61,373 research outputs found

    How Do Tor Users Interact With Onion Services?

    Full text link
    Onion services are anonymous network services that are exposed over the Tor network. In contrast to conventional Internet services, onion services are private, generally not indexed by search engines, and use self-certifying domain names that are long and difficult for humans to read. In this paper, we study how people perceive, understand, and use onion services based on data from 17 semi-structured interviews and an online survey of 517 users. We find that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them. Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.Comment: Appeared in USENIX Security Symposium 201

    The Right to Data Privacy: Revisiting Warren & Brandeis

    Get PDF
    In their famous 1890 article The Right to Privacy, Samuel Warren and Louis Brandeis found privacy as an implicit right within existing law. Regarded as perhaps the most influential legal essay of all time, it offers concepts that ring as true today as they did in 1890. In defining privacy as an important legal principle implicit in the law, they focused on information privacy, such as public disclosure of personal information, rather than decisional privacy. Analyzing the 1890 article is an ideal starting point to assess the origins of privacy law and to understand privacy issues from a simpler time in terms of law and technology. Its concepts thus provide an easily understandable frame of reference before diving into more challenging modern issues and assessing a path forward. Accordingly, this article compares each key principle from 1890 and explores privacy issues that remain similar versus privacy issues that seem new based on particular advances in technology. The key similarity between 1890 and today is that problems of information dissemination present similar issues, albeit on a larger scale. Some key differences between 1890 and today, however, are that computer technologies now allow for massive data collection, massive data retention and increasingly aggressive data analysis that can be used to abuse privacy even with ostensibly public data. Warren and Brandeis taught us that new technologies continually present new privacy issues; so as new technologies are evolving today, thought must still be given to how the law might flexibly adapt to new and unforeseen changes in tech. Their article exposed that various U.S. laws were insufficient in 1890 to broadly protect information privacy, causing Warren and Brandeis to imply a broad right. Today, the same problem persists: laws within the U.S. are inadequate to address privacy harms caused by continually evolving technologies. The U.S. still has no broad express privacy law, and a path forward might contemplate making express what Warren and Brandeis had to imply in order to address new privacy harms. I propose two key ideas. First, the law needs to more clearly distinguish decisional privacy from information privacy. Decisional privacy is really not a privacy interest at all and is instead a personal liberty interest separate from information privacy. Second, when contemplating legal protection for information privacy, perhaps it’s time to consider the arduous and improbable task of enacting a constitutional amendment guaranteeing broad and general protection against information privacy abuse from both government and private actors. While difficult to enact, a broad express federal right could provide significant advantages, such as (1) establish a baseline right from which states and Congress could add consistent legislation; (2) enable courts to restrict clear instances of privacy abuse without waiting for Congress to act, which seems especially helpful given the expected proliferation of artificial intelligence (“AI”) and new and unforeseen privacy harms; (3) increase harmonization with the European Union (“E.U.”) and potentially other jurisdictions; (4) and finally, avoid the problem of originalist or strict constructionist judges refusing to infer or imply a constitutional information privacy right in the wake of the Supreme Court’s Dobbs v. Jackson Women’s Health Organization, 597 U.S. __ (2022), decision. Thus, a flexible and general broad right of federal protection from information privacy abuse might provide an optimal, flexible baseline for courts and regulators to quickly restrict new privacy abuses while allowing time for the states and Congress to enact further detailed legislation

    Implementing Web 2.0 in secondary schools: impacts, barriers and issues

    Get PDF
    One of the reports from the Web 2.0 technologies for learning at KS3 and KS4 project. This report explored Impact of Web 2.0 technologies on learning and teaching and drew upon evidence from multiple sources: field studies of 27 schools across the country; guided surveys of 2,600 school students; 100 interviews and 206 online surveys conducted with managers, teachers and technical staff in these schools; online surveys of the views of 96 parents; interviews held with 18 individual innovators in the field of Web 2.0 in education; and interviews with nine regional managers responsible for implementation of ICT at national level

    Navigating Relationships and Boundaries: Concerns around ICT-uptake for Elderly People

    Get PDF
    Despite a proliferation of research in the use of ICTs to support active and healthy ageing, few have considered the privacy and security concerns particular to the elderly. We investigated the appropriation of tablet devices and a neighborhood portal as well as emerging privacy and security issues through ethnographic and action research in a long-term participatory design (PD) project with elderly participants. We discuss two major themes: a) the tensions related to perceived digital threats and the social pressures of online disclosure to the social environment; and b) the relation of these issues to the ICT appropriation process and the referring challenges we encountered. We argue that there is a need to understand the interleaving of physical and virtual habitats, the various ways resulting in discomfort and the senior citizens' actions – which at first glance appear contradictory. We consider the implications of the issues observed for examining privacy and security concerns more broadly as well as discussing implications for the design of the portal and the shaping of social measures for appropriation support

    Developing a framework for e-commerce privacy and data protection in developing nations: a case study of Nigeria

    Get PDF
    The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems

    Authentication of Students and Students’ Work in E-Learning : Report for the Development Bid of Academic Year 2010/11

    Get PDF
    Global e-learning market is projected to reach $107.3 billion by 2015 according to a new report by The Global Industry Analyst (Analyst 2010). The popularity and growth of the online programmes within the School of Computer Science obviously is in line with this projection. However, also on the rise are students’ dishonesty and cheating in the open and virtual environment of e-learning courses (Shepherd 2008). Institutions offering e-learning programmes are facing the challenges of deterring and detecting these misbehaviours by introducing security mechanisms to the current e-learning platforms. In particular, authenticating that a registered student indeed takes an online assessment, e.g., an exam or a coursework, is essential for the institutions to give the credit to the correct candidate. Authenticating a student is to ensure that a student is indeed who he says he is. Authenticating a student’s work goes one step further to ensure that an authenticated student indeed does the submitted work himself. This report is to investigate and compare current possible techniques and solutions for authenticating distance learning student and/or their work remotely for the elearning programmes. The report also aims to recommend some solutions that fit with UH StudyNet platform.Submitted Versio
    corecore