a curious case of consent button
play

A Curious Case of Consent Button [... neither do I want to accept, - PowerPoint PPT Presentation

Apr 14, 2023 •490 likes •656 views

A Curious Case of Consent Button [... neither do I want to accept, nor decline ...] Nurul Momen & Lothar Fritsch Karlstad University 19 July, 2019. HotPETs, KTH, Stockholm 1 / 15 I want to find an app to wash my hands ... Image

  1. A Curious Case of “Consent Button” [... neither do I want to accept, nor decline ...] Nurul Momen & Lothar Fritsch Karlstad University 19 July, 2019. HotPETs, KTH, Stockholm 1 / 15

  2. I want to find an app to wash my hands ... Image source: running faucet by Steve Johnson (CC-BY-2.0) 2 / 15

  3. What happens next? ◮ Personal data access: a lot more than a user can observe. ◮ Partial identities can be extracted from privilege usage data. Paper I. How much Privilege does an App Need? Investigating Resource Usage of Android Apps ; N Momen, T Pulls, L Fritsch, and S Lindskog; In Proceedings of the Fifteenth International Conference on Privacy, Security and Trust (PST), Calgary, Canada, August 28-30 , IEEE, 2017. Paper II. Derived Partial Identities Generated from App Permissions ; L Fritsch, and N Momen; In Proceedings of the Open Identity Summit 2017; Lecture Notes in Informatics (LNI) 277, ISSN 1617-5468, ISBN 978-3-88579-671-8, October 05–06, 2017; Karlstad, Sweden. , Gesellschaft f¨ ur Informatik e.V., 2017. 3 / 15

  4. Good and bad behavior of apps 1. Requirement types (price): what does it ask for & how much of the privilege is being used? 2. Legal requirements: does it comply with the regulations? 3. Crowd-sourced user feedback: what do other users think? 4 / 15

  5. Let’s judge an apps’ behavior ... ix. Fitbit: 20 (9/3/3/T) [Threat count, T=5] SMS CALENDAR SENSORS CALL_LOG Legend Permission-groups requested in Manifest. Clarification missing in privacy policy. Permission access whithout user interaction during runtime. STORAGE CAMERA PHONE CONTACTS MICROPHONE LOCATION Paper III: A Multilateral Privacy Impact Analysis Method for Android Apps ; M Hatamian, N Momen, L Fritsch, K Rannenberg; In Proceedings of Annual Privacy Forum 2019 , Rome, Italy, page 87-106. 5 / 15

  6. Let’s compare with other apps ... i. Lifesum: 13 (5/3/4/T) [Threat count, T=1] ii. Endomondo: 9 (5/0/2/T) [Threat count, T=2] iii. 30dayFitnessChal.: 6 (2/2/0/T) [Threat count, T=2] iv. Runkeeper: 19 (6/4/3/T) [Threat count, T=6] SMS CALENDAR SMS CALENDAR SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION v. Pedometer: 13 (6/3/2/T) [Threat count, T=2] vi. MyFitnessPal: 9 (6/2/0/T) [Threat count, T=1] vii. Runtastic: 15 (6/1/4/T) [Threat count, T=4] viii. 7minsWorkout: 6 (2/2/0/T) [Threat count, T=2] SMS CALENDAR SMS CALENDAR SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION ix. Fitbit: 20 (9/3/3/T) [Threat count, T=5] x. GoogleFit: 10 (5/0/3/T) [Threat count, T=2] SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG Legend Permission-groups requested in Manifest. Clarification missing in privacy policy. STORAGE CAMERA STORAGE CAMERA Permission access whithout user interaction during runtime. PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION Paper III: A Multilateral Privacy Impact Analysis Method for Android Apps ; M Hatamian, N Momen, L Fritsch, K Rannenberg; In Proceedings of Annual Privacy Forum 2019 , Rome, Italy, page 87-106. 6 / 15

  7. But, apps change requirements! Pre-GDPR collection GDPR Quarantine period Quarantine period Post-GDPR collection May 25, 2018 Mar 2017 Dec 2018 Feb 2019 Nov 2017 t Permission use Permission use Permission manifest Permission manifest User concerns User concerns Data collection Overview of data collection periods. Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. 7 / 15

  8. 8 / 15 Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. A B C D E F G H I J iHeartRadio (1) + - JangoRadio (2) - PlayMusic (3) - - - Deezer (4) Music apps BBCiPlayer (5) SongFlip (6) Tidal (7) - - - + Shazam (8) - - + - SoundCloud (9) - - Spotify (10) - - Weather&Radar (11) - - Yr (12) PalmaryWeather (13) - - - YahooWeather (14) - - - - - Weather apps Weather&Clock (15) - WeatherBug (16) - GoWeather (17) - WeatherApp (18) - - - Accuweather (19) - + - weather.com (20) - - - GoogleFit (21) - - MyFitnessPal (22) + 7 minWorkout (23) Fitbit (24) - - Fitness apps 30dayFitness (25) Endomodo (26) - + < Reduced Lifesum (27) + Not used Runtastic (28) Added - In use Pedometer (29) - Runkeeper (30) + + Change of privilege-requirements TikTok (31) + - + - Tumblr (32) Linkedin (33) - Foursquare (34) Social apps Pinterest (35) + - - Slack (36) Snapchat (37) - Twitter (38) Instagram (39) Facebook (40) WhatsApp (41) Hangout (42) Line (43) Communication apps WeChat (44) - + Imo (45) - - Messenger (46) Skype (47) - - Tango (48) - Viber (49) - Telegram (50) - R G A S N E E S S E A O R T O N N R M G D E C O O O A L I S N _ M A T H H S R L A N O E A T P P L L C N C O E T A A O S C O R S C L C C I M

  9. 9 / 15 Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. K K L M N O P Q R S T -100 iHeartRadio (1) 5 4 JangoRadio (2) 48 48 PlayMusic (3) -100 -100 -100 -100 -100 -100 -100 -100 -13 -13 -13 -13 100 100 -13 -13 100 100 -90 Deezer (4) Music apps BBCiPlayer (5) 16 16 36 36 -80 SongFlip (6) Tidal (7) 10 10 2 Shazam (8) -100 -100 -100 -100 -100 -100 -100 -100 -25 -25 -40 -40 -41 -41 -70 SoundCloud (9) 10 10 14 14 -73.91 -73.91 Spotify (10) -20 -20 -58.97 -58.97 -60 Weather&Radar (11) -5 -5 -75 -75 Yr (12) -94.87 -94.87 -96.15 -96.15 PalmaryWeather (13) 11.63 11.63 -55.88 -55.88 -50 YahooWeather (14) -100 -100 -100 -100 -100 -100 -45.1 -45.1 -100 -100 -26 -26 -100 -100 -30 -30 -68.6 -68.6 Weather apps Weather&Clock (15) -85.71 -85.71 100 100 37.5 37.5 -40 WeatherBug (16) -100 -100 -12 -12 -15 -15 GoWeather (17) -100 -100 -9 -9 -5 -5 -10 -10 WeatherApp (18) -100 -100 -15 -15 -13 -13 -30 Accuweather (19) -100 -100 10 10 -6 -6 weather.com (20) -100 -100 -15 -15 -15 -15 -26 -26 -20 GoogleFit (21) -100 -100 -100 -100 100 100 -20 -20 -75 -75 -100 -100 -98.94 -98.94 MyFitnessPal (22) -100 -100 -100 -100 7 minWorkout (23) -8 -8 -10 Fitbit (24) -100 -100 -100 -100 -100 -100 -100 -100 -85 -85 40 40 65.76 65.76 Fitness apps 30dayFitness (25) -100 -100 -16 -16 0 Endomodo (26) 7 7 -86.36 -86.36 Lifesum (27) 100 100 10 10 -83.91 -83.91 -71.74 -71.74 Runtastic (28) 100 100 43.72 43.72 100 100 100 100 10 Pedometer (29) 100 100 60 60 Runkeeper (30) 100 100 -97.4 -97.4 -75 -75 -100 -100 Change of privilege usage pattern 20 TikTok (31) 3 -76 -76 Tumblr (32) -100 -100 -26 -26 -26 -26 -10 -10 Linkedin (33) 100 100 -92.59 -92.59 30 Foursquare (34) 83.33 83.33 100 100 100 100 Social apps Pinterest (35) -14 -14 40 Slack (36) -7 -7 -16 -16 Snapchat (37) -100 -100 -100 -100 -15 -15 -30 -30 Twitter (38) -8 -8 85.71 85.71 16.67 16.67 50 Instagram (39) -28 -28 -36 -36 Facebook (40) -100 -100 -100 -100 71.05 71.05 3 -67.86 -67.86 100 100 100 100 60 WhatsApp (41) -100 -100 -17 -17 9 28.95 28.95 -73 -73 -68.29 -68.29 Hangout (42) -33.33 -33.33 100 100 -58.54 -58.54 -21.95 -21.95 41.46 41.46 -98.29 -98.29 -56.63 -56.63 Line (43) 100 100 100 100 1 8 8 20 20 70 Communication apps WeChat (44) -92.31 -92.31 -100 -100 100 100 100 100 2.44 2.44 100 100 Imo (45) -100 -100 -100 -100 -100 -100 -6 -6 31.76 31.76 100 100 -13 -13 44.19 44.19 80 Messenger (46) 100 100 100 100 Skype (47) -100 -100 -100 -100 -29 -29 37 37 -16 -16 75.76 75.76 Tango (48) -43 -43 4 -42 -42 -89 -89 90 Viber (49) -100 -100 -13 -13 81.25 81.25 -58.62 -58.62 -47 -47 -82.61 -82.61 Telegram (50) -68.42 -68.42 -59.52 -59.52 -56.52 -56.52 -82.22 -82.22 100 R G A S N E E S S E A O R T O N N R M G D E C O O O A L I S N _ M A T H H S R L A N O E A T P P L L C N C O E T A A O S C O R S C L C C I M

  10. Wait, wait ... That’s a lot to consider! How can a user re-evaluate decisions taken earlier with ease? 10 / 15

  11. Accept Maybe Decline Confused? I don’t know! 11 / 15

  12. Confused? I don’t know! So, maybe? Accept Maybe Decline Paper V: Partial Commitment–“Try Before You Buy” and “Buyer’s Remorse” for Personal Data in Big Data Machine Learning ; L Fritsch; IFIP International Conference on Trust Management, page 3-11. 11 / 15

  13. Partial commitment Consent with an expiry date. Consent for a subset of data. Consent for limited access. 12 / 15

  14. At expiration? Evaluation of privacy-preserving-performance. Decision to continue or revoke access. Intervenability. 13 / 15

Recommend

The curious case he curious case of of Eos Eosinophilia inophilia in in the the

The curious case he curious case of of Eos Eosinophilia inophilia in in the the

The curious case he curious case of of Eos Eosinophilia inophilia in in the the night night time time Tom Konikoff 6.6.17 Internal medicine D Patient background 17 y/o female Healthy No meds No

579 views • 34 slides
Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN ..

Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN ..

Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN .. The beginning The curious case of T1D to DSN .. The beginning The curious case of T1D to DSN .. The beginning The first foray into healthcare

391 views • 37 slides
Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not

Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not

Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not give adequate explanations in response to the questions posed after my presentation in Bali Convention Center on August 22, 2014. Supplemental slides

241 views • 21 slides
A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John

A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John

A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John Malcynski MD, Patricio S. Espinosa MD Florida Atlantic University Charles E. Schmidt College of Medicine Case Presentation at Bethesda A 30-year-old

555 views • 13 slides
Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26

Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26

Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26 September 2014 Crispin Pemberton Pigott SeTAR Centre Department of Geography Environmental Management and Energy Studies University of Johannesburg

157 views • 12 slides
Informed Consent in Research consent has been firmly established in clinical practice and

Informed Consent in Research consent has been firmly established in clinical practice and

2014/9/18 Requirement of Informed Consent In Japan, like many other countries, the doctrine of informed Informed Consent in Research consent has been firmly established in clinical practice and research. in Japan: A Case for Broad Consent In the

533 views • 6 slides
Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint

Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint

Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint paper with Dirk Hofmann) Universit du Littoral, France TACL in Prague, June 2630, 2017 . . . Metrics Frchet [1906]: Metric space ( X, d )

624 views • 48 slides
Button Click Many ways use Button in Android SetOnClickListener (just click button)

Button Click Many ways use Button in Android SetOnClickListener (just click button)

Button Click Many ways use Button in Android SetOnClickListener (just click button) SetOnLongClickListener (on long press) SetOnTouchListener (until button is pressed) OnClick (simple click using XML) Many other ways

470 views • 30 slides
HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button

HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button

January 2015 HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button Slope/Alignment Buttons HI-/Manual- Standby - LED Level-LED Battery Status LED Power Button Manual/Single Slope Mode/ Standby

612 views • 38 slides
Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ?

Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ?

Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ? Patient Autonomy All individuals have right to determine what is done to them Treatment is much broader than surgery involves IM

471 views • 32 slides
The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids

The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids

The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids that have many many questions. We receive great pleasure from finding things out. What are we curious about? A Curiosity List: (Partial! In no

743 views • 63 slides
1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold

1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold

1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold Swipe the Screen once slightly to lock the until tablet starts screen 4 Battery level with percentage Mobile data signal strength {H+ (100%) / H

1.03k views • 30 slides
LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp;

LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp;

LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp; ASIA THE PERFECT WEATHER More than 320 days of sun in a year. Enjoy our endless summer. MLAGA CULTURAL For CURIOus Culturalists art is everywhere,

563 views • 12 slides
2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in

2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in

2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in Teaching Today Hello! We are the Curious Chimeras. We are here because we design playable experiences and create game worlds. You can find us on

841 views • 41 slides
Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Consent Requirements Under the Personal Health Information Protection Act Debra Grant Debra Grant Office of the Information and Privacy Commissioner of Ontario EHIL Webinar May 11, 2011 Presentation Outline Consent a Key Principle in

520 views • 14 slides
CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the

CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the

S E S S I O N 3 CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the The regulations would be revised to provide greater specificity Common Rule provide only about how consent forms should

218 views • 3 slides
With its rich cultural heritage just like the Eter- If you are curious to see the If you are

With its rich cultural heritage just like the Eter- If you are curious to see the If you are

With its rich cultural heritage just like the Eter- If you are curious to see the If you are curious to see the nal City, it offers a lot to see on a small area. oldest continuously inhabited city oldest continuously inhabited city As Plovdiv

207 views • 3 slides
Tamarind Hearing presentation Applications for marine consent and marine discharge consent under

Tamarind Hearing presentation Applications for marine consent and marine discharge consent under

Tamarind Hearing presentation Applications for marine consent and marine discharge consent under the EEZ-CS Act (2012) Before the EPA Board of Inquiry, 8 th November 2018 Lyndon DeVantier, PhD Opposed. Cumulative Effects Assessments for

424 views • 23 slides
Something Old, Something New A Talk about NLP for the Curious @EVANAHARI, YOW! AUSTRALIA 2016

Something Old, Something New A Talk about NLP for the Curious @EVANAHARI, YOW! AUSTRALIA 2016

Something Old, Something New A Talk about NLP for the Curious @EVANAHARI, YOW! AUSTRALIA 2016 Jabberwocky `Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe.

525 views • 34 slides
. . . to remove a curious and shameful anomaly, this namely, that Britain, alone of all

. . . to remove a curious and shameful anomaly, this namely, that Britain, alone of all

. . . to remove a curious and shameful anomaly, this namely, that Britain, alone of all cultured European countries, is without any periodical which makes the serious and disinterested study of ancient art its chief occupation. Editorial,

179 views • 16 slides
Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure

Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure

Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure When considering an application [for renewal of resource consent] a consent authority must have regard to the value of the investment of the

169 views • 4 slides
LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each

LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each

LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each student with a disability or English Language Learner (ELL) has an equal opportunity to attend a criteria based high school and or programs that are

587 views • 21 slides
The Development Consent Process The Role of Local Authorities / GLA The Development Consent

The Development Consent Process The Role of Local Authorities / GLA The Development Consent

The Development Consent Process The Role of Local Authorities / GLA The Development Consent Process DEVELOPER PI NS SofS Decision Acceptance Pre-application Exam ination Pre-examination Recom m endation 1 Year + 1 Year Thames Tideway

433 views • 14 slides
LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each

LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each

LeGare Consent Decree For 2017-2018 What is LeGare? The LeGare Consent Decree (1995) Each student with a disability or English Language Learner (ELL) has an equal opportunity to attend a criteria based high school and or programs that are

703 views • 20 slides

More recommend