On Privacy Notions in Anonymous Communication

Many anonymous communication networks (ACNs) with different privacy goals have been developed. However, there are no accepted formal definitions of privacy and ACNs often define their goals and adversary models ad hoc. However, for the understanding and comparison of different flavors of privacy, a common foundation is needed. In this paper, we introduce an analysis framework for ACNs that captures the notions and assumptions known from different analysis frameworks. Therefore, we formalize privacy goals as notions and identify their building blocks. For any pair of notions we prove whether one is strictly stronger, and, if so, which. Hence, we are able to present a complete hierarchy. Further, we show how to add practical assumptions, e.g. regarding the protocol model or user corruption as options to our notions. This way, we capture the notions and assumptions of, to the best of our knowledge, all existing analytical frameworks for ACNs and are able to revise inconsistencies between them. Thus, our new framework builds a common ground and allows for sharper analysis, since new combinations of assumptions are possible and the relations between the notions are known

On privacy notions in anonymous communication

Many anonymous communication networks (ACNs) with different privacy goals have been devel- oped. Still, there are no accepted formal definitions of privacy goals, and ACNs often define their goals ad hoc. However, the formal definition of privacy goals benefits the understanding and comparison of different flavors of privacy and, as a result, the improvement of ACNs. In this paper, we work towards defining and comparing pri- vacy goals by formalizing them as privacy notions and identifying their building blocks. For any pair of no- tions we prove whether one is strictly stronger, and, if so, which. Hence, we are able to present a complete hier- archy. Using this rigorous comparison between notions, we revise inconsistencies between the existing works and improve the understanding of privacy goals

Cyberspace: The Final Frontier, for Regulation?

This article will discuss the concept of anonymity on the Internet and argue for its protection. Part II provides background information on the Internet and illustrates the prominence the Internet has in today\u27s global society. Part III discusses the concept of anonymity and its importance in our daily communications and how these principles necessarily extend to online communication. Part IV outlines the purported justifications for regulating Internet content, which is followed by Part V discussing current and attempted regulations of the Internet. This article then argues for the full protection of online anonymous speech as mandated by fundamental principles of free speech, the traditions of our right to remain anonymous, and our notions of privacy. Finally, Part VII concludes by maintaining that self regulation of the Internet is preferable to intrusive governmental regulation

Credit Network Payment Systems: Security, Privacy and Decentralization

A credit network models transitive trust between users and enables transactions between arbitrary pairs of users. With their flexible design and robustness against intrusions, credit networks form the basis of Sybil-tolerant social networks, spam-resistant communication protocols, and payment settlement systems. For instance, the Ripple credit network is used today by various banks worldwide as their backbone for cross-currency transactions. Open credit networks, however, expose users’ credit links as well as the transaction volumes to the public. This raises a significant privacy concern, which has largely been ignored by the research on credit networks so far. In this state of affairs, this dissertation makes the following contributions. First, we perform a thorough study of the Ripple network that analyzes and characterizes its security and privacy issues. Second, we define a formal model for the security and privacy notions of interest in a credit network. This model lays the foundations for secure and privacy-preserving credit networks. Third, we build PathShuffle, the first protocol for atomic and anonymous transactions in credit networks that is fully compatible with the currently deployed Ripple and Stellar credit networks. Finally, we build SilentWhispers, the first provably secure and privacy-preserving transaction protocol for decentralized credit networks. SilentWhispers can be used to simulate Ripple transactions while preserving the expected security and privacy guarantees

k-anonymous Microdata Release via Post Randomisation Method

The problem of the release of anonymized microdata is an important topic in the fields of statistical disclosure control (SDC) and privacy preserving data publishing (PPDP), and yet it remains sufficiently unsolved. In these research fields, k-anonymity has been widely studied as an anonymity notion for mainly deterministic anonymization algorithms, and some probabilistic relaxations have been developed. However, they are not sufficient due to their limitations, i.e., being weaker than the original k-anonymity or requiring strong parametric assumptions. First we propose Pk-anonymity, a new probabilistic k-anonymity, and prove that Pk-anonymity is a mathematical extension of k-anonymity rather than a relaxation. Furthermore, Pk-anonymity requires no parametric assumptions. This property has a significant meaning in the viewpoint that it enables us to compare privacy levels of probabilistic microdata release algorithms with deterministic ones. Second, we apply Pk-anonymity to the post randomization method (PRAM), which is an SDC algorithm based on randomization. PRAM is proven to satisfy Pk-anonymity in a controlled way, i.e, one can control PRAM's parameter so that Pk-anonymity is satisfied. On the other hand, PRAM is also known to satisfy ${\varepsilon}$-differential privacy, a recent popular and strong privacy notion. This fact means that our results significantly enhance PRAM since it implies the satisfaction of both important notions: k-anonymity and ${\varepsilon}$-differential privacy.Comment: 22 pages, 4 figure

Anonymity and Information Hiding in Multiagent Systems

We provide a framework for reasoning about information-hiding requirements in multiagent systems and for reasoning about anonymity in particular. Our framework employs the modal logic of knowledge within the context of the runs and systems framework, much in the spirit of our earlier work on secrecy [Halpern and O'Neill 2002]. We give several definitions of anonymity with respect to agents, actions, and observers in multiagent systems, and we relate our definitions of anonymity to other definitions of information hiding, such as secrecy. We also give probabilistic definitions of anonymity that are able to quantify an observer s uncertainty about the state of the system. Finally, we relate our definitions of anonymity to other formalizations of anonymity and information hiding, including definitions of anonymity in the process algebra CSP and definitions of information hiding using function views.Comment: Replacement. 36 pages. Full version of CSFW '03 paper, submitted to JCS. Made substantial changes to Section 6; added references throughou

A New Theory of Communication: Privacy Surrender for Security Theory

This thesis seeks to analyze the viability of a newly proposed theory of communication, Privacy Surrender for Security Theory (PSST), by analyzing a quantitative survey administered by the researcher. Proposed in 2018 by a team of undergraduate students, Privacy Surrender for Security Theory seeks to explain why American citizens are willing to surrender their personal privacy rights for the sake of national security. The original team of researchers prepared a survey to further their study, and the researcher chose to administer a revised version of that survey through Facebook and a group message. Most participants surveyed said knowing that the National Security Administration has surveillance programs in place made them feel safer, yet when asked if knowing that the National Security Administration could access their personal information made them feel violated, many agreed. The survey data reveals that American citizens generally agree that the nation is vulnerable to acts of terror, yet the data also reveals that Americans are divided on their feelings on surrendering their personal privacy rights for the sake of increasing national security. An analysis of the data reveals evidence that supports the third axiom of the proposed theory, and further research is suggested to continue analyzing the first two axioms of PSST