74,733 research outputs found
The Responsibility of Open Standards in the Era of Surveillance
International audienceThe core infrastructure of the Internet is defined by interoperability between code-bases: The `rough consensus and running code' of open standards at the Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C). However, there are a number of powerful critiques of open standards. First, there is a widespread failure of many core standards in terms of security and privacy, and even concerns of subversion. There is an even more substantial critique that standards are simply moving too slowly in the face of rapid innovation. However, we'll argue that engagement with open standards is the best way for privacy-enhancing technologies to gain widespread adoption
Lex Informatica: The Formulation of Information Policy Rules through Technology
Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a âLex Informaticaâ that policymakers must understand, consciously recognize, and encourage
The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps
Third party apps that work on top of personal cloud services such as Google
Drive and Dropbox, require access to the user's data in order to provide some
functionality. Through detailed analysis of a hundred popular Google Drive apps
from Google's Chrome store, we discover that the existing permission model is
quite often misused: around two thirds of analyzed apps are over-privileged,
i.e., they access more data than is needed for them to function. In this work,
we analyze three different permission models that aim to discourage users from
installing over-privileged apps. In experiments with 210 real users, we
discover that the most successful permission model is our novel ensemble method
that we call Far-reaching Insights. Far-reaching Insights inform the users
about the data-driven insights that apps can make about them (e.g., their
topics of interest, collaboration and activity patterns etc.) Thus, they seek
to bridge the gap between what third parties can actually know about users and
users perception of their privacy leakage. The efficacy of Far-reaching
Insights in bridging this gap is demonstrated by our results, as Far-reaching
Insights prove to be, on average, twice as effective as the current model in
discouraging users from installing over-privileged apps. In an effort for
promoting general privacy awareness, we deploy a publicly available privacy
oriented app store that uses Far-reaching Insights. Based on the knowledge
extracted from data of the store's users (over 115 gigabytes of Google Drive
data from 1440 users with 662 installed apps), we also delineate the ecosystem
for third-party cloud apps from the standpoint of developers and cloud
providers. Finally, we present several general recommendations that can guide
other future works in the area of privacy for the cloud
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces
Physical retailers, who once led the way in tracking with loyalty cards and
`reverse appends', now lag behind online competitors. Yet we might be seeing
these tables turn, as many increasingly deploy technologies ranging from simple
sensors to advanced emotion detection systems, even enabling them to tailor
prices and shopping experiences on a per-customer basis. Here, we examine these
in-store tracking technologies in the retail context, and evaluate them from
both technical and regulatory standpoints. We first introduce the relevant
technologies in context, before considering privacy impacts, the current
remedies individuals might seek through technology and the law, and those
remedies' limitations. To illustrate challenging tensions in this space we
consider the feasibility of technical and legal approaches to both a) the
recent `Go' store concept from Amazon which requires fine-grained, multi-modal
tracking to function as a shop, and b) current challenges in opting in or out
of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents
significant challenges with its legality in Europe significantly unclear and
unilateral, technical measures to avoid biometric tracking likely ineffective.
In the case of MAC addresses, we see a difficult-to-reconcile clash between
privacy-as-confidentiality and privacy-as-control, and suggest a technical
framework which might help balance the two. Significant challenges exist when
seeking to balance personalisation with privacy, and researchers must work
together, including across the boundaries of preferred privacy definitions, to
come up with solutions that draw on both technology and the legal frameworks to
provide effective and proportionate protection. Retailers, simultaneously, must
ensure that their tracking is not just legal, but worthy of the trust of
concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the
Internet of Things Conference, London, United Kingdom, 28-29 March 201
Empirical Study of Privacy Issues Among Social Networking Sites.
Social media networks are increasing their types of services and the numbers of users are rapidly growing. However, online consumers have expressed concerns about their personal privacy protection and recent news articles have shown many privacy breaches and unannounced changes to privacy policies. These events could adversely affect data protection and compromise user trust, thus it is vital that social sites contain explicit privacy policies stating a comprehensive list of protection methods. This study analyzes 60 worldwide social sites and finds that even if sites contain a privacy policy, the site pages may also possess technical elements that could be used to serendipitously collect personal information. The results show specific technical collection methods most common within several social network categories. Methods for improving online privacy practices are suggested
Addressing the cyber safety challenge: from risk to resilience
Addressing the cyber safety challenge: from risk to resilience describes the cyber safety issues emerging from a range of technology trends, how different populations are using technologies and the risks they face, and how we can effectively respond to each groupâs unique cyber safety needs.
Written by the University of Western Sydney for Telstra Corporation Ltd, the report advocates for continuing to move cyber safety from a ârisk and protectionâ framework to one that focuses on building digital resilience, as well as fostering trust and confidence in the online environment. To do this we need to:
Address the needs of populations often neglected by current policies and programs â including adults, seniors, parents, and small to medium enterprises
Continue to build the digital literacy skills of all populations, because digital literacy strongly influences usersâ ability to engage safely online â this is best achieved by a hands-on learning approach
Keep risk in perspective â the risks and benefits of digital participation go hand in hand
Broaden the focus from awareness-raising to long-term behaviour change.
As digital technologies become further integrated into the everyday lives of Australians, users are potentially exposed to greater risks. However, the risks and benefits of digital participation go hand in hand. The challenge, therefore, is to support users to minimise the risks without limiting their digital participation and their capacity to derive the full benefits of connectivity. If Australians are to benefit as either consumers or providers of online services and products in the e-commerce environment, consumer safety and trust need to be improved.
Cyber safety needs to be considered against a transforming backdrop of technology trends, products and practices. While the rise of social media has tended to dominate recent debate and developments in cyber safety, particularly in relation to young people, a range of other trends is also shaping how users engage online, the risks they potentially face in the new media landscape, and the strategies used to address them. These trends include the rise of user generated content and content sharing platforms; the uptake of mobile technologies and, in particular, the adoption of smartphones; cloud computing; platform integration and single sign-on mechanisms; and the rise of GPS and location based services
- âŠ