comprehensive study of parental control tools on multiple platforms including network devices, Windows applications, Chrome extensions and Android apps. Our analysis uncovers pervasive security and privacy issues that can lead to leakage of private information, and/or allow an adversary to fully control the parental control solution, and thereby may directly aid cyberbullying and cyber predators

Wombat: An experimental Wi-Fi tracking system

National audienceIn this paper, we present Wombat, a Wi-Fi tracking platform aiming at improving user awareness toward physical tracking technologies and at experimenting new privacy-preserving mechanisms. Elements of this system are presented along with its architecture. We also present the use of Wombat in the context of a demonstration scenario. We introduce a new privacy-enhancing feature developed on top of Wombat: a Wi-Fi-based opt-out mechanism that allows users to easily express their opt-out decision

Aperçu du déploiement dans le monde réel des systèmes de traçage physique

This document studies the real-world deployment of physical analytics systems. Starting with a few real-world examples, it then discusses various aspects of such systems: privacy implication, regulation, consent, public acceptance, and engineering aspects.Ce document étudies le déploiement des systèmes de traçage physique dans le monde réel. Commençant par quelques exemples réels, il discute ensuite d'aspects variés de tels systèmes: implications en terme de vie privée, consentement, acceptation par le grand public, et aspects d'ingénierie

Traçage en ligne : démystification et contrôle

It is no surprise, given smartphones convenience and utility, to see their wide adoption worldwide. Smartphones are naturally gathering a lot of personal information as the user communicates, browses the web and runs various Apps. They are equipped with GPS, NFC and digital camera facilities and therefore smartphones generate new personal information as they are used. Since they are almost always connected to the Internet, and are barely turned off, they can potentially reveal a lot of information about the activities of their owners. The close arrival of smart-­‐watches and smart-­‐glasses will just increase the amount of personal information available and the privacy leakage risks. This subject is closely related to the Mobilitics project that is currently conducted by Inria/Privatics and CNIL, the French data protection authority [1][2][3]. Therefore, the candidate will benefit from the investigations that are on progress in this context, in order to understand the situation and the trends. The candidate will also benefit from all the logging and analysis tools we developed for the iOS and Android Mobile OSes, as well as the experienced gained on the subject. Another question is the arrival of HTML5 based Mobile OSes, like Firefox OS: it clearly opens new directions as it "uses completely open standards and there’s no proprietary software or technology involved" (Andreas Gal, Mozilla). But what are the implications from a Mobile OS privacy point of view? That's an important topic to analyze. Beyond understanding the situation, the candidate will also explore several directions in order to improve the privacy control of mobile devices. First of all, a privacy-­‐by-­‐design approach, when feasible, is an excellent way to tackle the problem. For instance the current trend is to rely more and more on cloud-­‐based services, either directly (e.g., via Dropbox, Instagram, Social Networks, or similar services), or indirectly (e.g., when a backup of the contact, calendar, accounts databases is needed). But pushing data on cloud-­‐based systems, somewhere on the Internet, is in total contradiction with our privacy considerations. Therefore, an idea is to analyze and experiment with personal cloud services (e.g., ownCLoud, diaspora) that are fully managed by the user. Here the goal is to understand the possibilities, the opportunities, and the usability of such systems, either as a replacement or in association with commercial cloud services. Another direction is to carry out behavioral analyses. Indeed, in order to precisely control the privacy aspects, at one extreme, the user may have to deeply interact with the device (e.g., through pop-ups each time a potential privacy leak is identified), which negatively impacts the usability of the device. At the other extreme, the privacy control may be oversimplified, in the hope not to interfere too much with the user, as is the case with the Android static authorizations or the one-­‐time pop-­‐ups of iOS6. This is not appropriate either, since using private information once is not comparable to using it every minute. A better approach could be to perform, with the help of a machine learning system for instance, a dynamic analysis of the Mobile OS or App behavior from a privacy perspective and to interfere with the user only when it is deemed appropriate. This could enable a good tradeoff between privacy control and usability, with user actions only when meaningful. How far such a behavioral analysis can go and what are the limitations of the approach (e.g., either from a CPU/battery drain perspective, or in front of programming tricks to escape the analysis) are open questions. Tainting techniques applied to Mobile OSes (e.g., Taint-­Droid) can be used as a basic bloc to build a behavioral analysis tool, but they have limited accuracy are unable to analyze native code and have poor performances.Il n'est pas surprenant , compte tenu de smartphones commodité et l'utilité, pour voir leur adoption à grande échelle dans le monde entier . Les smartphones sont naturellement rassemblent un grand nombre de renseignements personnels que l'utilisateur communique , navigue sur le Web et fonctionne diverses applications . Ils sont équipés de GPS , NFC et les installations d'appareils photo numériques et les smartphones génèrent donc de nouvelles informations personnelles telles qu'elles sont utilisées . Comme ils sont presque toujours connectés à Internet , et sont à peine éteints, ils peuvent potentiellement révéler beaucoup d'informations sur les activités de leurs propriétaires. L'arrivée à proximité de la puce - montres et intelligents - lunettes va juste augmenter la quantité de renseignements personnels disponibles et les risques de fuite de confidentialité . Ce sujet est étroitement lié au projet Mobilitics qui est actuellement menée par l'Inria / Privatics et CNIL , l'autorité française de protection des données [ 1] [2 ] [3] . Par conséquent , le candidat bénéficiera des enquêtes qui sont en cours dans ce contexte, afin de comprendre la situation et les tendances. Le candidat devra également bénéficier de tous les outils de diagraphie et l'analyse que nous avons développées pour l'iOS et Android OS mobiles , ainsi que l' expérience acquise sur le sujet. Une autre question est l'arrivée de HTML5 base de systèmes d'exploitation mobiles , comme Firefox OS: il ouvre clairement de nouvelles directives qu'elle " utilise des normes ouvertes complètement et il n'y a pas de logiciel propriétaire ou technologie impliquée " ( Andreas Gal, Mozilla) . Mais quelles sont les implications d'un point de vie privée OS mobile de vue? C'est un sujet important à analyser. Au-delà de la compréhension de la situation , le candidat devra aussi explorer plusieurs directions afin d' améliorer le contrôle des appareils mobiles de la vie privée . Tout d'abord, une vie privée - par - approche de conception , lorsque cela est possible , est une excellente façon d'aborder le problème . Par exemple, la tendance actuelle est de plus en plus compter sur un nuage - Services basés , soit directement (par exemple , via Dropbox, Instagram , les réseaux sociaux ou services similaires ) , ou indirectement (par exemple , lorsqu'une sauvegarde du contact , calendrier, bases de données des comptes sont nécessaires ) . Mais en poussant des données sur les nuages ​​- systèmes basés , quelque part sur Internet , est en totale contradiction avec nos considérations de confidentialité. Par conséquent, l'idée est d'analyser et d'expérimenter avec les services de cloud personnel (par exemple , owncloud , diaspora ) qui sont entièrement gérés par l'utilisateur. Ici, le but est de comprendre les possibilités, les opportunités et la facilité d'utilisation de ces systèmes , que ce soit en remplacement ou en association avec les services de cloud commerciales. Une autre direction est d' effectuer des analyses comportementales . En effet, afin de contrôler précisément les aspects de la vie privée , à un extrême , l'utilisateur peut avoir à interagir fortement avec l'appareil (par exemple , par le biais des pop-ups chaque fois une fuite potentielle de la vie privée est identifié ) , qui a un impact négatif sur la facilité d'utilisation de l'appareil . À l'autre extrême , le contrôle de la vie privée peut être simplifiée à l'extrême , dans l'espoir de ne pas trop interférer avec l'utilisateur, comme c'est le cas avec les autorisations statiques Android ou celui - Temps pop - up de iOS6 . Ce n'est pas non plus approprié , puisque l'utilisation de renseignements personnels une fois n'est pas comparable à l'utiliser chaque minute