Tor:From the Dark Web to the Future of Privacy

A biography of Tor—a cultural and technological history of power, privacy, and global politics at the internet's core.Tor, one of the most important and misunderstood technologies of the digital age, is best known as the infrastructure underpinning the so-called Dark Web. But the real “dark web,” when it comes to Tor, is the hidden history brought to light in this book: where this complex and contested infrastructure came from, why it exists, and how it connects with global power in intricate and intimate ways. In Tor: From the Dark Web to the Future of Privacy, Ben Collier has written, in essence, a biography of Tor—a cultural and technological history of power, privacy, politics, and empire in the deepest reaches of the internet.The story of Tor begins in the 1990s with its creation by the US Navy's Naval Research Lab, from a convergence of different cultural worlds. Drawing on in-depth interviews with designers, developers, activists, and users, along with twenty years of mailing lists, design documents, reporting, and legal papers, Collier traces Tor's evolution from those early days to its current operation on the frontlines of global digital power—including the strange collaboration between US military scientists and a group of freewheeling hackers called the Cypherpunks. As Collier charts the rise and fall of three different cultures in Tor's diverse community—the engineers, the maintainers, and the activists, each with a distinct understanding of and vision for Tor—he reckons with Tor's complicated, changing relationship with contemporary US empire. Ultimately, the book reveals how different groups of users have repurposed Tor and built new technologies and worlds of their own around it, with profound implications for the future of the Internet

C4PS - Helping Facebookers Manage their Privacy Settings

The ever increasing popularity of Online Social Networks has left a wealth of personal data on the web, accessible for broad and automatic retrieval. Protection from undesired recipients and harvesting by crawlers is implemented by access control, manually configured by the user in his privacy settings. Privacy unfriendly default settings and the user unfriendly privacy setting interfaces cause an unnoticed over-sharing. We propose C4PS - Colors for Privacy Settings, a concept for future privacy setting interfaces. We developed a mockup for privacy settings in Facebook as a proof of concept, applying color coding for different privacy visibilities, providing easy access to the privacy settings, and generally following common, well known practices. We evaluated this mockup in a lab study and show in the results that the new approach increases the usability significantly. Based on the results we provide a Firefox plug-in implementing C4PS for the new Facebook interface

Survey of End-to-End Mobile Network Measurement Testbeds, Tools, and Services

Mobile (cellular) networks enable innovation, but can also stifle it and lead to user frustration when network performance falls below expectations. As mobile networks become the predominant method of Internet access, developer, research, network operator, and regulatory communities have taken an increased interest in measuring end-to-end mobile network performance to, among other goals, minimize negative impact on application responsiveness. In this survey we examine current approaches to end-to-end mobile network performance measurement, diagnosis, and application prototyping. We compare available tools and their shortcomings with respect to the needs of researchers, developers, regulators, and the public. We intend for this survey to provide a comprehensive view of currently active efforts and some auspicious directions for future work in mobile network measurement and mobile application performance evaluation.Comment: Submitted to IEEE Communications Surveys and Tutorials. arXiv does not format the URL references correctly. For a correctly formatted version of this paper go to http://www.cs.montana.edu/mwittie/publications/Goel14Survey.pd

Money Walks: A Human-Centric Study on the Economics of Personal Mobile Data

In the context of a myriad of mobile apps which collect personally identifiable information (PII) and a prospective market place of personal data, we investigate a user-centric monetary valuation of mobile PII. During a 6-week long user study in a living lab deployment with 60 participants, we collected their daily valuations of 4 categories of mobile PII (communication, e.g. phonecalls made/received, applications, e.g. time spent on different apps, location and media, photos taken) at three levels of complexity (individual data points, aggregated statistics and processed, i.e. meaningful interpretations of the data). In order to obtain honest valuations, we employ a reverse second price auction mechanism. Our findings show that the most sensitive and valued category of personal information is location. We report statistically significant associations between actual mobile usage, personal dispositions, and bidding behavior. Finally, we outline key implications for the design of mobile services and future markets of personal data.Comment: 15 pages, 2 figures. To appear in ACM International Joint Conference on Pervasive and Ubiquitous Computing (Ubicomp 2014

Reducing risky security behaviours:utilising affective feedback to educate users

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness

The Effect of Nudges and Boosts on Browsing Privacy in a Naturalistic Environment

During everyday web browsing and search users reveal many pieces of private information to third parties. Even though people report being concerned about their privacy online, they often do not take steps to protect it. This is known as the 'privacy paradox' in the literature. In this work we study two well-known strategies based on theories from the behavioral sciences, nudging and boosting, which encourage users to browse in a way that their private data are less exposed. First, an online survey (N=127) tested the comprehensibility and efficacy of various facts (boosts), before the most effective of these were evaluated against 'nudge' interventions previously shown to be efficacious in lab-studies. A three week naturalistic study (N=68) using a browser extension revealed that both nudges and boosts improve browsing privacy, as approximated by different measures. Boosts are also shown to improve user knowledge about privacy in the short term, but the benefit weakens over time

The Exploitation of Web Navigation Data: Ethical Issues and Alternative Scenarios

Nowadays, the users' browsing activity on the Internet is not completely private due to many entities that collect and use such data, either for legitimate or illegal goals. The implications are serious, from a person who exposes unconsciously his private information to an unknown third party entity, to a company that is unable to control its information to the outside world. As a result, users have lost control over their private data in the Internet. In this paper, we present the entities involved in users' data collection and usage. Then, we highlight what are the ethical issues that arise for users, companies, scientists and governments. Finally, we present some alternative scenarios and suggestions for the entities to address such ethical issues.Comment: 11 pages, 1 figur

Privacy provision in eHealth using external services

Privacy provision is a key issue for successful secure access to patients’ health information. Current approaches do not always provide patients with the ability to define suitable rules to access to their information in a secure way. This paper presents an approach to give patients control over their information by means of external services. In this way, health information management and access control are kept independent and more secure.Postprint (published version