Locality-Sensitive Hashing Does Not Guarantee Privacy! Attacks on Google's FLoC and the MinHash Hierarchy System

Recently proposed systems aim at achieving privacy using locality-sensitive hashing. We show how these approaches fail by presenting attacks against two such systems: Google's FLoC proposal for privacy-preserving targeted advertising and the MinHash Hierarchy, a system for processing mobile users' traffic behavior in a privacy-preserving way. Our attacks refute the pre-image resistance, anonymity, and privacy guarantees claimed for these systems. In the case of FLoC, we show how to deanonymize users using Sybil attacks and to reconstruct 10% or more of the browsing history for 30% of its users using Generative Adversarial Networks. We achieve this only analyzing the hashes used by FLoC. For MinHash, we precisely identify the movement of a subset of individuals and, on average, we can limit users' movement to just 10% of the possible geographic area, again using just the hashes. In addition, we refute their differential privacy claims.Comment: 14 pages, 9 figures submitted to PETS 202

Feedback to the European Data Protection Board's Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive

We very much welcome the EDPB's Guidelines. Please find hereunder our feedback to the Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive. Our comments are presented after a quotation from the proposed text by the EDPB in a box

A further investigation of the cytochrome b5–cytochrome c complex

J Biol Inorg Chem (2003) 8: 777–786The interaction of reduced rabbit cytochrome b5 with reduced yeast iso-1 cytochrome c has been studied through the analysis of 1H–15N HSQC spectra, of 15N longitudinal (R1) and transverse (R2) relaxation rates, and of the solvent exchange rates of protein backbone amides. For the first time, the adduct has been investigated also from the cytochrome c side. The analysis of the NMR data was integrated with docking calculations. The result is that cytochrome b5 has two negative patches capable of interacting with a single positive surface area of cytochrome c. At low protein concentrations and in equimolar mixture, two different 1:1 adducts are formed. At high concentration and/or with excess cytochrome c, a 2:1 adduct is formed. All the species are in fast exchange on the scale of differences in chemical shift. By comparison with literature data, it appears that the structure of one 1:1 adduct changes with the origin or primary sequence of cytochrome b5

Structure and dynamics of the RNAPII CTDsome with Rtt103

RNA polymerase II (RNAPII) not only transcribes protein coding genes and many noncoding RNA, but also coordinates transcription and RNA processing. This coordination is mediated by a long C-terminal domain (CTD) of the largest RNAPII subunit, which serves as a binding platform for many RNA/protein-binding factors involved in transcription regulation. In this work, we used a hybrid approach to visualize the architecture of the full-length CTD in complex with the transcription termination factor Rtt103. Specifically, we first solved the structures of the isolated subcomplexes at high resolution and then arranged them into the overall envelopes determined at low resolution by small-angle X-ray scattering. The reconstructed overall architecture of the Rtt103–CTD complex reveals how Rtt103 decorates the CTD platform

Structural and functional basis of mammalian microRNA biogenesis by Dicer

MicroRNA (miRNA) and RNA interference (RNAi) pathways rely on small RNAs produced by Dicer endonucleases. Mammalian Dicer primarily supports the essential gene-regulating miRNA pathway, but how it is specifically adapted to miRNA biogenesis is unknown. We show that the adaptation entails a unique structural role of Dicer’s DExD/H helicase domain. Although mice tolerate loss of its putative ATPase function, the complete absence of the domain is lethal because it assures high-fidelity miRNA biogenesis. Structures of murine Dicer⋅miRNA precursor complexes revealed that the DExD/H domain has a helicase-unrelated structural function. It locks Dicer in a closed state, which facilitates miRNA precursor selection. Transition to a cleavage-competent open state is stimulated by Dicer-binding protein TARBP2. Absence of the DExD/H domain or its mutations unlocks the closed state, reduces substrate selectivity, and activates RNAi. Thus, the DExD/H domain structurally contributes to mammalian miRNA biogenesis and underlies mechanistical partitioning of miRNA and RNAi pathways

Block Cookies, Not Websites: Analysing Mental Models and Usability of the Privacy-Preserving Browser Extension CookieBlock

In the modern web, users are confronted with a plethora of complex privacy-related decisions about cookies and consent, often compounded by misleading policies and deceptive patterns. Past efforts to enhance online privacy have failed due to their dependence on website compliance. A solution to this lies in privacy-enhancing tools that are directly controlled by the user. However, challenges related to the usability and flawed understanding of the tools’ functionality hinder their widespread adoption. To address this problem, we evaluated the browser extension CookieBlock as an example of a current tool, which supports users by blocking tracking cookies independent of website compliance. We used a complementary approach consisting of an expert evaluation of CookieBlock and the related tools NoScript and Ghostery, and a laboratory user study focusing on the unique details of how users interact with CookieBlock specifically. The laboratory study with 42 participants investigated usage, mental models, and usability of CookieBlock based on eye tracking, interaction, and self-report data. While CookieBlock received good usability ratings, 18 participants were unable to solve a website breakage caused by cookie misclassification on their own. Overall, the results revealed flawed mental models of CookieBlock’s functionality and resulting challenges in making the connection between website breakage and cookie misclassification. Implications for CookieBlock and related applications include interface design recommendations supporting accurate mental models and the proposal of improved heuristics to better guide users and warn them about potential identified website breakage.ISSN:2299-098

A Robust Distributed Algorithm for Solving the Economic Dispatch Problem with the Penetration of Renewables and Battery Systems

In the field of energy networks, for their effective functioning, it is necessary to distribute the required load between all online generating units in a proper way to cover the demand. The load schedule is obtained by solving the so-called Economic Dispatch Problem (EDP). The EDP can be solved in many ways, resulting in a power distribution plan between online generating units in the network so that the resulting price per unit of energy is minimal. This article focuses on designing a distributed gradient algorithm for solving EDP, supplemented by models of renewable sources, Battery Energy Storage System (BESS), variable fuel prices, and consideration of multiple uncertainties at once. Specifically, these are: time-variable transport delays, noisy gradient calculation, line losses, and drop-off packet representations. The algorithm can thus be denoted as robust, which can work even in unfavorable conditions commonly found in real applications. The capabilities of the presented algorithm will be demonstrated and evaluated on six examples

Automating Cookie Consent and GDPR Violation Detection

The European Union’s General Data Protection Regulation (GDPR) requires websites to inform users about personal data collection and request consent for cookies. Yet the majority of websites do not give users any choices, and others attempt to deceive them into accepting all cookies. We document the severity of this situation through an analysis of potential GDPR violations in cookie banners in almost 30k websites. We identify six novel violation types, such as incorrect category assignments and misleading expiration times, and we find at least one potential violation in a surprising 94.7% of the analyzed websites. We address this issue by giving users the power to protect their privacy. We develop a browser extension, called CookieBlock, that uses machine learning to enforce GDPR cookie consent at the client. It automatically categorizes cookies by usage purpose using only the information provided in the cookie itself. At a mean validation accuracy of 84.4%, our model attains a prediction quality competitive with expert knowledge in the field. Additionally, our approach differs from prior work by not relying on the cooperation of websites themselves. We empirically evaluate CookieBlock on a set of 100 randomly sampled websites, on which it filters roughly 90% of the privacy-invasive cookies without significantly impairing website functionality

Locality-Sensitive Hashing Does Not Guarantee Privacy! Attacks on Google's FLoC and the MinHash Hierarchy System

Recently proposed systems aim at achieving privacy using locality-sensitive hashing. We show how these approaches fail by presenting attacks against two such systems: Google’s FLoC proposal for privacy-preserving targeted advertising and the MinHash Hierarchy, a system for processing location trajectories in a privacy-preserving way. Our attacks refute the pre-image resistance, anonymity, and privacy guarantees claimed for these systems. In the case of FLoC, we show how to deanonymize users using Sybil attacks and to reconstruct 10% or more of the browsing history for 30% of its users using Generative Adversarial Networks. We achieve this only analyzing the hashes used by FLoC. For MinHash, we precisely identify the location trajectory of a subset of individuals and, on average, we can limit users’ trajectory to just 10% of the possible geographic area, again using just the hashes. In addition, we refute their differential privacy claims.ISSN:2299-098