The proliferation of Internet of Things (IoT) devices for consumer "smart" homes raises concerns about user privacy. We present a survey method based on the Contextual Integrity (CI) privacy framework that can quickly and efficiently discover privacy norms at scale. We apply the method to discover privacy norms in the smart home context, surveying 1,731 American adults on Amazon Mechanical Turk. For $2,800 and in less than six hours, we measured the acceptability of 3,840 information flows representing a combinatorial space of smart home devices sending consumer information to first and third-party recipients under various conditions. Our results provide actionable recommendations for IoT device manufacturers, including design best practices and instructions for adopting our method for further research.CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy; Privacy protections;• Human-centered computing → Empirical studies in ubiquitous and mobile computing;In this paper, we present a general, scalable survey method for discovering consumer privacy norms based on the Contextual Integrity (CI) privacy framework [44] (Section 3). CI is a well-established theory that defines privacy norms as the generally accepted appropriateness of specific information exchanges, or "information flows," in specific contexts. Information flows and associated contexts can be described using five parameters: sender, recipient, subject, attribute, and transmission principle. This precise formulation makes it possible to thoroughly investigate the combinatorial space of contextual information flows and associated privacy norms with an automated, large-scale survey on a crowdsourcing platform. Our use of CI also ensures that the method is repeatable, both for the same types of devices over time, as well as for entirely new classes of devices.The method we develop is effective for discovering privacy norms in general. In this paper, we focus on applying the method to discover smart home privacy norms. We conducted a survey with a population of 1,731 adults from the United States on the Amazon Mechanical Turk (MTurk) platform. The survey cost $2,800 and allowed us to query the acceptability of 3,840 information flows involving smart home devices in less than six hours and identify associated privacy norms (Section 4). Our results provide insightful observations and actionable recommendations for IoT device manufacturers, regulators, and consumer advocates (Section 5).Device manufacturers can use our survey method to perform their own research on how consumers might view the use of data that their products collect. We designed the method to make it easy to customize with new information flows and contexts, allowing manufacturers to discover privacy norms relevant to specific products, including ones we have not studied in this paper. The results will indicate whether existing or proposed devices may violate established privacy norms, providing an opportunity to preempt negative user feedback, public relati...
The proliferation of smart home Internet of things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.
We show how third-party web trackers can deanonymize users of cryptocurrencies. We present two distinct but complementary attacks. On most shopping websites, third party trackers receive information about user purchases for purposes of advertising and analytics. We show that, if the user pays using a cryptocurrency, trackers typically possess enough information about the purchase to uniquely identify the transaction on the blockchain, link it to the user's cookie, and further to the user's real identity. Our second attack shows that if the tracker is able to link two purchases of the same user to the blockchain in this manner, it can identify the user's entire cluster of addresses and transactions on the blockchain, even if the user employs blockchain anonymity techniques such as CoinJoin. The attacks are passive and hence can be retroactively applied to past purchases. We discuss several mitigations, but none are perfect.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.