1 / 30

The Privacy Conundrum (Do we have secrets to hide?)

The Privacy Conundrum (Do we have secrets to hide?). Partha Dasgupta Arizona State University Tempe, AZ, USA. Overview. Privacy – what, why, and it’s important Security is different Privacy leaks via browsing Advertising and the importance of targeting

joelle
Télécharger la présentation

The Privacy Conundrum (Do we have secrets to hide?)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Privacy Conundrum(Do we have secrets to hide?) Partha DasguptaArizona State UniversityTempe, AZ, USA

  2. Overview • Privacy – what, why, and it’s important • Security is different • Privacy leaks via browsing • Advertising and the importance of targeting • Why we have no privacy even if we have security? • Smartphones and things to come

  3. Privacy • The ability of an entity to seclude information about itself. • Types of privacy: • Personal, informational (financial, medical, political, Internet), organizational, spiritual. • Ability to control information flow, limit publicity, enforce the notion of “private information” • Privacy is rooted in cultural aspects. • Western cultures are more concerned with individual privacy. Urban cultures value privacy more than rural cultures • Right to privacy? • Internet privacy?

  4. Why Hide? Why Privacy? • “If you have nothing to hide, you have nothing to fear” OR • “If you have done nothing wrong, you have nothing to hide” • Eric Schmidt, (CEO of Google): -- "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, …” • Pitfalls: • Mistakes, misinterpretation, framing, false opinions, lack of due process • Discrimination based on personal opinions, politics, health, • Cardinal Richelieu (circa 1600): "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged", • Bruce Schneier: "Too many wrongly characterize the debate as "security versus privacy." The real choice is liberty versus control.“ • Scott McNealy, “You have zero privacy anyway. Get over it.” (1998)

  5. Security (and privacy) • Security: Protect against attackers gaining access to property, systems, information and such. • Privacy: Protect against oneself disclosing information that could be harmful if disclosed. • Privacy subsumes security, but not vice versa. • Secure systems can protect privacy, but often do not. • Smartphones may be secure, but are terrible leakers of privacy. • Today, most privacy leaks happen without any security attacks. • People unknowingly leak private information on the internet

  6. Simple Privacy Leaks • Browser • Search History • On cloud, or local (with Javascript tracking) • Google Maps (mobile)

  7. Filter Bubble • Customized searches • Google (and others) provide search results based on what you searched/liked before • Customized for you • Customization leads to the “filter bubble” • you live in a bubble and see what you would like to see. • The user experience from an algorithm selectively guesses what information a user would like to see based on information about the user. • Good  Food choices, lifestyle choices • Bad  Opinions, politics, news

  8. “You are the Product” • The internet applications are free to users…. • Since you are not paying, you are not the consumer • You are the product being sold to their clients • Why are you valuable? • Advertising budget: > USD 100 billion (40b for US) • Advertising effectiveness increases dramatically when a product is advertised to a person, who wants it, or may be convinced they want it. • Targeted advertising • The victim has little chance • Serious money is involved, and the better the targeting, the better the results and hence the higher the cost-per-click.

  9. Why track? • You are the product…targeted advertising is the goal • Profit! • The web is advertiser supported and advertisers want to know and control: • Who sees the ads – demographics, income, location, age, sex and so on. • What ad should be shown to whom, targeted specials have great success. • Build profiles – databases about humans who brows the web. • Even if browsing incognito (private modes)

  10. Advertising Driven? • Google: Revenue, 2013: USD 60 billion Profits, 2013: USD 12 billion • Facebook too Who paid this?? Why? Google is free?

  11. Marketing Maxims • You do not buy the product, you buy the brand • Perception of a good deal • Perception of higher quality • Power of marketing • “I do not care for advertisements” – not true. • Targeted advertising • Preys on peoples weaknesses, yearnings and FUD • FUD: Fear, uncertainty, doubt • “Good” deals too – it is musch better to mark up a $50 product to $100 and then prividing a 50% discount, than to price it at $50.

  12. Complex Privacy Leaks • Targeting user need in-depth information about the users • Hence breaching users privacy is important • Tracking / Monitoring • Eavesdropping • Aggregation of information • Building profiles • Data Mining and other AI/Machine Learning techniques • Connection graph

  13. Tracking – Monitoring - Eavesdropping • You know Your friends know  some people may know  One entity knows about everyone • Third party cookies • Javascript tracking http://www.forbes.com/ http://www.independent.co.uk/ http://www.businessinsider.com/ http://uk.reuters.com/ http://venturebeat.com/

  14. Facebook-style tracking • Facebook icons and likes • Also many other sites • Click not needed • Even when logged off!! • “Sign in with Facebook”

  15. Cloud Computing • Cloud computing: “You have zero privacy anyway. Get over it.” • Storage on the cloud  All data is visible to service provider. • Nothing ever gets deleted • Cloud drives, cloud email, financial tracking, health monitoring, payment systems, calendaring, mapping and routing, call a cab, • Even crowdsourcing sites, social networking sites, photo sharing sites, and so on.

  16. Aggregation of tracks • Cookies allow a website to see who is repeatedly visiting them • Each website manages its own data about users • Aggregation allows a third party to see the global picture • Tracking techniques make this possible • Resulting data in valuable to marketing people

  17. Graphs and Mining • Relationship graphs reveal a lot about you • Who do you communicate with? • Who communicates with you? • Relationships based on friends, location, age, gender, political beliefs, religion, hobbies, interests • Building profiles • Data Mining • Machine learning

  18. The Smartphone trap • The final frontier are smartphones • “There is a app for it” • As smartphone usage is rising, the tracking and monitoring opportunities are exploding • Smartphone penetration – “HIGH” • US: 50%, China: India: 13% • Growth rate is impressive • Downloaded apps are like viruses, they have too much power • Even though they disclose the “power” • Too many permissions?

  19. Android Security and Privacy • Android has a “well designed, well thought out” security infrastructure • Android has legitimate ways of bypassing security with user permissions – get higher permissions • Users have to be knowledgeable • Want the app? You have to say yes to permissions. • Privacy controls are terrible • Apps can leak, aggregate, profile and even collude • “intents” is a backdoor method of inter-app communication

  20. Google Maps Device & app history -- retrieve running apps Identity -- find accounts on the device -- add or remove accounts Contacts/Calendar -- read your contacts -- modify your contacts Location -- precise location (GPS and network-based) Phone -- write call log -- directly call phone numbers Photos/Media/Files -- test access to protected storage -- modify or delete the contents of your USB storage Camera/Microphone -- record audio Wi-Fi connection information -- view Wi-Fi connections Device ID & call information -- read phone status and identity Other -- view configured accounts -- receive data from Internet -- run at startup -- view network connections -- install shortcuts -- control Near Field Communication -- use accounts on the device -- disable your screen lock -- read Google service configuration -- full network access -- connect and disconnect from Wi-Fi -- control vibration

  21. Facebook (edited) Identity -- find accounts on the device -- add or remove accounts -- read your own contact card Contacts/Calendar -- modify your contacts -- read calendar events plus confidential information -- add or modify calendar events and send email to guests without owners' knowledge Location -- precise location (GPS and network-based) SMS -- read your text messages (SMS or MMS) Phone -- write call log -- directly call phone numbers Photos/Media/Files Camera/Microphone -- take pictures and videos -- record audio Wi-Fi connection information -- view Wi-Fi connections Device ID & call information -- read phone status and identity Other -- download files without notification -- create accounts and set passwords -- view network connections -- install shortcuts -- read Google service configuration -- draw over other apps -- full network access -- change network connectivity -- set wallpaper -- send sticky broadcast -- reorder running apps -- connect and disconnect from Wi-Fi

  22. Brightest Flashlight Device ID & call information -- read phone status and identity Other -- disable or modify status bar -- read Home settings and shortcuts -- control flashlight -- prevent device from sleeping -- view network connections -- full network access -- install shortcuts -- uninstall shortcuts Location -- approximate location (network-based) -- precise location (GPS and network-based) Photos/Media/Files -- modify or delete the contents of your USB storage -- test access to protected storage Camera/Microphone -- take pictures and videos Wi-Fi connection information -- view Wi-Fi connections

  23. Smartphone Tracking Risks • What can a smartphone do? • Complex apps that gather a lot of information • An aggregation point of a large number of tracking possibilities • Location maps • Activity (physical) • Transactions (financial) • Communications with other people • Lifestyle choices • Health monitoring • Payment systems • “The Ecosystem” • Profile building that is significantly better than what is possible on computers

  24. Payment Systems • Smartphone based banking and payment systems are being marketed heavily • NFC (Near Field Communication) based systems, as well as other methods • Credit card transactions • Wallet based transactions • Monitoring your spending profiles • Gather real information about what the user does and purchases and sees • Comparative shopping systems • Amazon does real market analysis via crowdsourcing

  25. Health Monitoring Systems • Health sensors that interface to your smartphone • e.g. FITBIT • Sensors can find out a lot about you • Sleep • Sit, walk, run, climb • Vitals (heart rate, blood pressure, sugar levels) • Food and drink consumption • Data is uploaded to cloud servers • A lot of advantages • Get the ideas…..?

  26. Life Scheduling • Things you should do, and when • Calendaring combined with …. • Location • To-do lists • Things to buy • Friends and connections • Managing time and activities • Yet another wonderful data mining source

  27. Total Ecosystems • The smartphone based ecosystems are almost here • Use the smartphone to control your entire existence • Social • Personal • Professional • Entertainment • Hobbies • Aggregate all information and use it against the poor human • Google, Apple, Microsoft control all the apps you can get on the respective platforms • Much more to come, things we have not thought of yet • Today marketing, tomorrow worse…

  28. Government Surveillance • Governments use surveillance for various reasons • Defeating terrorism? • Using backbone monitoring • Raw data, as well s other techniques • Get encryption keys via various methods • Not easily defeated, since they have powers of enforcement

  29. Internet of Things • The future – every device will be connected to the Internet • Household devices, sensors, actuators, lights, appliances • IPv6 will make everything have a unique IP address • Security and privacy can be compromised in many ways • Unintended consequences • Not well thought through, just like most technologies • Very useful, but has severe downsides

  30. Conclusions • Scott McNealy was right • (1998 was not when privacy leaks were common) • Since we have lost the right to privacy, we probably will never get it back • Corporate and government interests will win • The advantages of giving up privacy entices most people • Services for free • Quite useful applications • BUT we pay a high price for it….. • “Free is too expensive”

More Related