2020 vision for web privacy
play

2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor - PowerPoint PPT Presentation

Mar 23, 2023 •537 likes •1.12k views

2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor Department of Computer Science Loyola University Chicago SNTA20 Keynote What does Privacy mean to you? What does Privacy mean to you? Personal What you buy What you

  1. 2020 Vision For Web Privacy Eric Chan-Tin Assistant Professor Department of Computer Science Loyola University Chicago SNTA’20 Keynote

  2. What does Privacy mean to you?

  3. What does Privacy mean to you? ● Personal – What you buy – What you do – Where you work/live – Name, social security number, phone number, DoB – Who you talk to

  4. What does Privacy mean to you? ● Web ● Personal – What you buy – What you buy – What you do – What you do – Where you work/live – Where you are – Name, social security – Computer and browser number, phone number, information DoB – Who you communicate with – Who you talk to

  5. Privacy in Hindsight ● Webcam/Babycam hack stories ● Target predicting girl was pregnant (2012) ● OPM, Equifax, Target, Marriott, etc. ● Advertisement

  7. Personally Identifiable Information (PII) ● Name ● Address ● Zip code ● Gender ● Race ● Date of birth ● Web cookie

  8. What is Privacy? ● Not necessarily just your name ● Can infer type of person you are based on what you do

  14. What is Privacy? ● Not necessarily just your name ● Can infer type of person you are based on what you do ● Can link what you do – E.g. works at a university and likes sports

  16. Web Privacy ADVERTISEMENT Pictures from ACLU.org and thejournal.com

  17. Why? ● Over $100 billion in 2018 [CNBC] ● Censorship ● Collect data for use in the future

  18. So what? Is that a bad thing? ● I got nothing to hide ● I trust the government ● It’s “just” advertisements

  19. So what? Is that a bad thing? ● I have got nothing to hide ● I trust the government ● It’s “just” advertisements

  20. How to? ● IP address ● Web cookie

  21. How to? ● IP address ● DHCP or change location ● Web cookie ● Delete cookies

  22. How to? ● DHCP or change ● IP address location ● Web cookie ● Delete cookies ● Evercookie – Restores cookie using flash storage, local storage, session storage, etc.

  24. Changing this information (e.g. useragent) could make you more unique

  26. K. Mowery and H. Shacham. Pixel Perfect: Fingerprinting Canvas in HTML5. IEEE W2SP 2012.

  27. Tracking using Latency ● Javascript code on attacker.com (maybe served as an ad to victim.com) ● Timing attack to see if user visited example.org and is logged into example.org – In cache or not T. Van Goethem, W. Joosen, and N. Nikiforakis. The Clock is Still Ticking: Timing Attacks in the Modern Web. ACM CCS 2015

  28. Others ● List of webbrowser extensions makes you unique (Xhound) ● Accessibility features ● Mobile tracking ● Cross-device tracking ● ...

  29. What can you do? ● Do Not Track ● Install tracking-blocker tools ● Use a private browser

  30. A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy. FP-scanner: the privacy implications of browser fingerprint inconsistencies. USENIX Security 2018.

  31. “Legitimate” Uses ● Banks to detect fraudulent logins ● Games to detect cheaters

  32. How Prevalent? ● Long tail ● Becoming more common in most popular websites ● Some sites use different tracking tools

  33. Browser Fingerprinting ● Here to stay ● You SHOULD be concerned about your privacy ● What if the tracking dataset gets leaked?

  34. Network Traffic Analysis ● Assume that all communications are encrypted ● Assume that the eavesdropper is not the server nor the client ● What do you see?

  35. Metadata ● Number of messages ● Size of each message ● Direction of the message

  42. J. Yu and E. Chan-Tin. Identifying Webbrowsers in Encrypted Communications. ACM WPES 2014.

  44. Website Fingerprinting

  47. Closed World ● 90+% accuracy ● Predicting the correct website out of possible 1,000 websites

  48. Open World ● 90+% accuracy ● High TPR, low FPR ● ~100 “monitored, sensitive” websites – E.g. facebook, wikipedia, attacker.com, etc ● ~1 million unmonitored websites ● Predicting whether network traffic is part of the monitored list or not – Binary classification

  49. Future Privacy Impacts ● Track any citizen ● Predict who you are – Eliminate password authentication

  50. New Privacy laws ● GDPR (May 2018) ● California Consumer Privacy Act (Jan. 2020)

  51. Societal/Human Impacts ● Find and track bad ● Domestic partner actors surveillance ● Fraud prevention ● Political/Religious/ Ethnic/Personal surveillance

  52. Picture from CNN.com

  53. Arms Race ● Prevention vs Detection ● Tradeoff between privacy and “security”/“safety”

  54. Are you sure you have nothing to hide?

  55. Are you sure you have nothing to hide? ● Make your choice of tech ● Regulations ● Be careful what you “wish for”

  56. Collaborators ● Yanmin Gong ● Anthony Sierra ● Jinoh Kim ● Christian Fields ● Shelia Kennison ● Julianna Chen ● Jiangmin Yu ● Spencer Johnston ● Tao Chen ● John Mikos ● Weiqi Cui ● Daisy Reyes

  57. Acknowledgments ● This material is based upon work supported by the NSF under Grant No. IIS-1659645 and DGE- 1919004 ● Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation

  58. Thank You! chantin@cs.luc.edu Post on the Slack channel

Recommend

PRI ME Privacy and I dentity Management for Europe Vision Objectives First Results

PRI ME Privacy and I dentity Management for Europe Vision Objectives First Results

PRI ME Privacy and I dentity Management for Europe Vision Objectives First Results www.prime-project.eu.org PRI ME Vision I n the I nformation Society, users can act and interact in a safe and secure way while retaining

409 views • 12 slides
Privacy and Security Ryan Dunn, PSO Vision and Mission Vision Propel inspiration. Secure the

Privacy and Security Ryan Dunn, PSO Vision and Mission Vision Propel inspiration. Secure the

Privacy and Security Ryan Dunn, PSO Vision and Mission Vision Propel inspiration. Secure the business. Protect the consumer. Business Objectives Risk and Opportunity Management Mission Policy and Standards Technical The mission of the

666 views • 8 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Connected and Autonomous Vehicles June 25, 2020 Future of Privacy Forum Our Mission Bridging the

Connected and Autonomous Vehicles June 25, 2020 Future of Privacy Forum Our Mission Bridging the

Digital Data Flows Masterclass # 7 : Connected and Autonomous Vehicles June 25, 2020 Future of Privacy Forum Our Mission Bridging the policymaker-industry-academic gap in privacy policy Developing privacy protections, ethical norms, &

1.07k views • 106 slides
USEMP vision for privacy-aware digital marketing & advertising, a proposal for a

USEMP vision for privacy-aware digital marketing & advertising, a proposal for a

USEMP vision for privacy-aware digital marketing & advertising, a proposal for a useragent-centric model Authors: T.Michalareas (VELTI) & USEMP consortium partners (see ref.1 ) Abstract In this position paper we present

792 views • 5 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto &

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto &

The Norwegian Blue A lesson in Privacy Engineering Eivind Arvesen, Aug. 7th 2020 Crypto & Privacy Village: Glitched (at DEF CON 28: SAFE MODE) $ whoami Eivind Arvesen Consultant @ Bouvet (Oslo, Norway) Privacy and security Senior

1.18k views • 63 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Protection of Privacy at Toronto Public Library December 10, 2018 Toronto Public Library Board

Protection of Privacy at Toronto Public Library December 10, 2018 Toronto Public Library Board

Protection of Privacy at Toronto Public Library December 10, 2018 Toronto Public Library Board Context 2 Why is Privacy Important? Privacy is a core element of our Vision, Mission, and Values Complex, dynamic online environment

156 views • 13 slides
EPIC 2015 EPIC 2015 20/20 Vision Or a vision of 2020 Genetics 2020 Genetics 2020

EPIC 2015 EPIC 2015 20/20 Vision Or a vision of 2020 Genetics 2020 Genetics 2020

EPIC 2015 EPIC 2015 20/20 Vision Or a vision of 2020 Genetics 2020 Genetics 2020 Eggs Meat 550 eggs to 100 weeks 19 days to 2kg FCR approaching FCR 1:1 sub 1:1 Genetics 2020 Bird Flu Massive Worldwide impact ! Bird Flu- UK

492 views • 13 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
FINANCIAL OVERVIEW AND THE COUNCILS STRATEGIC VISION STRATEGIC VISION In January 2020,

FINANCIAL OVERVIEW AND THE COUNCILS STRATEGIC VISION STRATEGIC VISION In January 2020,

FINANCIAL OVERVIEW AND THE COUNCILS STRATEGIC VISION STRATEGIC VISION In January 2020, Sleaford Town Council adopted a strategic vision together with priorities that focused on 5 main areas: - Our Economy Our Buildings Our

317 views • 7 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

CS 642: Computer Security and Privacy Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Franzi Roesner,

839 views • 32 slides

More recommend