389,763 research outputs found
k-anonymous Microdata Release via Post Randomisation Method
The problem of the release of anonymized microdata is an important topic in
the fields of statistical disclosure control (SDC) and privacy preserving data
publishing (PPDP), and yet it remains sufficiently unsolved. In these research
fields, k-anonymity has been widely studied as an anonymity notion for mainly
deterministic anonymization algorithms, and some probabilistic relaxations have
been developed. However, they are not sufficient due to their limitations,
i.e., being weaker than the original k-anonymity or requiring strong parametric
assumptions. First we propose Pk-anonymity, a new probabilistic k-anonymity,
and prove that Pk-anonymity is a mathematical extension of k-anonymity rather
than a relaxation. Furthermore, Pk-anonymity requires no parametric
assumptions. This property has a significant meaning in the viewpoint that it
enables us to compare privacy levels of probabilistic microdata release
algorithms with deterministic ones. Second, we apply Pk-anonymity to the post
randomization method (PRAM), which is an SDC algorithm based on randomization.
PRAM is proven to satisfy Pk-anonymity in a controlled way, i.e, one can
control PRAM's parameter so that Pk-anonymity is satisfied. On the other hand,
PRAM is also known to satisfy -differential privacy, a recent
popular and strong privacy notion. This fact means that our results
significantly enhance PRAM since it implies the satisfaction of both important
notions: k-anonymity and -differential privacy.Comment: 22 pages, 4 figure
Anonymity and Information Hiding in Multiagent Systems
We provide a framework for reasoning about information-hiding requirements in
multiagent systems and for reasoning about anonymity in particular. Our
framework employs the modal logic of knowledge within the context of the runs
and systems framework, much in the spirit of our earlier work on secrecy
[Halpern and O'Neill 2002]. We give several definitions of anonymity with
respect to agents, actions, and observers in multiagent systems, and we relate
our definitions of anonymity to other definitions of information hiding, such
as secrecy. We also give probabilistic definitions of anonymity that are able
to quantify an observer s uncertainty about the state of the system. Finally,
we relate our definitions of anonymity to other formalizations of anonymity and
information hiding, including definitions of anonymity in the process algebra
CSP and definitions of information hiding using function views.Comment: Replacement. 36 pages. Full version of CSFW '03 paper, submitted to
JCS. Made substantial changes to Section 6; added references throughou
On the Anonymization of Differentially Private Location Obfuscation
Obfuscation techniques in location-based services (LBSs) have been shown
useful to hide the concrete locations of service users, whereas they do not
necessarily provide the anonymity. We quantify the anonymity of the location
data obfuscated by the planar Laplacian mechanism and that by the optimal
geo-indistinguishable mechanism of Bordenabe et al. We empirically show that
the latter provides stronger anonymity than the former in the sense that more
users in the database satisfy k-anonymity. To formalize and analyze such
approximate anonymity we introduce the notion of asymptotic anonymity. Then we
show that the location data obfuscated by the optimal geo-indistinguishable
mechanism can be anonymized by removing a smaller number of users from the
database. Furthermore, we demonstrate that the optimal geo-indistinguishable
mechanism has better utility both for users and for data analysts.Comment: ISITA'18 conference pape
Good Lamps Are the Best Police: Darkness Increases Dishonesty and Self-Interested Behavior
Darkness can conceal identity and encourage moral transgressions; it may also induce a psychological feeling of illusory anonymity that disinhibits dishonest and self-interested behavior regardless of actual anonymity. Three experiments provided empirical evidence supporting this prediction. In Experiment 1, participants in a room with slightly dimmed lighting cheated more and thus earned more undeserved money than those in a well-lit room. In Experiment 2, participants wearing sunglasses behaved more selfishly than those wearing clear glasses. Finally, in Experiment 3, an illusory sense of anonymity mediated the relationship between darkness and self-interested behaviors. Across all three experiments, darkness had no bearing on actual anonymity, yet it still increased morally questionable behaviors. We suggest that the experience of darkness, even when subtle, may induce a sense of anonymity that is not proportionate to actual anonymity in a given situation
Seeking Anonymity in an Internet Panopticon
Obtaining and maintaining anonymity on the Internet is challenging. The state
of the art in deployed tools, such as Tor, uses onion routing (OR) to relay
encrypted connections on a detour passing through randomly chosen relays
scattered around the Internet. Unfortunately, OR is known to be vulnerable at
least in principle to several classes of attacks for which no solution is known
or believed to be forthcoming soon. Current approaches to anonymity also appear
unable to offer accurate, principled measurement of the level or quality of
anonymity a user might obtain.
Toward this end, we offer a high-level view of the Dissent project, the first
systematic effort to build a practical anonymity system based purely on
foundations that offer measurable and formally provable anonymity properties.
Dissent builds on two key pre-existing primitives - verifiable shuffles and
dining cryptographers - but for the first time shows how to scale such
techniques to offer measurable anonymity guarantees to thousands of
participants. Further, Dissent represents the first anonymity system designed
from the ground up to incorporate some systematic countermeasure for each of
the major classes of known vulnerabilities in existing approaches, including
global traffic analysis, active attacks, and intersection attacks. Finally,
because no anonymity protocol alone can address risks such as software exploits
or accidental self-identification, we introduce WiNon, an experimental
operating system architecture to harden the uses of anonymity tools such as Tor
and Dissent against such attacks.Comment: 8 pages, 10 figure
Strong anonymity and infinite streams.
The extended rank-discounted utilitarian social welfare order introduced and axiomatized by Stéphane Zuber and Geir B. Asheim satisfies strong anonymity (J. Econ. Theory (2011), doi:10.1016/j.jet.2011.08.001). We question the appropriateness of strong anonymity in the context of a countably infinite sequence of subsequent generations. A modified criterion that is incomplete and satisfies finite anonymity is presented.
- …