On this page we make available articles and studies which may be useful for interested users of information technology. Some articles may also be useful for other user groups, therefore these can be found in their domains, too.
Service providers of social network based services release their sanitized graph structure for third parties (e.g., business partners) from time to time. However, as these releases contain valuable information additionally to what is publicly available in the network, these may be targeted by re-identification attacks, i.e., where an attacker tries to recover the identities of the nodes that were removed during the sanitization process. One powerful type of these, called structural re-identification attacks consider only structural properties, and work according to a specific strategy: first they re-identify some nodes by their globally unique properties, and then in an optional second phase, nodes related to these are re-identified by their locally unique properties. Global re-identifiability or global node anonymity is a well studied concept, however, node anonymity for local re-identification has not yet been analyzed.
Therefore in this paper, after discussing the related literature on anonymity and re-identification, we introduce the novel term of Local Topological Anonymity (LTA), which describes the resistant power of a node against local re-identification attacks, or, in other words, indicates how well the node is structurally hidden in her neighborhood. Regarding these attacks in the literature, we propose three measure variants of LTA based on structural similarity measures, and evaluate them by visual inspection and simulation in multiple networks. We show that one of the proposed measures provides good prediction on local node re-identifiability as there is correlation between the LTA values and the re-identification statistics provided by the state-of-the-art algorithm.
The techniques of tracking users through their web browsers have greatly evolved since the birth of the World Wide Web, posing an increasingly significant privacy risk. An important branch of these methods, called fingerprinting, is getting more and more attention, because it does not rely on client-side information storage, in contrast to cookie-like techniques. In this paper, we propose a new, browser-independent fingerprinting method. We have tested it on a data set of almost a thousand records, collected through a publicly accessible test website. We have shown that a part of the IP address, the availability of a specific font set, the time zone, and the screen resolution are enough to uniquely identify most users of the five most popular web browsers, and that user agent strings are fairly effective but fragile identifiers of a browser instance.
Privacy breaches through profiling constitute a considerable threat to users of Web 2.0 services. While many concepts have been proposed to address this issue by allowing users to encrypt, obfuscate, or otherwise conceal information of their choice, all have certain limitations. In this paper, we survey the available solutions, and propose a taxonomy for classifying them based on a revised evaluation scheme that builds upon our previous work. Our main contribution is a model that harnesses steganographic techniques in order to hide sensitive data, and the description of a proof-of-concept implementation thereof that allows a user to hide profile data on a website without installing any sort of software aside from a conventional web browser.
Voluntary disclosure of personal information is becoming more and more widespread with the advent of Web 2.0 services. Publishing such information constitutes new kinds of threats, such as further reinforcing already existing profiling techniques through correlation of perceived user activities to those publicly disclosed, but the most obvious of all is the intrinsic threat that malicious third parties collect and combine information we publish about ourselves. In this paper, we evaluate currently existing solutions that are destined for ad-dressing this issue, then propose a model of our own for pro-viding access control for a user over information she published and analyse our implementation thereof.
Source: Paulik, T., Földes, Á. M., Gulyás, G. Gy.: BlogCrypt: Private Content Publishing on the Web. In Proc. of Fourth International Conference on Emerging Security Information, Systems and Technologies, pp.123-128, 2010.
In general, networking privacy enhancing technologies are better on larger user bases - such criteria that can be enhanced by combining them with community based services. In this paper we present main web privacy issues and today’s complex preventive solutions, anonymous web browsers, in several aspects including a comprehensive taxonomy as a result of our inquiry. Also, we suggest a next generation anonymous browser scheme based on collaborative filtering concerning issues on semantic web. Finally we analyze the benefits and drawbacks of such services, also examining the possible investors and raised moral considerations.
Source: In Proceedings of the Joint SPACE and TIME Workshops 2008 (pp. 17-32). Trondheim, Norway: CEUR-WS.
If one accepts Lessig’s metaphor that in today’s information society “the Code” is the law, than the Coders must be its lawmakers who have a decisive impact on how information systems are designed, realized and operated. Surveillance systems are enhanced or in some cases generated by today’s information technology, thus the views of those conceptualizing and realizing such systems fundamentally influence the way such systems, or in general, our surveillance society, are being developed. However, the people behind these processes – the IT professionals and their principals – constitute an unexplored group in social sciences in general, and in surveillance studies in particular. A recent project, BROAD (Broadening the Range Of Awareness in Data protection, www.broad-project.eu) explored the knowledge, opinion, values, attitudes and self-reported behaviour of IT professionals in the area of handling personal data. This paper – the draft of a chapter to be published in Christian Fuchs et al. (eds.), The Internet & Surveillance, Routledge (forthcoming) – presents some of the main findings of the interviews and the online survey conducted in the Netherlands and in Hungary, studying the views of people representing a profession deeply influenced by globalization in two different social and cultural environments.
The author’s intention has been to frame an argument in favour of making IT professionals’ views on these matters count more in the formulation and implementation of the concept of modern surveillance systems. The conclusions of the study may enrich the discussions on the subject with some novel viewpoints, hopefully leading the emergence of new policies, strategies and areas of intervention for the benefit of the various stakeholders in the area of surveillance and the handling of personal data. The study also aims at providing feedback to the studied population, the IT professionals themselves, and motivating researchers to conduct further studies in this area.