On Web User Tracking: How Third-Party Http Requests Track Users' Browsing Patterns for Personalised Advertising

On today's Web, users trade access to their private data for content and services. Advertising sustains the business model of many websites and applications. Efficient and successful advertising relies on predicting users' actions and tastes to suggest a range of products to buy. It follows that, while surfing the Web users leave traces regarding their identity in the form of activity patterns and unstructured data. We analyse how advertising networks build user footprints and how the suggested advertising reacts to changes in the user behaviour.Comment: arXiv admin note: substantial text overlap with arXiv:1605.0653

Potential mass surveillance and privacy violations in proximity-based social applications

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim's online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity

On the anonymity risk of time-varying user profiles.

Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and analysed. Every time a user publishes a new post or creates a link with another entity, either another user, or some online resource, new information is added to the user profile. Exposing private data does not only reveal information about single users’ preferences, increasing their privacy risk, but can expose more about their network that single actors intended. This mechanism is self-evident in social networks where users receive suggestions based on their friends’ activities. We propose an information-theoretic approach to measure the differential update of the anonymity risk of time-varying user profiles. This expresses how privacy is affected when new content is posted and how much third-party services get to know about the users when a new activity is shared. We use actual Facebook data to show how our model can be applied to a real-world scenario.Peer ReviewedPostprint (published version

On web user tracking of browsing patterns for personalised advertising

This is an Accepted Manuscript of an article published by Taylor & Francis in International Journal of Parallel, Emergent and Distributed Systems on 19/02/2017, available online: http://www.tandfonline.com/doi/abs/10.1080/17445760.2017.1282480On today’s Web, users trade access to their private data for content and services. App and service providers want to know everything they can about their users, in order to improve their product experience. Also, advertising sustains the business model of many websites and applications. Efficient and successful advertising relies on predicting users’ actions and tastes to suggest a range of products to buy. Both service providers and advertisers try to track users’ behaviour across their product network. For application providers this means tracking users’ actions within their platform. For third-party services following users, means being able to track them across different websites and applications. It is well known how, while surfing the Web, users leave traces regarding their identity in the form of activity patterns and unstructured data. These data constitute what is called the user’s online footprint. We analyse how advertising networks build and collect users footprints and how the suggested advertising reacts to changes in the user behaviour.Peer ReviewedPostprint (author's final draft

On content-based recommendation and user privacy in social-tagging systems

Recommendation systems and content filtering approaches based on annotations and ratings, essentially rely on users expressing their preferences and interests through their actions, in order to provide personalised content. This activity, in which users engage collectively has been named social tagging, and it is one of the most popular in which users engage online, and although it has opened new possibilities for application interoperability on the semantic web, it is also posing new privacy threats. It, in fact, consists of describing online or offline resources by using free-text labels (i.e. tags), therefore exposing the user profile and activity to privacy attacks. Users, as a result, may wish to adopt a privacy-enhancing strategy in order not to reveal their interests completely. Tag forgery is a privacy enhancing technology consisting of generating tags for categories or resources that do not reflect the user's actual preferences. By modifying their profile, tag forgery may have a negative impact on the quality of the recommendation system, thus protecting user privacy to a certain extent but at the expenses of utility loss. The impact of tag forgery on content-based recommendation is, therefore, investigated in a real-world application scenario where different forgery strategies are evaluated, and the consequent loss in utility is measured and compared.Peer ReviewedPostprint (author’s final draft

MobilitApp: Analysing mobility data of citizens in the metropolitan area of Barcelona

MobilitApp is a platform designed to provide smart mobility services in urban areas. It is designed to help citizens and transport authorities alike. Citizens will be able to access the MobilitApp mobile application and decide their optimal transportation strategy by visualising their usual routes, their carbon footprint, receiving tips, analytics and general mobility information, such as traffic and incident alerts. Transport authorities and service providers will be able to access information about the mobility pattern of citizens to o er their best services, improve costs and planning. The MobilitApp client runs on Android devices and records synchronously, while running in the background, periodic location updates from its users. The information obtained is processed and analysed to understand the mobility patterns of our users in the city of Barcelona, Spain

Ser-en-el-mundo carnal, ser-en-la red virtual : Desafíos para una antropología de las subjetividades-corporalidades contemporáneas

El surgimiento y posterior consolidación de las nuevas “Tecnologías de la Información y la Comunicación” (las denominadas “TICS”) y, en especial, el fenómeno de internet constituyen un desafío para repensar los modos en que se construyen las subjetividades-corporalidades contemporáneas en tanto entrañan transformaciones en los modos de sociabilidad y lazos afectivos. Teniendo esto en cuenta, en primer lugar problematizamos ciertas interpretaciones intelectuales que califican como inauténticas a las formas de sociabilidad, subjetivación y los regímenes corporales que estas tecnologías promueven. Posteriormente, recuperando los desarrollos fenomenológicos, señalamos que si a mediados del siglo XX Merleau-Ponty reformuló la noción husserliana de ser-en-el mundo, planteando lo inescindible de la relación cuerpo-mundo, hoy nos vemos interpelados a dar cuenta del modo en que la redes virtuales son también parte de ese mundo. En este sentido, consideramos que la red virtual se ha convertido entonces en un horizonte más, de entre los infinitos posibles, del mundo de vida cotidiano y denominamos a esta estructura ontológica “ser-en-la-red”. Finalmente, consideramos que estos fenómenos actuales desestabilizan nuestras teorías modernas sobre las subjetividades-corporalidades en tanto nos obligan a cuestionar nuestras concepciones tradicionales de sujeto y cuerpo como algo individual, territorializado y estable, impulsándonos de este modo a construir nuevas herramientas conceptuales para dar cuenta de estos fenómenos actuales.Facultad de Ciencias Naturales y Muse

Effect of masks on speech intelligibility in auralized classrooms

This study explored the effects of wearing face masks on classroom communication. The effects of three different types of face masks (fabric, surgical, and N95 masks) on speech intelligibility (SI) presented to college students in auralized classrooms were evaluated. To simulate realistic classroom conditions, speech stimuli were presented in the presence of speech-shaped noise with a signal-to-noise ratio of +3dB under two different reverberation times (0.4s and 3.1s). The use of fabric masks yielded a significantly greater reduction in SI compared to the other masks. Therefore, surgical masks or N95 masks are recommended in teaching environments