Profiling – collecting information about somebody from various sources, possibly by multiple means – may be a major concern for users of the internet, even more so since the beginning of the Web 2.0 era, which has made publicly disclosing personal information a kind of a social norm. This effect has made it easier for a profiler to look for information about someone, because it is no longer necessary to use sophisticated tracking techniques like Evercookies; it is likely that one can fill oneself in about somebody just be consulting the publicly available Web 2.0 services, such as blogs and social networking websites. In addition, several Web 2.0 service providers prohibit the obfuscation of the disclosed information in their Terms of Use, which means that the techniques of defence that rely solely on encryption are not applicable for all services.
In our new paper, we propose a model that uses steganography, and an implementation thereof called StegoWeb. This application is realised as a set of bookmarklets (JavaScript programs that are encapsulated into a web browser bookmark), which makes it easy to use and install. StegoWeb is especially fit for social networking websites, allowing someone to have a public profile shared with the world and the service provider, and a private one that is shared with users who are in the possession of a key. The use of steganography ensures that no party involved can learn about even the existence of the private information; this is what makes StegoWeb especially powerful! Please test it at http://stegoweb.pet-portal.eu/index_en.html, and feel free to give feedback at the provided contact e-mail addresses!
Our paper titled 'StegoWeb: Towards the Ideal Private Web Content Publishing Tool' has been accepted for the SECURWARE 2011 conference, and a related presentation/discussion will be held at the end of the month at the conference.
Abstract
Privacy breaches through profiling constitute a considerable threat to users of Web 2.0 services. While many concepts have been proposed to address this issue by allowing users to encrypt, obfuscate, or otherwise conceal information of their choice, all have certain limitations. In this paper, we survey the available solutions, and propose a taxonomy for classifying them based on a revised evaluation scheme that builds upon our previous work. Our main contribution is a model that harnesses steganographic techniques in order to hide sensitive data, and the description of a proof-of-concept implementation thereof that allows a user to hide profile data on a website without installing any sort of software aside from a conventional web browser.
0 comments.
No comments.
Anyone can comment, in case of unregistered senders all fields are optional. Comment can be anonymous.