Analyzing users’ behaviour to identify their privacy concerns

The majority of studies examining privacy concerns of Internet users are based on surveys. Many problems have, however, been identified with using surveys to measure people’s privacy concerns. Based on our experience from our previous studies, in this paper we discuss how ethnographic interviews and observation techniques could be used to analyze users’ behaviour in terms of how they share personal information and multimedia content with others, and utilize this to identify issues related to their privacy concerns more comprehensively than it is otherwise possible with conventional surveys

Performance and Security Improvements for Tor: A Survey

Tor [Dingledine et al. 2004] is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers. Since its deployment in 2003, there have been more than three dozen proposals that aim to improve its performance, security, and unobservability. Given the significance of this research area, our goal is to provide the reader with the state of current research directions and challenges in anonymous communication systems, focusing on the Tor network.We shed light on the design weaknesses and challenges facing the network and point out unresolved issues

Technical Privacy Metrics: a Systematic Survey

The file attached to this record is the author's final peer reviewed versionThe goal of privacy metrics is to measure the degree of privacy enjoyed by users in a system and the amount of protection offered by privacy-enhancing technologies. In this way, privacy metrics contribute to improving user privacy in the digital world. The diversity and complexity of privacy metrics in the literature makes an informed choice of metrics challenging. As a result, instead of using existing metrics, new metrics are proposed frequently, and privacy studies are often incomparable. In this survey we alleviate these problems by structuring the landscape of privacy metrics. To this end, we explain and discuss a selection of over eighty privacy metrics and introduce categorizations based on the aspect of privacy they measure, their required inputs, and the type of data that needs protection. In addition, we present a method on how to choose privacy metrics based on nine questions that help identify the right privacy metrics for a given scenario, and highlight topics where additional work on privacy metrics is needed. Our survey spans multiple privacy domains and can be understood as a general framework for privacy measurement

An Analysis of Social Networking Sites: Privacy Policy and Features

Social Networking Sites (SNSs) are at the heart of many people lives, and the majority of both students and adults who use them to share information, keeping contact with old friends and meeting new acquaintances. However, the increasing number of action on online services also gives a raised to privacy concerns and issues. Therefore, the main purpose of this study is investigate the two SNSs i.e. Facebook and Friendster in terms of privacy policy and features, users‟ preferences and needs as well as producing a guideline for good SNSs from users design perspective. In an attempt to achieve the objectives of this study, however, two different approaches were employed; first literature has reviewed for two SNSs for the comparative analysis, and secondly quantitative approach technique was used. Online questionnaire was designed and published on the web and the respondents were able to access and sent back respectively. The survey was limited only to one hundred respondents within the Universiti Utara Malaysia. Findings from this study reveal that there are significant differences and similarities between Facebook and Friendster privacy policy and features. However, Friendster has hidden users‟ identity information by default to only friends, while Facebook has made it public to everyone. Results from survey in this study indicate that most of the respondents disclose information including personal and private information with public and friends, nevertheless, many respondents prefer to share their personal and private information with friends. Although, majority of respondents are aware of privacy setting changes, while they have notable attitude toward privacy protection as well as trust. This study usher a new era towards knowledge of social networking sites and the result can be use to the body of literature on information system with emphasis on privacy policy setting and features

Private and censorship-resistant communication over public networks

Society’s increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national governments. We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which the participants only communicate directly with people they know and trust. This ‘friend-to-friend’ approach protects the participants’ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer overlay, the users of the system must collectively provide the resources necessary for its operation; some users might prefer to use the system without contributing resources equal to those they consume, and if many users do so, the system may not be able to survive. To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for cooperation under a wide range of conditions. The second challenge is that the structure of a friend-to-friend overlay may reveal the users’ social relationships to an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other participants. We address this second challenge by developing two new routing protocols that robustly deliver messages across networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a message has been delivered without identifying the source or destination of the message or the path by which it was delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other provides rational incentives for selfish participants to cooperate in forwarding messages

Evaluating the Strength of Genomic Privacy Metrics

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The genome is a unique identifier for human individuals. The genome also contains highly sensitive information, creating a high potential for misuse of genomic data (for example, genetic discrimination). In this paper, we investigate how genomic privacy can be measured in scenarios where an adversary aims to infer a person’s genomic markers by constructing probability distributions on the values of genetic variations. We measured the strength of privacy metrics by requiring that metrics are monotonic with increasing adversary strength and uncovered serious problems with several existing metrics currently used to measure genomic privacy. We provide suggestions on metric selection, interpretation, and visualization, and illustrate the work flow using case studies for three real-world diseases

Non-Binding (Designated Verifier) Signature

We argue that there are some scenarios in which plausible deniability might be desired for a digital signature scheme. For instance, the non-repudiation property of conventional signature schemes is problematic in designing an Instant Messaging system (WPES 2004). In this paper, we formally define a non-binding signature scheme in which the Signer is able to disavow her own signature if she wants, but, the Verifier is not able to dispute a signature generated by the Signer. That is, the Signer is able to convince a third party Judge that she is the owner of a signature without disclosing her secret information. We propose a signature scheme that is non-binding and unforgeable. Our signature scheme is post-quantum secure if the underlying cryptographic primitives are post-quantum secure. In addition, a modification to our nonbinding signature scheme leads to an Instant Messaging system that is of independent interest