发布求助
文献互助 智能选刊 最新文献

Proceedings of the 21st Workshop on Privacy in the Electronic Society最新文献

筛选
英文 中文
Data Protection Law and Multi-Party Computation: Applications to Information Exchange between Law Enforcement Agencies 数据保护法与多方计算:在执法机构间信息交换中的应用
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563192
Amos Treiber, Dirk Müllmann, T. Schneider, Indra Spiecker
{"title":"Data Protection Law and Multi-Party Computation: Applications to Information Exchange between Law Enforcement Agencies","authors":"Amos Treiber, Dirk Müllmann, T. Schneider, Indra Spiecker","doi":"10.1145/3559613.3563192","DOIUrl":"https://doi.org/10.1145/3559613.3563192","url":null,"abstract":"Pushes for increased power of Law Enforcement (LE) for data retention and centralized storage result in legal challenges with data protection law and courts-and possible violations of the right to privacy. This is motivated by a desire for better cooperation and exchange between LE Agencies (LEAs), which is difficult due to data protection regulations, was identified as a main factor of major public security failures, and is a frequent criticism of LE. Secure Multi-Party Computation (MPC) is often seen as a technological means to solve privacy conflicts where actors want to exchange and analyze data that needs to be protected due to data protection laws. In this interdisciplinary work, we investigate the problem of private information exchange between LEAs from both a legal and technical angle. We give a legal analysis of secret-sharing based MPC techniques in general and, as a particular application scenario, consider the case of matching LE databases for lawful information exchange between LEAs. We propose a system for lawful information exchange between LEAs using MPC and private set intersection and show its feasibility by giving a legal analysis for data protection and a technical analysis for workload complexity. Towards practicality, we present insights from qualitative feedback gathered within exchanges with a major European LEA.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127865624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
PRSONA
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563197
Stan Gurtler, I. Goldberg
{"title":"PRSONA","authors":"Stan Gurtler, I. Goldberg","doi":"10.1145/3559613.3563197","DOIUrl":"https://doi.org/10.1145/3559613.3563197","url":null,"abstract":"As an increasing amount of social activity moves online, online communities have become important outlets for their members to interact and communicate with one another. At times, these communities may identify opportunities where providing their members specific privacy guarantees would promote new opportunities for healthy social interaction and assure members that their participation can be conducted safely. On the other hand, communities also face the threat of bad actors, who may wish to disrupt their activities or bring harm to members. Reputation can help mitigate the threat of such bad actors, and there has been a wide body of work on privacy-preserving reputation systems. However, previous work has overlooked the needs of small, tight-knit communities, failing to provide important privacy guarantees or address shortcomings with common implementations of reputation. This work features a novel design for a privacy-preserving reputation system which provides these privacy guarantees and implements a more appropriate reputation function for this setting. Further, this work implements and benchmarks said system to determine its viability in real-world deployment. This novel construction addresses shortcomings with previous approaches and provides new opportunity to its target audience.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115213564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy and Security Evaluation of Mobile Payment Applications Through User-Generated Reviews 基于用户评论的移动支付应用隐私与安全评估
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563196
Urvashi Kishnani, Naheem Noah, Sanchari Das, Rinku Dewri
{"title":"Privacy and Security Evaluation of Mobile Payment Applications Through User-Generated Reviews","authors":"Urvashi Kishnani, Naheem Noah, Sanchari Das, Rinku Dewri","doi":"10.1145/3559613.3563196","DOIUrl":"https://doi.org/10.1145/3559613.3563196","url":null,"abstract":"Mobile payment applications are crucial to ensure seamless day-to-day digital transactions. However, users' perceived privacy- and security-related concerns are continually rising. Users express such thoughts, complaints, and suggestions through app reviews. To this aim, we collected 1,886,352 reviews from the top 50 mobile payment applications. Furthermore, we conducted a mixed-methods in-depth evaluation of the privacy- and security-related reviews resulting in a total of 163,210 reviews. Finally, we implemented sentiment analysis and did a mixed-methods analysis of the resulting 52,749 negative reviews. Such large-scale evaluation through user reviews informs developers about the user perception of digital threats and app behaviors. Our analysis highlights that users share concerns about sharing sensitive information with the application, confidentiality of their data, and permissions requested by the apps. Users have shown significant concerns regarding the usability of these applications (48.47%), getting locked out of their accounts (38.73%), and being unable to perform successful digital transactions (31.52%). We conclude by providing actionable recommendations to address such user concerns to aid the development of secure and privacy-preserving mobile payment applications.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123812716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Darwin's Theory of Censorship: Analysing the Evolution of Censored Topics with Dynamic Topic Models 达尔文的审查理论:用动态话题模型分析审查话题的演变
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563206
Asim Waheed, Sara Qunaibi, Diogo Barradas, Zachary Weinberg
{"title":"Darwin's Theory of Censorship: Analysing the Evolution of Censored Topics with Dynamic Topic Models","authors":"Asim Waheed, Sara Qunaibi, Diogo Barradas, Zachary Weinberg","doi":"10.1145/3559613.3563206","DOIUrl":"https://doi.org/10.1145/3559613.3563206","url":null,"abstract":"We present a statistical analysis of changes in the Internet censorship policy of the government of India from 2016 to 2020. Using longitudinal observations of censorship collected by the ICLab censorship measurement project, together with historical records of web page contents collected by the Internet Archive, we find that machine classification techniques can detect censors' reactions to events without prior knowledge of what those events are. However, gaps in ICLab's observations can cause the classifier to fail to detect censored topics, and gaps in the Internet Archive's records can cause it to misidentify them.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115081704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Casing the Vault: Security Analysis of Vault Applications 保护保险库:保险库应用程序的安全性分析
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563204
Margie Ruffin, Israel Lopez-Toldeo, Kirill Levchenko, Gang Wang
{"title":"Casing the Vault: Security Analysis of Vault Applications","authors":"Margie Ruffin, Israel Lopez-Toldeo, Kirill Levchenko, Gang Wang","doi":"10.1145/3559613.3563204","DOIUrl":"https://doi.org/10.1145/3559613.3563204","url":null,"abstract":"Vault applications are a class of mobile apps used to store and hide users' sensitive files (e.g., photos, documents, and even another app) on the phone. In this paper, we perform an empirical analysis of popular vault apps under the scenarios of unjust search and filtration of civilians by authorities (e.g., during civil unrest). By limiting the technical capability of adversaries, we explore the feasibility of inferring the presence of vault apps and uncovering the hidden files without employing sophisticated forensics analysis. Our analysis of 20 popular vault apps shows that most of them do not adequately implement/configure their disguises, which can reveal their existence without technical analysis. In addition, adversaries with rudimentary-level knowledge of the Android system can already uncover the files stored in most of the vault apps. Our results indicate the need for more secure designs for vault apps.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129671716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Is Your Policy Compliant?: A Deep Learning-based Empirical Study of Privacy Policies' Compliance with GDPR 你的保单是否符合规定?:基于深度学习的隐私政策遵从GDPR的实证研究
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563195
Tamjid Al Rahat, Minjun Long, Yuan Tian
{"title":"Is Your Policy Compliant?: A Deep Learning-based Empirical Study of Privacy Policies' Compliance with GDPR","authors":"Tamjid Al Rahat, Minjun Long, Yuan Tian","doi":"10.1145/3559613.3563195","DOIUrl":"https://doi.org/10.1145/3559613.3563195","url":null,"abstract":"Since the General Data Protection Regulation (GDPR) came into force in May 2018, companies have worked on their data practices to comply with the requirements of GDPR. In particular, since the privacy policy is the essential communication channel for users to understand and control their privacy when using companies' services, many companies updated their privacy policies after GDPR was enforced. However, most privacy policies are verbose, full of jargon, and vaguely describe companies' data practices and users' rights. In addition, our study shows that more than 32% of end users find it difficult to understand the privacy policies explaining GDPR requirements. Therefore, it is challenging for the end users and law enforcement authorities to manually check if companies' privacy policies comply with the requirements enforced by GDPR. In this paper, we create a privacy policy dataset of 1,080 websites annotated by experts with 18 GDPR requirements and develop a Convolutional Neural Network (CNN) based model that can classify the privacy policies into GDPR requirements with an accuracy of 89.2%. We apply our model to automatically measure GDPR compliance in the privacy policies of 9,761 most visited websites. Our results show that, even after four years since GDPR went into effect, 68% of websites still fail to comply with at least one requirement of GDPR.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130973395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
All Eyes On Me: Inside Third Party Trackers' Exfiltration of PHI from Healthcare Providers' Online Systems 所有的目光都盯着我:第三方追踪器从医疗保健提供商的在线系统中窃取PHI的内幕
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563190
Mingjia Huo, M. Bland, Kirill Levchenko
{"title":"All Eyes On Me: Inside Third Party Trackers' Exfiltration of PHI from Healthcare Providers' Online Systems","authors":"Mingjia Huo, M. Bland, Kirill Levchenko","doi":"10.1145/3559613.3563190","DOIUrl":"https://doi.org/10.1145/3559613.3563190","url":null,"abstract":"In the United States, sensitive health information is protected under the Health Insurance Portability and Accountability Act (HIPAA). This act limits the disclosure of Protected Health Information (PHI) without the patient's consent or knowledge. However, as medical care becomes web-integrated, many providers have chosen to use third-party web trackers for measurement and marketing purposes. This presents a security concern: third-party JavaScript requested by an online healthcare system can read the website's contents, and ensuring PHI is not unintentionally or maliciously leaked becomes difficult. In this paper, we investigate health information breaches in online medical records, focusing on 459 online patient portals and 4 telehealth websites. We find 14% of patient portals include Google Analytics, which reveals (at a minimum) the fact that the user visited the health provider website, while 5 portals and 4 telehealth websites contained JavaScript-based services disclosing PHI, including medications and lab results, to third parties. The most significant PHI breaches were on behalf of Google and Facebook trackers. In the latter case, an estimated 4.5 million site visitors per month were potentially exposed to leaks of personal information (names, phone numbers) and medical information (test results, medications). We notified healthcare providers of the PHI breaches and found only 15.7% took action to correct leaks. Healthcare operators lacked the technical expertise to identify PHI breaches caused by third-party trackers. After notifying Epic, a healthcare portal vendor, of the PHI leaks, we received a prompt response and observed extensive mitigation across providers, suggesting vendor notification is an effective intervention against PHI disclosures.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124466202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Fingerprinting and Personal Information Leakage from Touchscreen Interactions 触屏交互中的指纹识别和个人信息泄露
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563193
Martin Georgiev, Simon Eberz, I. Martinovic
{"title":"Fingerprinting and Personal Information Leakage from Touchscreen Interactions","authors":"Martin Georgiev, Simon Eberz, I. Martinovic","doi":"10.1145/3559613.3563193","DOIUrl":"https://doi.org/10.1145/3559613.3563193","url":null,"abstract":"The study aims to understand and quantify the privacy threat landscape of touch-based biometrics. Touch interactions from mobile devices are ubiquitous and do not require additional permissions to collect. Two privacy threats were examined - user tracking and personal information leakage. First, we designed a practical fingerprinting simulation experiment and executed it on a large publicly available touch interactions dataset. We found that touch-based strokes can be used to fingerprint users with high accuracy and performance can be further increased by adding only a single extra feature. The system can distinguish between new and returning users with up to 75% accuracy and match a new session to the user it originated from with up to 74% accuracy. In the second part of the study, we investigated the possibility of predicting personal information attributes through the use of touch interaction behavior. The attributes we investigated were age, gender, dominant hand, country of origin, height, and weight. We found that our model can predict the age group and gender of users with up to 66% and 62% accuracy respectively. Finally, we discuss countermeasures, limitations and provide suggestions for future work in the field.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122735677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Fisher Information as a Utility Metric for Frequency Estimation under Local Differential Privacy 局部差分隐私下频率估计的Fisher信息效用度量
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563194
Milan Lopuhaä-Zwakenberg, B. Škorić, Ninghui Li
{"title":"Fisher Information as a Utility Metric for Frequency Estimation under Local Differential Privacy","authors":"Milan Lopuhaä-Zwakenberg, B. Škorić, Ninghui Li","doi":"10.1145/3559613.3563194","DOIUrl":"https://doi.org/10.1145/3559613.3563194","url":null,"abstract":"Local Differential Privacy (LDP) is the de facto standard technique to ensure privacy for users whose data is collected by a data aggregator they do not necessarily trust. This necessarily involves a tradeoff between user privacy and aggregator utility, and an important question is to optimize utility (under a given metric) for a given privacy level. Unfortunately, existing utility metrics are either hard to optimize for, or they only indirectly relate to an aggregator's goal, leading to theoretically optimal protocols that are unsuitable in practice. In this paper, we introduce a new utility metric for when the aggregator tries to estimate the true data's distribution in a finite set. The new metric is based on Fisher information, which expresses the aggregators information gain through the protocol. We show that this metric relates to other utility metrics such as estimator accuracy and mutual information and to the LDP parameter varepsilon. Furthermore, we show that under this metric, we can approximate the optimal protocols as varepsilon rightarrow 0 and varepsilon rightarrow infty, and we show how the optimal protocol can be found for a fixed varepsilon, although the latter is computationally infeasible for large input spaces.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"238 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130627093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tracking the Evolution of Cookie-based Tracking on Facebook 追踪Facebook上基于cookie的追踪的演变
Proceedings of the 21st Workshop on Privacy in the Electronic Society Pub Date : 2022-11-07 DOI: 10.1145/3559613.3563200
Yana Dimova, Gertjan Franken, V. Pochat, W. Joosen, Lieven Desmet
{"title":"Tracking the Evolution of Cookie-based Tracking on Facebook","authors":"Yana Dimova, Gertjan Franken, V. Pochat, W. Joosen, Lieven Desmet","doi":"10.1145/3559613.3563200","DOIUrl":"https://doi.org/10.1145/3559613.3563200","url":null,"abstract":"We analyze in depth and longitudinally how Facebook's cookie-based tracking behavior and its communication about tracking have evolved from 2015 to 2022. More stringent (enforcement of) regulation appears to have been effective at causing a reduction in identifier cookies for non-users and a more prominent cookie banner. However, several technical measures to reduce Facebook's tracking potential are not implemented, communication through the cookie banner and cookie policies remains incomplete and may be deceptive, and opt-out mechanisms seem to have no effect.","PeriodicalId":416548,"journal":{"name":"Proceedings of the 21st Workshop on Privacy in the Electronic Society","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121428722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信