Online advertising: analysis of privacy threats and protection approaches

Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft

Tracing Noble Gas Radionuclides in the Environment

Trace analysis of radionuclides is an essential and versatile tool in modern science and technology. Due to their ideal geophysical and geochemical properties, long-lived noble gas radionuclides, in particular, 39Ar (t1/2 = 269 yr), 81Kr (t1/2 = 2.3x10^5 yr) and 85Kr (t1/2 = 10.8 yr), have long been recognized to have a wide range of important applications in Earth sciences. In recent years, significant progress has been made in the development of practical analytical methods, and has led to applications of these isotopes in the hydrosphere (tracing the flow of groundwater and ocean water). In this article, we introduce the applications of these isotopes and review three leading analytical methods: Low-Level Counting (LLC), Accelerator Mass Spectrometry (AMS) and Atom Trap Trace Analysis (ATTA)

Testing methods and techniques - A compilation

Nondestructive test methods and techniques including computer programs and data reductio

Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

On the Privacy Practices of Just Plain Sites

In addition to visiting high profile sites such as Facebook and Google, web users often visit more modest sites, such as those operated by bloggers, or by local organizations such as schools. Such sites, which we call "Just Plain Sites" (JPSs) are likely to inadvertently represent greater privacy risks than high profile sites by virtue of being unable to afford privacy expertise. To assess the prevalence of the privacy risks to which JPSs may inadvertently be exposing their visitors, we analyzed a number of easily observed privacy practices of such sites. We found that many JPSs collect a great deal of information from their visitors, share a great deal of information about their visitors with third parties, permit a great deal of tracking of their visitors, and use deprecated or unsafe security practices. Our goal in this work is not to scold JPS operators, but to raise awareness of these facts among both JPS operators and visitors, possibly encouraging the operators of such sites to take greater care in their implementations, and visitors to take greater care in how, when, and what they share.Comment: 10 pages, 7 figures, 6 tables, 5 authors, and a partridge in a pear tre

Document flow tracking within corporate networks

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009Notícias sobre documentos sensíveis publicados na Internet são cada vez mais frequentes nos cabeçalhos da imprensa de hoje em dia. Em Outubro de 2009, o Manual de Segurança do Ministério da Defesa do Reino Unido, com 2389 páginas, que descreve a totalidade do protocolo militar do Reino Unido relativamente a operações e informações de segurança, foi tornado público por acidente. Este é apenas um caso, mas existem exemplos de fugas de informação em praticamente qualquer área, desde a médica à financeira. Estas fugas de informação podem ter consequências sérias para quem seja afectado por elas, como a exposição de segredos de negócio, danos da imagem de marca ou a aplicação de multas elevadas por parte de entidades reguladoras. Uma fuga de informação pode ter várias causas, sendo uma delas devido a empregados que expõem documentos sensíveis para o exterior da empresa, de forma não intencional. Neste trabalho propomos uma solução capaz de rastrear ficheiros numa rede empresarial e detectar situações que podem levar a que um documento sensível se torne público. Fazemos uso de um agente que é instalado nas máquinas que pretendemos monitorizar, que detecta e regista a utilização de ficheiros em operações potencialmente perigosas, como a cópia para um dispositivo amovível ou o envio por correio electrónico como anexo. Essas operações são registadas e recolhidas para uma localização central, onde podemos fazer uso de um motor de correlação para encontrar relações entre diferentes cópias de um mesmo ficheiro. Para finalizar, desenvolvemos e avaliámos um protótipo que implementa a solução proposta, provando que pode efectivamente ser usado para detectar fugas de informação.News about sensitive documents being leaked to the Internet are becoming a commonplace in today’s headlines. In October of 2009, the United Kingdom Ministry of Defense Manual of Security, with 2389 pages, which fully describes the United Kingdom military protocol for all security and counter-intelligence operations, was inadvertently made public. This is only one, but there are examples of information leaks from almost any area, from medical to financial. These information leaks can have serious consequences to those affected by them, such as exposing business secrets, brand damaging or large fines from regulation entities. An information leak can have multiple causes, being one the employee that inadvertently exposes sensitive documents to the exterior of the company. In this work, we propose a solution capable of tracking files within a corporate network and detecting situations that can lead to a sensitive document being leaked to the exterior. We resort to an agent installed on the hosts to be monitored that detects and logs the usage of files by potentially dangerous operations, such as copying it to a removable drive or sending it by e-mail as an attachment. Those operations are logged and collected to a central repository, where we make use of a correlation engine to find relationships between different copies of a same file. Finally, we have developed and evaluated a prototype that implements the proposed solution, proving that it can indeed be used to detect information leaks