Introduction

‘Profiling’ is a term expressing the tracking of the activity of users or visitors among certain services, e.g. a website, for various purposes – the most probable motivation being financial benefit through targeted advertising. While users of a service can, in some cases, certainly benefit from the personalised content found on websites (e.g. in the form of articles of their interest in an online newspaper), and research shows that actual behaviour does not always match what users claim about their objections against tracking when certain benefits are offered in turn, profiling is a privacy concern for many users. For example, it was shown in a survey over German Internet users that 60% had avoided a website in order to protect their privacy, and it is safe to state that a high proportion of users have serious doubts about efficiency and the integrity of the data protection measures of commercial websites. It must also be noted that the technology has evolved since then, which poses even bigger problems about privacy of online activities, as shown later in this paper.

The ‘classical’ method of profiling through third party cookies, further reinforced by the use of Flash cookies (i.e. local stored objects or LSOs of Adobe Flash Player), is living its renaissance. A cookie is a file that can be planted on the user’s hard drive for later retrieval by a website. Cookies have many purposes, one of which is making up for the connectionless nature of the HTTP protocol by identifying a user even after the end of the HTTP request. A service that requires authentication (e.g. a webmail server) usually relies on so-called session cookies to recognise that certain HTTP requests belong to the same user. However, third parties, e.g. advertisers, can also install a cookie containing an identifier, and fetch it on every website that embeds their banners, thereby tracking the user between requests made to different services. In contrast to HTTP cookies that privacy-aware users reject or delete at regular intervals, thereby making the advertiser overestimate the number of unique visitors, Flash cookies tend to ‘survive’ since many users do not even know that they exist, and they are not affected by the ‘Private Browsing mode’ implemented in modern browsers like Internet Explorer 8 and Firefox 3. An advertiser can even recreate HTTP cookies from Flash cookies through a Flash animation embedded into a third party website.

The appearance of Web 2.0 has also led to the evolution of different approaches to profiling. For instance, a service provider can offer various services to the user (as is the case with Gmail, Google Calendar, Google Groups, Picasa etc.), each of which logs activity to some extent. These logs can be combined, and the provider gets a detailed image about the behaviour of the user in many cases. It must be noted that this kind of tracking does not mandate using sophisticated techniques like Flash cookies or client-side profiling software – it is effectively the user who voluntarily profiles herself for the service provider.

A service provider can also use information gathered from other websites. For example, a social networking website can retrieve the missing information in a user’s profile by using the information found on the user’s blog at another service provider, as was the case with Facebook until a recent change in their privacy policy.

It must be noted that there exist privacy enhancing extensions to profiling, e.g. profiling that is performed on perturbed or obfuscated data. However, a privacy-aware user may be concerned that such data alterations are not performed before the information is sent to the central server.

All this discussion leads us to the conclusion that users cannot entrust service providers with the protection of their privacy. However, service providers are not the only threat to online privacy. Anybody can crawl the public sources of information on the Web in an attempt to find information about a target. Using pseudonyms is not necessarily sufficient for concealing our identity, as shown in Section II.

All this discussion supports the motivation that a user must be able to control the access to the information she publishes about herself. Our main contribution in this paper is the proposal of such a privacy-enhancing tool that enables fine-grained disclosure of private data. Our approach intends to be general and does not target a single service or a single type of service (e.g. social networking sites). Furthermore, it does away with the use of trusted third parties, delegating the responsibility of the protection of the information entirely to a client-side application.

In Section II we discuss the threats arising from profiling using publicly available data and compare the already existing solutions for this problem. Section III describes the requirements we stipulated for a practical solution, followed by the discussion of our proposed model in Section IV. In Section V, we analyse our implementation of the aforementioned model. Finally, in Section VI, we conclude and discuss the future of our work.

Permalink: https://pet-portal.eu/blog/read/34/2011-07-22-BlogCrypt-Private-Content-Publishing-on-the-Web-2010.p...