a f ew topics on privacy
DESCRIPTION
A F ew Topics on Privacy. Sankar Roy. Acknowledgement. In preparing the presentation slides and the demo, I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman. What is private? What should be?. Your email and your phone calls - PowerPoint PPT PresentationTRANSCRIPT
1
A Few Topics on Privacy
Sankar Roy
2
Acknowledgement
In preparing the presentation slides and the demo, I received help from• Professor Simon Ou• Professor Gurdip Singh• Professor Eugene Vasserman
What is private? What should be?
• Your email and your phone calls• Your location throughout the day• Your detailed activity throughout the day• Patterns of your activity• Your web locations throughout the day– Surfing history
• Whether you’re on vacation– Is your house empty?
What are privacy leaks?
• Public vs. private exposure:– Your email and your phone calls are exposed– Your activity/actions/movement are tracked– Your patterns of activity are exposed– Your web activity/history is exposed– Your online purchases are exposed– Your medical records are exposed
Agenda• Web tracking
• Social network privacy
• Geo-tracking
• Cross-reference with public records (e.g. census)
• University policies for your privacy
6
Web Tracking
• Information about people’s web activities have business value
• Many companies are trying to – collect your web data – develop a profile of you (what you like or dislike)
• Broadly speaking, two types of tracking– monitoring your visits to several websites, online
shopping, etc.– monitoring your queries to search engines, keywords
used in your emails, etc.
Web Bug : A Tracking Tool• Web bugs – used to be images (also known as tracking pixels)– now can be HTML iFrame, style, script, input link– are loaded on a webpage when you browse it
• Typically, web pages are not self-contained– the main content comes from the relevant server (e.g. citi.com)– additional content (including web bugs) come from a 3rd party
server (tracker)• The tracker can get information such as– visitor’s IP address, time of visit, type of browser, previously set
cookies, etc.
More on Web Bugs
• A simplified tracking example– consider a tracking company that has ties with a
network of sites– all images (e.g. web bugs) are stored on one host
computer while the web pages are stored in different servers.
– so, web bugs tool can recognize users traveling around the different servers
– advantage: tracking becomes easy because statistics can be collected centrally
DoubleClick (Google) System• Doubleclick is an online ad management system – its clients are advertisers and publishers– tracks users via browser cookies as users travel from
website to website (and records which advertisements they view and select).
• Runs background analysis: can mine trends over– multiple web sites, types of visitors, periods of time,
etc.
The Business Model of DoubleClick
• Ad-serving: publishers display ad on their websites• Ad delivery: advertisers control the ad frequency, time• Behavioral targeting: based on the visitor’s past
activities, guesses the adverts he/she would like to see
Web-tracking by DoubleClick
• What information of the visitor is tracked?– visit time, ad placement id, advert id, user id, user IP
address, referral URL, etc. • Can track someone visiting multiple web sites – if these web sites participate in AdSense (Google)
• May give a label to a visitor – E.g. “sports lover”, “computer & electronics”, etc.
• Note: you may check and edit your label on your Google Ad Preferences manager page
How to Check your label in Google’s Ad Preferences – Part I
How to Check your label in Google’s ad preferences manager – Part II
Do Not Track Me Online Act of 2011
• Sets the standards for the use of an online opt-out function– allows a consumer to forbid the use of private
information• Regarded as an online version of the Do Not Call
law• States that a business entity should disclose the
status of personal information collection • The opposition group (against this law) also has
some valid points
Abine’s Tool: “Do Not Track Me”• This tool works as a browser (e.g. Firefox) plugin • Blocks the tracking capabilities – of advertisers, social networks, and data-collection
companies– can display the list of websites which are tracking you
now– opts you out of being tracked
• May still allow same number of adverts, – but can stop targeted advertising that uses your
personal information
16
Using “Do Not Track Me”: Example I
17
Using “Do Not Track Me”: Example II
18
Web History Tracking
• Search engines, such as Google keep on storing the keywords you search – as well as your browsing history– and associates this information against your
Google account id– Google uses this information for targeted
advertisement in future• If misused, this information can lead to our
privacy breach
19
A Google Web History Page
20
Google’s Combining Distinct Privacy Policies
• Recently, Google combined 60 distinct privacy policies into one single policy in 2012– if you're signed in, Google treats you as a single
user across all of the products– combines information you've provided from one
service with information from the others– can use web search information to target an
advertisement to you in YouTube, Google Maps, and Gmail
21
How to reduce risks of Google’s Tracking
• You may turn off the Web History– log in to your Google a/c – go to www.google.com/history and remove all– but this may not guarantee much
• You may not sign into Gmail while using Google search, maps or YouTube
• Or, you may create separate accounts for each Google service
22
How to Turn Off the Search History
Class Agenda• Web tracking
• Social network privacy
• Geo-tracking
• Cross-reference with public records (e.g. census)
• University policies for your privacy
24
Online Social networks (OSN)• Becoming more and more popular– Facebook, Twitter, Google+, Linkedin, flickr, etc.
• Facebook is the largest OSN (Ref. epic.org). – 500 million active users, with 150
million in the United States. – 3 billion photos are uploaded each
month. – each day 100 million tags to photos.
25
Mobile OSN (mOSN)• Currently, all major OSNs can be accessed via
smart phones• Location has been (mostly) missing between the
real world and OSNs – mOSN is providing the location link now– location is notorious for compromising privacy– a quarter of Facebook users are on a mobile device
26
Privacy Concerns on Social Networks
• Too much personal information being displayed by the users may compromise their identity
• Location-based-service taking advantage of mobile devices causes more privacy concerns
• Storage of personal data: most social networking sites require users to agree for storage.
• Employment issues: employers are searching OSNs in order to screen potential candidates
• Stalking, and many other privacy problems.
27
How to Mitigate Privacy Leaks in OSNs• Understand the risks or possible damage• Do not post – unnecessary information or confidential messages or private
photos • To protect against identity theft– do not make your birthday public– never expose your exact address, SSN, passport info
• Avoid cross-linking – your social network with your professional network
• Be watchful of your information leak – check what is leaking via a close family member or a friend
28
Facebook’s Privacy Concerns
• Facebook displays social ads to targeted customers– the business model has some similarity with Google ad’s
• Claims retroactive rights to users’ personal information – even after a user has deleted her account.
• Discloses “publicly available information” to search engines– i.e., to all Internet users even they are not Facebook users.
• And many other concerns: e.g. face recognition, geo-tagging
29
Facebook and Face Recognition• Facebook Becomes FaceBank?– by Janeth Lopez, 2012 (available on moglen.law.columbia.edu)
• After you upload new photos – Facebook scans them with facial recognition software – matches the new photos to other photos you are already
tagged in.
• When a user manually tags the friends in a photo – the Facebook machine learns more– making facial recognition more accurate in future.
30
Facebook’s Photo-Tag Suggestions• You can tag a photo to show who’s in the photo– You can post a status update and say who you are with.
• After a photo upload, Facebook apparently by magic– finds faces in a photo as a square frame– and suggests the name of your friend
• Facebook identifies your friends through your profile – using face recognition technology
31
Privacy Concerns due to Face Recognition• We could take a photo of a stranger and pull up his/her
full name and public information
• We may cross-reference the information – with social dating sites to know the stranger's interests.
• Stores and restaurants may identify customers and their "likes" in real time – in order to offer them personalized advertising
• Law enforcement agents can use this face bank
32
How to Reduce Photo Tagging Risks• You can untag photos you are tagged in by friends. – simply go to the photo and click on your name
• But no way to prevent friends from tagging you• You can prevent others from seeing the photos via your
tagged name. – from the Account menu, chose Privacy Settings, click
"Customize settings.”– you have the option of choosing who can see photos via your
tagged name. You can set it to "Only me”. – here, you also have the option of preventing specific
Facebook friends seeing photos via your tagged name.
Class Agenda• Web tracking
• Social network privacy
• Geo-tracking or Geo-tagging
• Cross-reference with public records (e.g. census)
• University policies for your privacy
34
Geo-tagging• It is the process of adding geographical identification
metadata to various media such as a photo (Wikipedia)
• Many tools: Camera, smart phones, etc.
35
Geo-tagging on OSNs• Facebook has a feature called “Places” which
allows users to check-in at locations in real time– it is turned on by default– other users can “geo-tag” you– you may discover friends who are in the same place– friends can share interesting places– you may find out a spot from friends’
recommendations
36
Risks of Geo-tagging• You may give a stalker or a potential thief your
exact whereabouts– say you post a photo of your house, and leave a
message on Twitter : “need to go to office now”.
• Particularly when your cross-post check-ins to interesting spots on multiple OSNs.
• Also, geo-tagging has the potential to establish patterns of your movements
37
How to avoid risks of Geo-tagging
• Be familiar with the risks involved. • Learn how to disable your smart phone's geo-
tagging feature• Learn how to protect yourself on the geo-
tagging websites– control the people who are able to see where
you're located. – avoid automatic geo-tagging by default. Facebook
Places is active until disabled.
Class Agenda• Web tracking
• Social network privacy
• Geo-tracking
• Cross-reference with public records (e.g. census)
• University policies for your privacy
39
Privacy issues in public records
• Various public records and survey results: – Census, medical, genetic, financial data, location data,
purchasing histories, etc.– are extremely valuable for social science research,
epidemiology, strategic marketing, and so on
• But if these databases can be matched up with one another – then we may be able to generate a detailed picture of
a specific individual’s private life.
40
Challenges and Solutions• In 2000, Latanya Sweeney analyzed data from the
1990 census and discovered– 87% of the U.S. population could be uniquely identified by
just a Zip code, date of birth, and gender. • Professor Sweeney now says it should be quite easy
to determine patient names – from the secondary health data sold by pharmacies and
analytics companies• Privacy experts have proposed algorithms to– anonymize public records before release– measure the degree of privacy and guarantee it
Class Agenda• Web tracking
• Social network privacy
• Geo-tracking
• Cross-reference with public records (e.g. census)
• University policies for your privacy
42
K-State Information Technology Usage : Privacy Policy
• Authorized access to data entails both privilege and responsibility– not only for the user, but also for the system administrator.
• The university will treat information stored on computers as confidential – However, there is no expectation for documents and
messages stored on University-owned equipment. – email and data stored on KSU's network of computers may
be accessed by the university for a few special purposes
43
Summary
• We discussed common privacy issues.• We presented a few standard countermeasures
to mitigate the risks• Remainder:– the next homework is due before the next class (1pm
on March 7) – the next class will be held in Room 128