Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data

Drakonakis, Kostas; Ilia, Panagiotis; Ioannidis, Sotiris; Polakis, Jason

doi:10.14722/ndss.2019.23151

Cited by 22 publications

(19 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indirect identifiers are information which, when combined, identify a user. The combination of zip code, date of birth, and gender is unique for 87% of the U.S. populace [8], while GPS data can reveal personal information, such as habits [9] and home addresses [10], from studying movement patterns. Specific to contact tracing, data about which users are regularly meeting could be used to create a social web of users.…”

Section: Dangers Of Privacy Lossmentioning

confidence: 99%

A Security and Privacy Scoring System for Contact Tracing Apps

Krehling

Essex

2021

JCP

View full text Add to dashboard Cite

Contact tracing applications have flooded the marketplace, as governments worldwide have been working to release apps for their citizens. These apps use a variety of protocols to perform contact tracing, resulting in widely differing security and privacy assurances. Governments and users have been left without a standard metric to weigh these protocols and compare their assurances to know which are more private and secure. Although there are many ways to approach a quantitative metric for privacy and security, one natural way is to draw on the methodology used by the well-known common vulnerability scoring system (CVSS). For privacy, we applied consensus principles for contract tracing as a basis for comparing their relative privacy practices. For security, we performed attack modeling to develop a rubric to compare the security of respective apps. Our analysis shows that centralized Bluetooth with added location functionality has low privacy and security, while non-streaming GPS scored high in security and medium in privacy. Based on our methodology, only two apps were given a high ranking of privacy: Canada’s Covid Alert and Germany’s Corona Warn-App. They both used the Google/Apple Notification Framework as the basis for their design. To achieve comparable privacy, we recommend that future projects follow their examples in the following ways: minimizing the amount of data they collect and holding it for the shortest possible length of time; only having features necessary for the app’s main function; and releasing design details so that users can make informed decisions.

show abstract

Section: Dangers Of Privacy Lossmentioning

confidence: 99%

A Security and Privacy Scoring System for Contact Tracing Apps

Krehling

Essex

2021

JCP

View full text Add to dashboard Cite

show abstract

“…Although such entities could be associated with particular countries, the task of identifying these associations would require significant manual effort. Furthermore, we use public wordlists of religious and medical terms [17] and create a new wordlist containing political terms, to detect extensions with descriptions that reveal these types of sensitive information.…”

Section: Extension-based Inference Attacksmentioning

confidence: 99%

“…Since Google's API cannot classify all the detectable extensions, as some of them have a very short description text, we opt for another approach that could identify extensions that reveal sensitive information. Thus, we use publicly available wordlists [17] of religious and medical terms, and search for those terms in the extensions' description text. For this task we first discard certain terms in the wordlists' terms that are generic or have multiple meanings (i.e., the terms virus and infection have a different meaning in the context of the Web), as they could lead to many false positives.…”

Section: Sensitive Information Inferencementioning

confidence: 99%

“…Motivated by the seminal work of Krishnamurthy and Wills on privacy diffusion on the web [31] and leakage in request towards third parties [32], Starov and Nikiforakis built a dynamic analysis framework that detected the leakage of information (e.g., browsing history and search queries) from Chrome extensions to third parties [51]. Recent studies also demonstrated in different contexts how publicly available data could enable the inference of sensitive data [17] or lead to the de-anonymization of users [54].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting

Karami¹,

Ilia²,

Σολωμός³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

With users becoming increasingly privacy-aware and browser vendors incorporating anti-tracking mechanisms, browser fingerprinting has garnered significant attention. Accordingly, prior work has proposed techniques for identifying browser extensions and using them as part of a device's fingerprint. While previous studies have demonstrated how extensions can be detected through their web accessible resources, there exists a significant gap regarding techniques that indirectly detect extensions through behavioral artifacts. In fact, no prior study has demonstrated that this can be done in an automated fashion. In this paper, we bridge this gap by presenting the first fully automated creation and detection of behavior-based extension fingerprints. We also introduce two novel fingerprinting techniques that monitor extensions' communication patterns, namely outgoing HTTP requests and intra-browser message exchanges. These techniques comprise the core of Carnus, a modular system for the static and dynamic analysis of extensions, which we use to create the largest set of extension fingerprints to date. We leverage our dataset of 29,428 detectable extensions to conduct a comprehensive investigation of extension fingerprinting in realistic settings and demonstrate the practicality of our attack. Our in-depth analysis confirms the robustness of our techniques, as 83.6%-87.92% of our behavior-based fingerprints remain effective against a state-of-the-art countermeasure.

show abstract

“…There is much research about the possible threats of information sharing, e.g. location data used for location-based advertising (Crossler and Bélanger 2019) or even to identify a user's home address (Drakonakis et al 2019) or revealing shopping behavior helping marketing companies to identify someone as pregnant before even family members know (Hill 2012). A DA could show such examples to the user, e.g.…”

Section: Privacy Information Provisioningmentioning

confidence: 99%

User preferences for privacy features in digital assistants

et al. 2020

View full text Add to dashboard Cite

Digital assistants (DA) perform routine tasks for users by interacting with the Internet of Things (IoT) devices and digital services. To do so, such assistants rely heavily on personal data, e.g. to provide personalized responses. This leads to privacy concerns for users and makes privacy features an important component of digital assistants.This study examines user preferences for three attributes of the design of privacy features in digital assistants, namely (1) the amount of information on personal data that is shown to the user, (2) explainability of the DA’s decision, and (3) the degree of gamification of the user interface (UI). In addition, it estimates users’ willingness to pay (WTP) for different versions of privacy features.The results for the full sample show that users prefer to understand the rationale behind the DA’s decisions based on the personal information involved, while being given information about the potential impacts of disclosing specific data. Further, the results indicate that users prefer to interact with the DA’s privacy features in a serious game. For this product, users are willing to pay €21.39 per month. In general, a playful design of privacy features is strongly preferred, as users are willing to pay 23.8% more compared to an option without any gamified elements. A detailed analysis identifies two customer clusters “Best Agers” and “DA Advocates”, which differ mainly in their average age and willingness to pay. Further, “DA Advocates” are mainly male and more privacy sensitive, whereas “Best Agers” show a higher affinity for a playful design of privacy features.

show abstract

Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data

Cited by 22 publications

References 38 publications

A Security and Privacy Scoring System for Contact Tracing Apps

A Security and Privacy Scoring System for Contact Tracing Apps

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting

User preferences for privacy features in digital assistants

Contact Info

Product

Resources

About