Digital Contact Tracing: Large-scale Geolocation Data as an Alternative to Bluetooth-based Apps' Failure

The currently deployed contact-tracing mobile apps have failed as an efficient solution in the context of the COVID-19 pandemic. None of them has managed to attract the number of active users required to achieve an efficient operation. This urges the research community to re-open the debate and explore new avenues that lead to efficient contact-tracing solutions. This paper contributes to this debate with an alternative contact-tracing solution that leverages already available geolocation information owned by BigTech companies with very large penetration rates in most countries adopting contact-tracing mobile apps. Moreover, our solution provides sufficient privacy guarantees to protect the identity of infected users as well as precluding Health Authorities from obtaining the contact graph from individuals.Comment: 7 pages, 1 figure, 1 tabl

Digital contact tracing: large-scale geolocation data as an alternative to bluetooth-based Apps failure

The currently deployed contact-tracing mobile apps have failed as an efficient solution in the context of the COVID-19 pandemic. None of them have managed to attract the number of active users required to achieve efficient operation. This urges the research community to re-open the debate and explore new avenues to lead to efficient contact-tracing solutions. In this paper, we contribute to this debate with an alternative contact-tracing solution that leverages the already available geolocation information owned by BigTech companies that have large penetration rates in most of the countries adopting contact-tracing mobile apps. Our solution provides sufficient privacy guarantees to protect the identity of infected users as well as to preclude Health Authorities from obtaining the contact graph from individuals.The research leading to these results received funding from the European Union’s Horizon 2020 innovation action programme under the grant agreement No 871370 (PIMCITY project); the Ministerio de Economía, Industria y Competitividad, Spain, and the European Social Fund(EU), under the Ramón y Cajal programme (Grant RyC-2015-17732); the Ministerio de Educación, Cultura y Deporte, Spain, through the FPU programme (Grant FPU16/05852); the Ministerio de Ciencia e Innovación under the project ACHILLES (Grant PID2019-104207RB-I00); the Community of Madrid synergic project EMPATIA-CM (Grant Y2018/TCS-5046); and the Fundación BBVA under the project AERIS; and the NSERC Discovery Grant 2016-04521

Does Facebook use sensitive data for advertising purposes? worldwide analysis and GDPR Impact

Citizens Worldwide have demonstrated serious concerns regarding the management of personal information by online services. For instance, the 2015 Eurobarometer about data protection13 reveals that: 63% of citizens within the Eurpean Union (EU) do not trust online businesses, more than half do not like providing personal information in return for free services, and 53% do not like that Internet companies use their personal information in tailored advertising

Malvertising in Facebook: Analysis, Quantification and Solution

This article belongs to the Section Computer Science & EngineeringOnline advertising is a wealthy industry that generated more than $100B in 2018 only in the US and delivers billions of ads to Internet users every day with. These impressive numbers have also attracted the attention of malicious players that try to exploit the online advertising ecosystem for their own benefit. In particular, one of the most harmful practices refers to malicious users that act as advertisers to deliver unsafe ads. The goal of these ads is to compromise the security of the users that receive those ads. This practice is referred to as Malvertising. Some reports have estimated the economic loss caused by malvertising to the online advertising sector to$1.1B in 2017. This paper is the first work that analyses and quantifies the impact of malvertising in Facebook. To accomplish this study, we rely on a dataset that includes more than 5 M ads delivered to 3 K Facebook users from 126 K advertisers between October 2016 and May 2018. Our results reveal that although the portion of advertisers (0.68%) and ads (0.17%) associated to malvertising is very low, 1/3 of the users in our study were exposed to malvertising. Finally, we also propose a novel solution to block malvertising ads in real-time in Facebook.The research leading to these results has received funding from: the European Union’s Horizon 2020 innovation action programme under grant agreement No 786741 (SMOOTH project) and the gran agreement No 871370 (PIMCITY project); the Ministerio de Economía, Industria y Competitividad, Spain, and the European Social Fund(EU), under the Ramón y Cajal programme (grant RyC-2015-17732); the Ministerio de Educación, Cultura y Deporte, Spain, through the FPU programme( Grant FPU16/05852); the Ministerio de Ciencia e Innovación under the project ACHILLES (Grant PID2019-104207RB-I00); the Community of Madrid synergic project EMPATIA-CM (Grant Y2018/TCS-5046); and the Fundación BBVA under the project AERIS

Unique on Facebook: Formulation and Evidence of (Nano)targeting Individual Users with non-PII Data

Proceedings of: ACM Internet Measurement Conference (IMC '21), November 2-4, 2021, Virtual Event, USA.The privacy of an individual is bounded by the ability of a third party to reveal their identity. Certain data items such as a passport ID or a mobile phone number may be used to uniquely identify a person. These are referred to as Personal Identifiable Information (PII) items. Previous literature has also reported that, in datasets including millions of users, a combination of several non-PII items (which alone are not enough to identify an individual) can uniquely identify an individual within the dataset. In this paper, we define a data-driven model to quantify the number of interests from a user that make them unique on Facebook. To the best of our knowledge, this represents the first study of individuals’ uniqueness at the world population scale. Besides, users’ interests are actionable non-PII items that can be used to define ad campaigns and deliver tailored ads to Facebook users. We run an experiment through 21 Face-book ad campaigns that target three of the authors of this paper to prove that, if an advertiser knows enough interests from a user, the Facebook Advertising Platform can be systematically exploited to deliver ads exclusively to a specific user. We refer to this practice as nanotargeting. Finally, we discuss the harmful risks associated with nanotargeting such as psychological persuasion, user manipulation, or blackmailing, and provide easily implementable countermea-sures to preclude attacks based on nanotargeting campaigns on Facebook.This research received funding from the European Union’s Horizon 2020 innovation action programme under the PIMCITY project (Grant 871370) and the TESTABLE project (Grant 101019206); the Ministerio de Economía, Industria y Competitividad, Spain, and the European Social Fund(EU), under the Ramón y Cajal programme (Grant RyC-2015-17732); the Ministerio de Educación, Cultura y Deporte, Spain, through the FPU programme (Grant FPU16/05852); the Agencia Estatal de Investigación (AEI) under the ACHILLES project (Grant PID2019-104207RB-I00/AEI/10.13039/501100011033); the Community of Madrid synergic project EMPATIA-CM (Grant Y2018/TCS-5046); the Fundación BBVA under the project AERIS; and the Vienna Science and Technology Fund through the project “Emotional Well-Being in the Digital Society” (Grant VRG16-005)

TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem

In this paper we conduct a large scale measurement study in order to analyse the fake content publishing phenomenon in the BitTorrent ecosystem. Our results reveal that fake content represents an important portion (35%) of those files shared in BitTorrent and just a few tens of users are responsible for 90% of this content. Furthermore, more than 99% of the analysed fake files are linked to either malware or scam websites. This creates a serious threat for the BitTorrent ecosystem. To address this issue, we present a new tool named TorrentGuard for the early detection of fake content. Based on our evaluation this tool may prevent end users from downloading more than 35 millions fake files per year. This could help to reduce the number of computer infections and scams suffered by BitTorrent users. TorrentGuard is already available and it can be accessed through both a webpage or a Vuze plugin.The research leading to these results has been partially funded by the European Union's FP7 Program under the project eCOUSIN (318398), the Spanish Ministry of Economy and Competitiveness under the eeCONTENT project (TEC2011-29688-C02-02), and the Regional Government of Madrid under the MEDIANET project (S2009/TIC-1468)

Large-Scale Analysis of User Exposure to Online Advertising on Facebook

Online advertising is the major source of income for a large portion of the Internet Services. There exists a body of literature aiming at optimizing ads engagement, understanding the privacy and ethical implications of online advertising, and so on. However, to the best of our knowledge, no previous work analyzes, at large scale, the exposure of real users to online advertising. This paper performs a comprehensive analysis of the exposure of users to ads and advertisers using a dataset, including more than 7M ads from 140k unique advertisers delivered to more than 5k users, which was collected between October 2016 and May 2018. This paper focuses on Facebook, which is the second largest advertising platform next only to Google in terms of revenue and accounts for more than 2.2B monthly active users. Our analysis reveals that the Facebook users are exposed (in median) to 70 ads per week, which comes from 12 advertisers. Ads represent between 10% and 15% of all the information received in the users' newsfeed. A small increment of 1% in the portion of ads in the newsfeed could roughly represent a revenue increase of 8.17M USD per week for Facebook. Finally, we also reveal that the Facebook users are overprofiled since, in the best case, only 23% of the active interests, Facebook assigns to users for the advertising purpose, are actually related to the ads these users receive.The work of A. A. Galán and R. C. Rumin was supported by the European H2020 Project SMOOTH under Grant 786741. The work of J. G. Cabañas was supported in part by the Ministerio de Economía, Industria y Competitividad, Spain, through the Project TEXEO, under Grant TEC2016-80339-R, and in part by the Ministerio de Educación, Cultura y Deporte, Spain, through FPU, under Grant FPU16/05852. The work of A. Cuevas was supported in part by the Ministerio de Economía, Industria y Competitividad, Spain, and in part by the European Social Fund (EU), through the Ramón Y Cajal, under Grant RyC-2015-17732. The work of M. Calderón was supported by the European H2020 Project TYPES under Grant 653449.Publicad

Investigating the reaction of BitTorrent content publishers to antipiracy actions

During recent years, a few countries have put in place online antipiracy laws and there has been some major enforcement actions against violators. This raises the question that to what extent antipiracy actions have been effective in deterring online piracy? This is a challenging issue to explore because of the difficulty to capture user behavior, and to identify the subtle effect of various underlying (and potentially opposing) causes. In this paper, we tackle this question by examining the impact of two major antipiracy actions, the closure of Megaupload and the implementation of the French antipiracy law, on publishers in the largest BitTorrent portal who are major providers of copyrighted content online. We capture snapshots of BitTorrent publishers at proper times relative to the targeted antipiracy event and use the trends in the number and the level of activity of these publishers to assess their reaction to these events. Our investigation illustrates the importance of examining the impact of antipiracy events on different groups of publishers and provides valuable insights on the effect of selected major antipiracy actions on publishers' behavior.This work has been partially supported by the European Union through the FP7 eCOUSIN (318398) and TREND (257740) Projects and the ITEA2 TWIRL Project (Call 5-10029), the Spanish Government under the CRAMNET project (TEC2012-38362-C03-01) and eeCONTENT Project (TEC2011- 29688-C02-02), the Regional Government of Madrid through the MEDIANET project (S-2009/TIC-1468), and the National Science Foundation under Grant IIS-0917381.European Community's Seventh Framework Progra