2,224 research outputs found
A privacy-preserving model to control social interaction behaviors in social network sites
Social Network Sites (SNSs) served as an invaluable platform to transfer information across a large number of users. SNSs also disseminate users data to third-parties to provide more interesting services for users as well as gaining profits. Users grant access to third-parties to use their services, although they do not necessarily protect users’ data privacy. Controlling social network data diffusion among users and third-parties is difficult due to the vast amount of data. Hence, undesirable users’ data diffusion to unauthorized parties in SNSs may endanger users’ privacy. This paper highlights the privacy breaches on SNSs and emphasizes the most significant privacy issues to users. The goals of this paper are to i) propose a privacy-preserving model for social interactions among users and third-parties; ii) enhance users’ privacy by providing access to the data for appropriate third-parties. These advocate to not compromising the advantages of SNSs information sharing functionalities
Potential mass surveillance and privacy violations in proximity-based social applications
Proximity-based social applications let users interact with people that are
currently close to them, by revealing some information about their preferences
and whereabouts. This information is acquired through passive geo-localisation
and used to build a sense of serendipitous discovery of people, places and
interests. Unfortunately, while this class of applications opens different
interactions possibilities for people in urban settings, obtaining access to
certain identity information could lead a possible privacy attacker to identify
and follow a user in their movements in a specific period of time. The same
information shared through the platform could also help an attacker to link the
victim's online profiles to physical identities. We analyse a set of popular
dating application that shares users relative distances within a certain radius
and show how, by using the information shared on these platforms, it is
possible to formalise a multilateration attack, able to identify the user
actual position. The same attack can also be used to follow a user in all their
movements within a certain period of time, therefore identifying their habits
and Points of Interest across the city. Furthermore we introduce a social
attack which uses common Facebook likes to profile a person and finally
identify their real identity
Online advertising: analysis of privacy threats and protection approaches
Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft
Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats
The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of employees leaking information via this channel through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, recommends security education, training and awareness (SETA) for organisations to combat these threats
On the Usage and Vulnerabilities of API Systems
To some, Application Programming Interface (API) is one of many buzzwords that seem to be blanketed in obscurity because not many people are overly familiar with this term. This obscurity is unfortunate, as APIs play a crucial role in today’s modern infrastructure by serving as one of the most fundamental communication methods for web services. Many businesses use APIs in some capacity, but one often overlooked aspect is cybersecurity. This aspect is most evident in the 2018 misuse case by Facebook, which led to the leakage of 50 million users’ records.1 During the 2018 Facebook data breach incident, threat actors used Facebook developer APIs to obtain the personal information of Facebook users over the span of a year. This incident raised many concerns due to it potentially violating users’ privacy. This entire third-party data harvesting incident might not have occurred if Facebook had a more proactive API security and management system. This example was a very considerable data breach, but a similar attack could happen to any business that does not correctly understand and implement different security requirements based on the paradigm shift that APIs present. This raises the issue of how to properly secure APIs in a world where they can be misused, with Gartner Research stating that APIs will be a major attack vector in the next few years due to their widespread use.2 To tackle this problem, this research paper sets to discuss the nature of APIs and their security vulnerabilities. Then, we will go into possible preventative measures and design decisions to secure APIs depending on the usage context. This paper aims to offer a blueprint on security best practices to secure API systems across various use cases
The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps
Third party apps that work on top of personal cloud services such as Google
Drive and Dropbox, require access to the user's data in order to provide some
functionality. Through detailed analysis of a hundred popular Google Drive apps
from Google's Chrome store, we discover that the existing permission model is
quite often misused: around two thirds of analyzed apps are over-privileged,
i.e., they access more data than is needed for them to function. In this work,
we analyze three different permission models that aim to discourage users from
installing over-privileged apps. In experiments with 210 real users, we
discover that the most successful permission model is our novel ensemble method
that we call Far-reaching Insights. Far-reaching Insights inform the users
about the data-driven insights that apps can make about them (e.g., their
topics of interest, collaboration and activity patterns etc.) Thus, they seek
to bridge the gap between what third parties can actually know about users and
users perception of their privacy leakage. The efficacy of Far-reaching
Insights in bridging this gap is demonstrated by our results, as Far-reaching
Insights prove to be, on average, twice as effective as the current model in
discouraging users from installing over-privileged apps. In an effort for
promoting general privacy awareness, we deploy a publicly available privacy
oriented app store that uses Far-reaching Insights. Based on the knowledge
extracted from data of the store's users (over 115 gigabytes of Google Drive
data from 1440 users with 662 installed apps), we also delineate the ecosystem
for third-party cloud apps from the standpoint of developers and cloud
providers. Finally, we present several general recommendations that can guide
other future works in the area of privacy for the cloud
- …