SUMMARY OF PETS 2020<\/b><\/p>\n
I\u2019ve recently attended the <\/span>Privacy Enhancing Technologies Symposium 2020<\/span><\/a> or so-called PETS. PETS is one of the leading venues for privacy research (with around 23% acceptance rate). All accepted papers get published in the <\/span>PoPETs journal<\/span><\/a> (Proceedings on PETs).<\/span><\/p>\n Given the Covid-19 situation, almost all research conferences were organized online, where researchers can present and attend virtually!\u00a0<\/span><\/p>\n Even though online venues are less engaging and provide fewer networking opportunities, they still have advantages, for example, if one misses a session (e.g., in case of parallel sessions) it is possible to watch offline streams on Youtube. Needless to say that the registration fees are much cheaper and this is wonderful for young students\/researchers to attend top-tier venues.<\/span><\/p>\n <\/p>\n My purpose in writing this blog is to provide a summary of the interesting research projects that I\u2019ve seen in PETS.<\/span><\/p>\n Keynote: PRIVACY THREATS IN INTIMATE RELATIONSHIP<\/b><\/p>\n I am working on the project of <\/span>Multiparty Privacy Conflict (MPC)<\/span><\/a> that investigates how technological interventions can deter social media users from non-consensual multimedia sharing. Such privacy conflicts can mainly happen between users who have closer relationships such as close friends or ex-partners. I attended an excellent keynote by <\/span>Karen Levy<\/span><\/a> from Cornell University. The keynote shares a similar motivation with the MPC project on how people with intimate relationships (e.g., parents, close families, partners, friends) can threaten each others\u2019 privacy. Given that people with intimate relationships usually share much common information, disclosure of such data can cause serious privacy risks.\u00a0<\/span><\/p>\n The keynote speaker identified four features (motivations) on why privacy threats could happen in intimate relationships including:\u00a0<\/span><\/p>\n The speaker provided several implications for design on how to avoid such issues. The most interesting implications were:\u00a0<\/span><\/p>\n The content of the talk was published in the Journal of CYBERSECURITY. (<\/span>for more details<\/span><\/a>)<\/span><\/p>\n —-<\/p>\n Besides the keynote talk I also noted several interesting studies:<\/span><\/p>\n PRIVACY AT A GLANCE: The User-Centric Design of Data Exposure Visualizations for an Awareness-Raising Screensaver<\/b><\/p>\n Daricia Wilkinson (Clemson University), Paritosh Bahirat (Clemson University), Moses Namara (Clemson University), Jing Lyu (Clemson University), Arwa Alsubhi (Clemson University), Jessica Qiu (Clemson University), Pamela J. Wisniewski (University of Central Florida), and Bart Knijnenburg (Clemson University)<\/span><\/i><\/p>\n This paper studies how visual granularity of the depicted information on smartphones will influence users’ utility perception and how further obfuscating such data can help for privacy protection. Authors studied different levels of granularity (low, medium, high, very high) in the smartphone visual design.\u00a0<\/span><\/p>\n They found that moderate granularity offers better glanceability. It means that users can capture or perceive information in a quick way with a minimum cognitive effort. But on the other hand, they found high granularity is good for comprehension or a deeper understanding of data. As a takeaway message, less granular data can deliver more and easy to consume information. Thus, providing less information in smartphone visual design while supports utility, can be beneficial for privacy. For example, users can hide their information from adversaries who do shoulder surfing! (<\/span>for more details<\/span><\/a>)<\/span><\/p>\n WHEN SPEAKERS ARE ALL EARS: Characterizing Misactivations of IoT Smart Speakers<\/b><\/p>\n Daniel J. Dubois (Northeastern University), Roman Kolcun (Imperial College London), Anna Maria Mandalari (Imperial College London), Muhammad Talha Paracha (Northeastern University), David Choffnes (Northeastern University), and Hamed Haddadi (Imperial College London)<\/span><\/i><\/p>\n Smart speakers such as Amazon Alexa can be miss activated due to miss-spelling or using similar keywords. For example, calling a friend called Alex might miss-activate the smart device (hearing it Alex\u2019a\u2019) and it should record part of a private conversation. This paper studied how often such incidences could happen and how it is different between different devices (e.g. Alexa vs. Siri) and different accents (e.g., UK vs. US English), and what are the keywords that can lead to miss activation.\u00a0<\/span><\/p>\n As a Human-Computer Interaction (HCI) researcher who always deals with human subjects to evaluate technology, it was interesting for me to see how such research questions could be addressed without involving users in the experiment.<\/span><\/p>\n The authors located different smart speakers inside a small room and then played famous TV shows for several hours. They observed internet traffic (by network and cloud analysis) and miss activations (by camera observance). To sum, authors found such miss activations could happen frequently and may last longer. But they could not find deliberate or malicious miss activations. (<\/span>for more details<\/span><\/a>)<\/span><\/p>\n THE PRICE IS (NOT) RIGHT: Comparing Privacy in Free and Paid Apps<\/b><\/p>\n Catherine Han (University of California, Berkeley), Irwin Reyes (Two Six Labs \/ International Computer Science Institute), \u00c1lvaro Feal (IMDEA Networks Institute \/ Universidad Carlos III de Madrid), Joel Reardon (University of Calgary \/ AppCensus, Inc.), Primal Wijesekera (International Computer Science Institute \/ University of California, Berkeley), Narseo Vallina-Rodriguez (IMDEA Networks Institute \/ International Computer Science Institute \/ AppCensus, Inc.), Amit Elazari (University of California, Berkeley), Kenneth A. Bamberger (University of California, Berkeley), and Serge Egelman (International Computer Science Institute \/ University of California, Berkeley \/ AppCensus, Inc.)<\/span><\/i><\/p>\n What do you expect from a service provider if you pay for a mobile app? The answer could be \u201cif I pay for an app I would not see any advertisement and I expect that my privacy will be better preserved by the service provider\u201d.\u00a0<\/span><\/p>\n The paper used a survey with 1000 respondents asking respondents to click which app (e.g., Facebook) they want to install? A free Facebook app included advertisements or a 0.99 USD paid Facebook app without advertisements. 40% of respondents preferred to download the paid version. The main reason (as expected) was removing the advertisement and then to utilize better features. 30% of respondents believed their data will be treated differently for example for tracking. In sum, they think the paid version will better protect their data and privacy.<\/span><\/p>\n But how about the real situation? The study collected over 5000 apps on Google Play which has both free and paid versions and then scrutinized their features and privacy policies. Surprisingly in most of the cases paid versions and free versions treat similarly to user privacy and even for 4% of the apps the paid version contains more advertisement libraries that do not exist in the free version. Thus, \u201cpaying for privacy\u201d indeed is a misconception among the users (<\/span>for more details<\/span><\/a>).<\/span><\/p>\n Author: <\/span>Kavous SALEHZADEH NIKSIRAT<\/span><\/a><\/span><\/p>\n\n
\n
\u00a9 Thumbnail photo by Dayne Topkin<\/a> on Unsplash<\/a><\/pre>\n