How Can and Would People Protect From Online Tracking?

Online tracking is complex and users find it challenging to protect themselves from it. While the academic community has extensively studied systems and users for tracking practices, the link between the data protection regulations, websites’ practices of presenting privacy-enhancing technologies (PETs), and how users learn about PETs and practice them is not clear. This paper takes a multidimensional approach to find such a link. We conduct a study to evaluate the 100 top EU websites, where we find that information about PETs is provided far beyond the cookie notice. We also find that opting-out from privacy settings is not as easy as opting-in and becomes even more difficult (if not impossible) when the user decides to opt-out of previously accepted privacy settings. In addition, we conduct an online survey with 614 participants across three countries (UK, France, Germany) to gain a broad understanding of users’ tracking protection practices. We find that users mostly learn about PETs for tracking protection via their own research or with the help of family and friends. We find a disparity between what websites offer as tracking protection and the ways individuals report to do so. Observing such a disparity sheds light on why current policies and practices are ineffective in supporting the use of PETs by users.

The cardboard box study: understanding collaborative data management in the connected home

The home is a site marked by the increasing collection and use of personal data, whether online or from connected devices. This trend is accompanied by new data protection regulation and the development of privacy enhancing technologies (PETs) that seek to enable individual control over the processing of personal data. However, a great deal of the data generated within the connected home is interpersonal in nature and cannot therefore be attributed to an individual. The cardboard box study adapts the technology probe approach to explore with potential end users the salience of a PET called the Databox and to understand the challenge of collaborative rather than individual data management in the home. The cardboard box study was designed as an ideation card game and conducted with 22 households distributed around the UK, providing us with 38 participants. Demographically, our participants were of varying ages and had a variety of occupational backgrounds and differing household situations. The study makes it perspicuous that privacy is not a ubiquitous concern within the home as a great deal of data is shared by default of people living together; that when privacy is occasioned it performs a distinct social function that is concerned with human security and the safety and integrity of people rather than devices and data; and that current ‘interdependent privacy’ solutions that seek to support collaborative data management are not well aligned with the ways access control is negotiated and managed within the home.

SpearSim: Design and Evaluation of Synthetic Task Environment for Studies on Spear Phishing Attacks

Despite significant advancements in security technologies, phishing attacks continue to be rampant and successful because distinguishing phishing emails from real messages remains difficult to most end-users, mainly the targeted kind known as spear-phishing. There is a severe lack of human factor studies on spear-phishing attacks due to lack of methods and datasets. We have designed a novel multi-player synthetic task environment, called SpearSim, for conducting laboratory experiments on spear-phishing attacks. Using SpearSim, we have conducted an experiment to understand how information exploitation in spear-phishing attacks influences end-user decision-making. This paper describes the SpearSim system’s design and discusses the results from the experiment conducted with SpearSim. The experiment results show that people are more vulnerable to spear-phishing attacks when attackers can explore and exploit different kinds of personal information available to them about their targets. We discuss the implications of this research for the design of anti-phishing training solutions and privacy enhancing technologies.

Speed Reading in the Dark: Accelerating Functional Encryption for Quadratic Functions with Reprogrammable Hardware

Functional encryption is a new paradigm for encryption where decryption does not give the entire plaintext but only some function of it. Functional encryption has great potential in privacy-enhancing technologies but suffers from excessive computational overheads. We introduce the first hardware accelerator that supports functional encryption for quadratic functions. Our accelerator is implemented on a reprogrammable system-on-chip following the hardware/software codesign methogology. We benchmark our implementation for two privacy-preserving machine learning applications: (1) classification of handwritten digits from the MNIST database and (2) classification of clothes images from the Fashion MNIST database. In both cases, classification is performed with encrypted images. We show that our implementation offers speedups of over 200 times compared to a published software implementation and permits applications which are unfeasible with software-only solutions.

Revolutionizing Medical Data Sharing Using Advanced Privacy-Enhancing Technologies: Technical, Legal, and Ethical Synthesis

Multisite medical data sharing is critical in modern clinical practice and medical research. The challenge is to conduct data sharing that preserves individual privacy and data utility. The shortcomings of traditional privacy-enhancing technologies mean that institutions rely upon bespoke data sharing contracts. The lengthy process and administration induced by these contracts increases the inefficiency of data sharing and may disincentivize important clinical treatment and medical research. This paper provides a synthesis between 2 novel advanced privacy-enhancing technologies—homomorphic encryption and secure multiparty computation (defined together as multiparty homomorphic encryption). These privacy-enhancing technologies provide a mathematical guarantee of privacy, with multiparty homomorphic encryption providing a performance advantage over separately using homomorphic encryption or secure multiparty computation. We argue multiparty homomorphic encryption fulfills legal requirements for medical data sharing under the European Union’s General Data Protection Regulation which has set a global benchmark for data protection. Specifically, the data processed and shared using multiparty homomorphic encryption can be considered anonymized data. We explain how multiparty homomorphic encryption can reduce the reliance upon customized contractual measures between institutions. The proposed approach can accelerate the pace of medical research while offering additional incentives for health care and research institutes to employ common data interoperability standards.

Looking Back to Move Forward: A Bibliometric Analysis of Consumer Privacy Research

Information privacy has attracted considerable attention in the information system research field. However, little effort has been made to review its latest developments from a marketing perspective. As research on consumer privacy advances rapidly, a comprehensive evaluation of the field is required. In this paper, two bibliographic databases retrieved from Web of Science were used to perform a series of bibliometric analyses consisting of co-citation analysis, co-occurring keyword analysis, and structural variation analysis. To facilitate these analyses, we use the software CiteSpace. Our results present the existing literature’s publication performance, thematic concentration, intellectual turning points and influential studies, and identify emerging trends in the literature. We found that a number of landmark studies has greatly affected the development of the consumer privacy research. Most importantly, this study proposes a research agenda for the field. Recent emerging topics focusing on privacy calculus, privacy ethic, privacy enhancing technologies, privacy-related coping strategies, and new contemporary privacy contexts should be further discussed in the future research.

Technologie wspierające prywatność – ideologia, prawo, wdrożenia

Technologie wspierające prywatność (Privacy Enhancing Technologies, PET) stwarzają zagrożenie ładu społecznego. Wskazuje na to analiza ich ideologiczno-politycznych fundamentów oraz uregulowań prawnych wprowadzających ograniczenia w zakresie ich używania, a także analiza ich faktycznych zastosowań w działalności cyberprzestępczej. Opracowanie ma charakter przeglądowy i praktyczny, dokonano w nim autorskiego stypologizowania technologii wspierających prywatność. Ocenie poddano wybrane instrumenty informatyczne, które są najpowszechniej używane oraz stanowią potencjalne i rzeczywiste zagrożenie. Są to: oprogramowania zapewniające anonimową komunikację (Tor, Freenet, Linux Tails, Whonix), ekosystemy kryptowalut umożliwiające anonimową wymianę handlową (Monero, Zcash, Dash) oraz aplikacja, która pozwala na szyfrowanie danych (VeraCrypt). Podsumowanie jest próbą wskazania modelowych atrybutów technologii wspierających prywatność na podstawie wcześniej przeprowadzonych analiz. Privacy Enhancing Technologies – ideology, law and implementations Privacy Enhancing Technologies (PET) create a threat to the social order which is shown in the analysis of their ideological as well as political foundations and legal regulations that introduce restrictions on their use. Study into their actual applications in cybercriminal activity proves it too. This paper is a review with practical purpose and includes an original typology of PET. The most commonly used IT instruments that create a potential and actual threat were selected and analysed: software ensuring anonymous communication (Tor, Freenet, Linux Tails, Whonix), cryptocurrency systems enabling anonymous trade (Monero, Zcash, Dash) and an application enabling data encryption (VeraCrypt). The summary includes an attempt to extract the model attributes of privacy-enhancing technologies on the basis of previous analyses.