The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-29883-2_14E-shopping has grown considerably in the last years, providing
customers with convenience, merchants with increased sales, and
financial entities with an additional source of income. However, it may
also be the source of serious threats to privacy. In this paper, we review
the e-shopping process, discussing attacks or threats that have been analyzed
in the literature for each of its stages. By showing that there exist
threats to privacy in each of them, we argue our following position: “It is
not enough to protect a single independent stage, as is usually done in
privacy respectful proposals in this context. Rather, a complete solution
is necessary spanning the overall process, dealing also with the required
interconnections between stages.” Our overview also reflects the diverse
types of information that e-shopping manages, and the benefits (e.g.,
such as loyalty programs and fraud prevention) that system providers
extract from them. This also endorses the need for solutions that, while
privacy preserving, do not limit or remove these benefits, if we want
prevent all the participating entities from rejecting it.This work was supported by project S2013/ICE-3095-CM (CIBERDINE) of the Comunidad de Madrid and MINECO TIN2010-19607, TIN2012-30883, TIN2014-54580-R. The work of Seung Geol Choi was supported in part by the Office of Naval Research under Grant Number N0001415WX01232. The work of Moti Yung was done in part while visiting the Simons Institute for Theory of Computing, UC Berkeley. The work of Jesus Diaz was done in part while visiting the Network Security Lab at Columbia University