data driven
play

Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl - PowerPoint PPT Presentation

Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl Aberer EPFL, Switzerland Workshop on Privacy Indicators, SOUPS 2016 Permissions in 3rd Party Apps Facebook Android 2 Permissions in 3rd Party Apps 11/26/2015 Request for


  1. Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl Aberer EPFL, Switzerland Workshop on Privacy Indicators, SOUPS 2016

  2. Permissions in 3rd Party Apps Facebook Android 2

  3. Permissions in 3rd Party Apps 11/26/2015 Request for Permission Dropbox Google Drive Pdf Merger would like to: View and manage Google Drive files and folders that you have opened or created with this app View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time. Deny Allow 3 https://accounts.google.com/o/oauth2/auth?client_id=372897164722-ssp2tb8m4sgvhn2s15jtt8dtuhtocbsi.apps.googleusercontent.com&scope=https%3A%2F%2… 1/1

  4. Permissions in 3rd Party Apps Dropbox Google Drive Pdf Merger would like to: View and manage Google Drive files and folders that you have opened or created with this app View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time. Deny Allow 3

  5. Permissions in 3rd Party Apps Dropbox Google Drive Challenges Pdf Merger would like to: One size fits all View and manage Google Drive files and folders that Habituation effects you have opened or created with this app Different from user expectations View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time. Deny Allow 3

  6. Data-Driven Privacy Indicators (DDPIS) Dynamic indicators as a function of users’ data 4

  7. Data-Driven Privacy Indicators (DDPIS) Dynamic indicators as a function of users’ data Service provider delivers insights that help users make privacy-aware decisions. 4

  8. Focus on 3rd Party Cloud Apps 5

  9. 3 rd party apps CSPs Your Files Files 6

  10. Problem 1: Dealing with App Over-privilege 7

  11. Dealing with App Over-privilege 64% of 3rd party apps request more data than needed* *H. Harkous, R. Rahman, B. Karlas, and K. Aberer. "The Curious Case of the PDF Converter that Likes Mozart: 8 Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps", PoPETs

  12. Current Interface ZIP Extractor wants to: View your basic profile info View your email address View and manage Google Drive files and folders per-file access that you have opened or created with this app. full access View the files in your Google Drive 9

  13. ZIP Extractor wants to: obtain permissions it doesn't need View the files in your Google Drive obtain permissions it needs to function View your basic profile info View your email address View and manage Google Drive files and folders that you have opened or created with this app. 9

  14. ZIP Extractor wants to: obtain permissions it doesn't need View the files in your Google Drive obtain permissions it needs to function View your basic profile info View your email address View and manage Google Drive files and folders that you have opened or created with this app. Labelling 9

  15. 10 privyseal.epfl.ch

  16. 1- Immediate Insights Immediate Insights (examples) from your Data 10 privyseal.epfl.ch

  17. 2- Immediate Insights 1- Immediate Insights They tell the app that you have the below image, named ‘brithday21.jpg': 11 privyseal.epfl.ch

  18. 2- Immediate Insights 1- Immediate Insights They tell the app that you have an image, named ‘dinner.jpg’ , which was captured at this location: 12 privyseal.epfl.ch

  19. 2- Far-reaching Insights Far-reaching Insights from your Data 13 privyseal.epfl.ch

  20. 2- Far-reaching Insights Far-reaching Insights from your Data 13 privyseal.epfl.ch

  21. 3- Far-reaching Insights 2- Far-reaching Insights …with Entities/Concepts/Topics 14 privyseal.epfl.ch

  22. 3- Far-reaching Insights 2- Far-reaching Insights …Sentiments 15 privyseal.epfl.ch

  23. 3- Far-reaching Insights 2- Far-reaching Insights …Top Collaborators 16 privyseal.epfl.ch

  24. 3- Far-reaching Insights 2- Far-reaching Insights …Shared Interests 17 privyseal.epfl.ch

  25. 3- Far-reaching Insights 2- Far-reaching Insights …Faces with Context 18 privyseal.epfl.ch

  26. 3- Far-reaching Insights 2- Far-reaching Insights …Faces on Map 19 privyseal.epfl.ch

  27. Inefficacy of Baseline Permissions Acceptance Likelihood (Percentage of users who would still accept over-privileged apps) Online experiment 39% • Actual user’s data • 160 participants in 3 groups • 23% GLMMs for significance tests • 16% Far-reaching Baseline Immediate *H. Harkous, R. Rahman, B. Karlas, and K. Aberer. "The Curious Case of the PDF Converter that Likes Mozart: 20 Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps", PoPETs

  28. The Power of Relational Insights They tell the app that you have the below image, named ‘brithday21.jpg': < Acceptance Likelihood 21

  29. Impact of Face Recognition < Acceptance Likelihood 8% 21% 22

  30. Problem 2: Minimizing Interdependent Privacy 23

  31. Company 1 Company 2 Company 3 Company 4 Company 5 Company 6 24

  32. Company 1 Company 2 Company 3 Company 4 Company 5 Company 6 Too Many Shareholders → Larger Attack Surface 24

  33. Company 1 Company 2 Company 3 25

  34. Company 1 Company 2 Company 3 Fewer Shareholders → Better Privacy 25

  35. History-based Insights Keep data with a minimum number of vendors When possible, install apps from vendors that already have access to your data, either directly or from collaborators. 26

  36. Baseline Permission Model 27

  37. History-based ( HB ) Insights Model 28

  38. Findings 29

  39. Superiority of the HB Insights (Percentage of users who would favor the app with existing access to their data) 75-84% 42-56% Online experiment (CrowdFlower) • Role-playing scenario • 141 participants in 2 groups • Fisher’s test for significance • Baseline History-based 30

  40. User Motivations cross-app compatibility interface familiarity satisfaction with the previous vendor 31

  41. User Motivations cross-app compatibility interface familiarity satisfaction with the previous vendor Users’ data can be used to highlight the other advantages of taking privacy-aware decisions 31

  42. Further Applications of DDPIs 32

  43. Extensions of FR and HB Insights mobile/social networking platforms browser extensions (visualize browser history contents) visualize the power of 4th party ad providers 33

  44. New DDPIs consequences of privacy settings how others view my encrypted data visualize which of the user’s apps still operate with encryption 34

  45. Post-installation Scenario insights based on downloaded files insights based on accessed location* * H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. CHI 2015 35

  46. Limitations 36

  47. The Business Case The provider is interested in strengthening the ecosystem Could privacy be the selling point? 37

  48. The Economic Cost extra computational cost data analysis already run for other purposes (e.g. search) 38

  49. Usability Challenges How to stay minimize information overload? How to prioritize messages when multiple optimizations are possible? 39

  50. What’s Next? Privacy DDPIS Assistants 40

  51. Questions/Feedback? hamza.harkous@gmail.com hamzaharkous.com 41

  52. Image/Media Credits Markus Magnusson: slide 8 David Holm: slide 24 Freepik: slide 23 Fab Design: slide 41 42

Recommend


More recommend