1 / 43

A F ew Topics on Privacy

A F ew Topics on Privacy. Sankar Roy. Acknowledgement. In preparing the presentation slides and the demo, I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman. What is private? What should be?. Your email and your phone calls

renee
Télécharger la présentation

A F ew Topics on Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Few Topics on Privacy Sankar Roy

  2. Acknowledgement In preparing the presentation slides and the demo, I received help from • Professor Simon Ou • Professor Gurdip Singh • Professor Eugene Vasserman

  3. What is private? What should be? • Your email and your phone calls • Your location throughout the day • Your detailed activity throughout the day • Patterns of your activity • Your web locations throughout the day • Surfing history • Whether you’re on vacation • Is your house empty?

  4. What are privacy leaks? • Public vs. private exposure: • Your email and your phone calls are exposed • Your activity/actions/movement are tracked • Your patterns of activity are exposed • Your web activity/history is exposed • Your online purchases are exposed • Your medical records are exposed

  5. Agenda • Web tracking • Social network privacy • Geo-tracking • Cross-reference with public records (e.g. census) • University policies for your privacy

  6. Web Tracking • Information about people’s web activities have business value • Many companies are trying to • collect your web data • develop a profile of you (what you like or dislike) • Broadly speaking, two types of tracking • monitoring your visits to several websites, online shopping, etc. • monitoring your queries to search engines, keywords used in your emails, etc.

  7. Web Bug : A Tracking Tool • Web bugs • used to be images (also known as tracking pixels) • now can be HTML iFrame, style, script, input link • are loaded on a webpage when you browse it • Typically, web pages are not self-contained • the main content comes from the relevant server (e.g. citi.com) • additional content (including web bugs) come from a 3rd party server (tracker) • The tracker can get information such as • visitor’s IP address, time of visit, type of browser, previously set cookies, etc.

  8. More on Web Bugs • A simplified tracking example • consider a tracking company that has ties with a network of sites • all images (e.g. web bugs) are stored on one host computer while the web pages are stored in different servers. • so, web bugs tool can recognize users traveling around the different servers • advantage: tracking becomes easy because statistics can be collected centrally

  9. DoubleClick (Google) System • Doubleclick is an online ad management system • its clients are advertisers and publishers • tracks users via browser cookies as users travel from website to website (and records which advertisements they view and select). • Runs background analysis: can mine trends over • multiple web sites, types of visitors, periods of time, etc.

  10. The Business Model of DoubleClick • Ad-serving: publishers display ad on their websites • Ad delivery: advertisers control the ad frequency, time • Behavioral targeting: based on the visitor’s past activities, guesses the adverts he/she would like to see

  11. Web-tracking by DoubleClick • What information of the visitor is tracked? • visit time, ad placement id, advert id, user id, user IP address, referral URL, etc. • Can track someone visiting multiple web sites • if these web sites participate in AdSense (Google) • May give a label to a visitor • E.g. “sports lover”, “computer & electronics”, etc. • Note: you may check and edit your label on your Google Ad Preferences manager page

  12. How to Check your label in Google’s Ad Preferences – Part I

  13. How to Check your label in Google’s ad preferences manager – Part II

  14. Do Not Track Me Online Act of 2011 • Sets the standards for the use of an online opt-out function • allows a consumer to forbid the use of private information • Regarded as an online version of the Do Not Call law • States that a business entity should disclose the status of personal information collection • The opposition group (against this law) also has some valid points

  15. Abine’sTool: “Do Not Track Me” • This tool works as a browser (e.g. Firefox) plugin • Blocks the tracking capabilities • of advertisers, social networks, and data-collection companies • can display the list of websites which are tracking you now • opts you out of being tracked • May still allow same number of adverts, • but can stop targeted advertising that uses your personal information

  16. Using “Do Not Track Me”: Example I

  17. Using “Do Not Track Me”: Example II

  18. Web History Tracking • Search engines, such as Google keep on storing the keywords you search • as well as your browsing history • and associates this information against your Google account id • Google uses this information for targeted advertisement in future • If misused, this information can lead to our privacy breach

  19. A Google Web History Page

  20. Google’s Combining Distinct Privacy Policies • Recently, Google combined 60 distinct privacy policies into one single policy in 2012 • if you're signed in, Google treats you as a single user across all of the products • combines information you've provided from one service with information from the others • can use web search information to target an advertisement to you in YouTube, Google Maps, and Gmail

  21. How to reduce risks of Google’s Tracking • You may turn off the Web History • log in to your Google a/c • go to www.google.com/history and remove all • but this may not guarantee much • You may not sign into Gmail while using Google search, maps or YouTube • Or, you may create separate accounts for each Google service

  22. How to Turn Off the Search History

  23. Class Agenda • Web tracking • Social network privacy • Geo-tracking • Cross-reference with public records (e.g. census) • University policies for your privacy

  24. Online Social networks (OSN) • Becoming more and more popular • Facebook, Twitter, Google+, Linkedin, flickr, etc. • Facebook is the largest OSN (Ref. epic.org). • 500 million active users, with 150 million in the United States. • 3 billion photos are uploaded each month. • each day 100 million tags to photos.

  25. Mobile OSN (mOSN) • Currently, all major OSNs can be accessed via smart phones • Locationhas been (mostly) missing between the real world and OSNs • mOSN is providing the location link now • location is notorious for compromising privacy • aquarter of Facebook users are on a mobile device

  26. Privacy Concerns on Social Networks • Too much personal information being displayed by the users may compromise their identity • Location-based-service taking advantage of mobile devices causes more privacy concerns • Storage of personal data: most social networking sites require users to agree for storage. • Employment issues: employers are searching OSNs in order to screen potential candidates • Stalking, and many other privacy problems.

  27. How to Mitigate Privacy Leaks in OSNs • Understand the risks or possible damage • Do not post • unnecessary information or confidential messages or private photos • To protect against identity theft • do not make your birthday public • never expose your exact address, SSN, passport info • Avoid cross-linking • your social network with your professional network • Be watchful of your information leak • check what is leaking via a close family member or a friend

  28. Facebook’s Privacy Concerns • Facebook displays social ads to targeted customers • the business model has some similarity with Google ad’s • Claims retroactive rights to users’ personal information • even after a user has deleted her account. • Discloses “publicly available information” to search engines • i.e., to all Internet users even they are not Facebook users. • And many other concerns: e.g. face recognition, geo-tagging

  29. Facebook and Face Recognition • Facebook Becomes FaceBank? • by Janeth Lopez, 2012 (available on moglen.law.columbia.edu) • After you upload new photos • Facebook scans them with facial recognition software • matches the new photos to other photos you are already tagged in. • When a user manually tags the friends in a photo • the Facebook machine learns more • making facial recognition more accurate in future.

  30. Facebook’s Photo-Tag Suggestions • You can tag a photo to show who’s in the photo • You can post a status update and say who you are with. • After a photo upload, Facebook apparently by magic • finds faces in a photo as a square frame • and suggests the name of your friend • Facebook identifies your friends through your profile • using face recognition technology

  31. Privacy Concerns due to Face Recognition • We could take a photo of a stranger and pull up his/her full name and public information • We may cross-reference the information • with social dating sites to know the stranger's interests. • Stores and restaurants may identify customers and their "likes" in real time • in order to offer them personalized advertising • Law enforcement agents can use this face bank

  32. How to Reduce Photo Tagging Risks • You can untagphotos you are tagged in by friends. • simply go to the photo and click on your name • But no way to prevent friends from tagging you • You can prevent others from seeing the photos via your tagged name.  • from the Account menu, chose Privacy Settings, click "Customize settings.” • you have the option of choosing who can see photos via your tagged name. You can set it to "Only me”. • here, you also have the option of preventing specific Facebook friends seeing photos via your tagged name.

  33. Class Agenda • Web tracking • Social network privacy • Geo-tracking or Geo-tagging • Cross-reference with public records (e.g. census) • University policies for your privacy

  34. Geo-tagging • It is the process of adding geographical identification metadata to various media such as a photo (Wikipedia) • Many tools: Camera, smart phones, etc.

  35. Geo-tagging on OSNs • Facebook has a feature called “Places” which allows users to check-in at locations in real time • it is turned on by default • other users can “geo-tag” you • you may discover friends who are in the same place • friends can share interesting places • you may findout a spot from friends’ recommendations

  36. Risks of Geo-tagging • You may give a stalker or a potential thief your exact whereabouts • say you post a photo of your house, and leave a message on Twitter : “need to go to office now”. • Particularly when your cross-post check-ins to interesting spots on multiple OSNs. • Also, geo-tagging has the potential to establish patternsof your movements

  37. How to avoid risks of Geo-tagging • Be familiar with the risks involved. • Learn how to disable your smart phone's geo-tagging feature • Learn how to protect yourself on the geo-tagging websites • control the people who are able to see where you're located. • avoid automatic geo-tagging by default. Facebook Places is active until disabled.

  38. Class Agenda • Web tracking • Social network privacy • Geo-tracking • Cross-reference with public records (e.g. census) • University policies for your privacy

  39. Privacy issues in public records • Various public records and survey results: • Census, medical, genetic, financial data, location data, purchasing histories, etc. • are extremely valuable for social science research, epidemiology, strategic marketing, and so on • But if these databases can be matched up with one another • then we may be able to generate a detailed picture of a specific individual’s private life.

  40. Challenges and Solutions • In 2000, LatanyaSweeney analyzed data from the 1990 census and discovered • 87% of the U.S. population could be uniquely identified by just a Zip code, date of birth, and gender. • Professor Sweeney now says it should be quite easy to determine patient names • from the secondary health data sold by pharmacies and analytics companies • Privacy experts have proposed algorithms to • anonymize public records before release • measure the degree of privacy and guarantee it

  41. Class Agenda • Web tracking • Social network privacy • Geo-tracking • Cross-reference with public records (e.g. census) • University policies for your privacy

  42. K-State Information Technology Usage : Privacy Policy • Authorized access to data entails both privilege and responsibility • not only for the user, but also for the system administrator. • The university will treat information stored on computers as confidential • However, there is no expectation for documents and messages stored on University-owned equipment. • email and data stored on KSU's network of computers may be accessed by the university for a few special purposes

  43. Summary • We discussed common privacy issues. • We presented a few standard countermeasures to mitigate the risks • Remainder: • the next homework is due before the next class (1pm on March 7) • the next class will be held in Room 128

More Related