Chao Wu

DOI: https://doi.org/10.1016/j.techsoc.2024.102457

IF: 6.879

2024-01-01

Technology in Society

Abstract:In recent years, data privacy has attracted increasing public concerns, especially with public scandals from top Internet companies, emerging over inappropriate data collection, lack of transparency in data usage, and manipulation of users' preferences. This has led to responsive efforts from multiple sectors of society to constrain the violation of individuals’ data privacy. Among these efforts, the regulations like GDPR are the most influential, which are believed to be able to change the foundation of the whole data ecosystem. The main concern of current regulation is data transparency, designed to enable individuals to make rational decisions about their data. However, I argue that transparency cannot mitigate a key issue of data privacy, which is the right of receiving benefits from data. This issue is getting severe with the rapid development of the data economy and will become the essential problem of social welfare and fairness in the AI era. I further point out that the key to solving this issue is to migrate the current centralized data utilization paradigm to a new decentralized paradigm. Based on the recent technical advancements, I propose an applicable pathway to implement such a paradigm. And to realize a fair and sustainable data eco-system, joint efforts should be made within this paradigm.

Yang Lu,Shujun Li,Athina Ioannou,Iis Tussyadiah

DOI: https://doi.org/10.48550/arXiv.1909.09942

2019-09-22

Cryptography and Security

Abstract:Although there are privacy-enhancing tools designed to protect users' online privacy, it is surprising to see a lack of user-centric solutions allowing privacy control based on the joint assessment of privacy risks and benefits, due to data disclosure to multiple platforms. In this paper, we propose a conceptual framework to fill the gap: aiming at the user-centric privacy protection, we show the framework can not only assess privacy risks in using online services but also the added values earned from data disclosure. Through following a human-in-the-loop approach, it is expected the framework provides a personalized solution via preference learning, continuous privacy assessment, behavior monitoring and nudging. Finally, we describe a case study towards "leisure travelers" and several future areas to be studied in the ongoing project.

Fenghua Li,Hui Li,Ben Niu,Jinjun Chen

DOI: https://doi.org/10.1016/j.eng.2019.09.002

IF: 12.834

2019-12-01

Engineering

Abstract:<p>With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by large Internet companies in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional persistence of private information in different information systems. However, problems such as the cask principle of preserving private information among different information systems and the difficulty of tracing the source of privacy violations are becoming increasingly serious. Therefore, existing privacy-preserving schemes cannot provide systematic privacy preservation. In this paper, we examine the links of the information life-cycle, such as information collection, storage, processing, distribution, and destruction. We then propose a theory of privacy computing and a key technology system that includes a privacy computing framework, a formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of the privacy-preserving effect, and a privacy computing language. Finally, we employ four application scenarios to describe the universal application of privacy computing, and discuss the prospect of future research trends. This work is expected to guide theoretical research on user privacy preservation within open environments.</p>

engineering, multidisciplinary

Baobao Song,Mengyue Deng,Shiva Raj Pokhrel,Qiujun Lan,Robin Doss,Gang Li

DOI: https://doi.org/10.48550/arXiv.2302.09258

2023-02-18

Cryptography and Security

Abstract:Users have renewed interest in protecting their private data in the digital space. When they don't believe that their privacy is sufficiently covered by one platform, they will readily switch to another. Such an increasing level of privacy awareness has made privacy preservation an essential research topic. Nevertheless, new privacy attacks are emerging day by day. Therefore, a holistic survey to compare the discovered techniques on attacks over privacy preservation and their mitigation schemes is essential in the literature. We develop a study to fill this gap by assessing the resilience of privacy-preserving methods to various attacks and conducting a comprehensive review of countermeasures from a broader perspective. First, we introduce the fundamental concepts and critical components of privacy attacks. Second, we comprehensively cover major privacy attacks targeted at anonymous data, statistical aggregate data, and privacy-preserving models. We also summarize popular countermeasures to mitigate these attacks. Finally, some promising future research directions and related issues in the privacy community are envisaged. We believe this survey will successfully shed some light on privacy research and encourage researchers to entirely understand the resilience of different existing privacy-preserving approaches.

Xuemeng Song,Xiang Wang,Liqiang Nie,Xiangnan He,Zhumin Chen,Wei Liu

DOI: https://doi.org/10.1145/3209978.3209995

2018-01-01

Abstract:The booming of social networks has given rise to a large volume of user-generated contents (UGCs), most of which are free and publicly available. A lot of users' personal aspects can be extracted from these UGCs to facilitate personalized applications as validated by many previous studies. Despite their value, UGCs can place users at high privacy risks, which thus far remains largely untapped. Privacy is defined as the individual's ability to control what information is disclosed, to whom, when and under what circumstances. As people and information both play significant roles, privacy has been elaborated as a boundary regulation process, where individuals regulate interaction with others by altering the openness degree of themselves to others. In this paper, we aim to reduce users' privacy risks on social networks by answering the question of Who Can See What. Towards this goal, we present a novel scheme, comprising of descriptive, predictive and prescriptive components. In particular, we first collect a set of posts and extract a group of privacy-oriented features to describe the posts. We then propose a novel taxonomy-guided multi-task learning model to predict which personal aspects are uncovered by the posts. Lastly, we construct standard guidelines by the user study with 400 users to regularize users' actions for preventing their privacy leakage. Extensive experiments on a real-world dataset well verified our scheme.

Michael S. Hsiao,France Bélanger,Janine S. Hiller,Payal Aggarwal,Karthik Channakeshava,Kaigui Bian,Jung-Min Park

2007-01-01

Abstract:As children increasingly use the Internet, there have been mounting concerns about their privacy online. As a result, the U.S. Congress enacted the Children’s Online Privacy Protection Act (COPPA) to prohibit websites from collecting information from children under 13 years of age without verifiable parental consent. Unfortunately, few technologies are available for parents to provide this consent. Further, few parents are aware of the laws and technologies available. This research explored parental awareness of laws and technologies associated with protecting children’s privacy online, and usage of technologies and techniques for parental control, using focus group research. The results of the study are used to propose an emergent framework of factors that will impact use of privacy protection tools and techniques by parents.

Yinhao Jiang,Mir Ali Rezazadeh Baee,Leonie Ruth Simpson,Praveen Gauravaram,Josef Pieprzyk,Tanveer Zia,Zhen Zhao,Zung Le

DOI: https://doi.org/10.3390/cryptography8010005

2024-01-31

Cryptography

Abstract:The increasing use of technologies, particularly computing and communication paradigms, has significantly influenced our daily lives. Interconnecting devices and networks provides convenient platforms for information exchange and facilitates pervasive user data collection. This new environment presents serious privacy challenges. User activities can be continuously monitored in both digital and physical realms. Gathered data can be aggregated and analysed, revealing aspects of user behaviour that may not be apparent from a single data point. The very items that facilitate connectivity simultaneously increase the risk of privacy breaches. The data gathered to provide services can also be used for monitoring and surveillance. This paper discerns three novel categories of privacy concerns relating to pervasive user data collection: privacy and user activity in cyberspace, privacy in personal cyber–physical systems, and privacy in proactive user-driven data collection. We emphasise the primary challenges, ranging from identity tracking in browsing histories to intricate issues in opportunistic networks, situating each within practical, real-world scenarios. Furthermore, we assess the effectiveness of current countermeasures, investigating their strengths and limitations. This paper explores the challenges in preserving privacy in user interactions with dynamic interconnected systems and suggests countermeasures to mitigate identified privacy risks.

Yushu Zhang,Junhao Ji,Wenying Wen,Youwen Zhu,Zhihua Xia,Jian Weng

DOI: https://doi.org/10.1109/tifs.2024.3389572

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:With the widespread application of computer vision, the scenarios in terms of visual privacy have become increasingly diverse and meanwhile numerous studies have been conducted to address privacy concerns in these scenarios. However, these studies are individually tailored for specific scenarios, making their layouts challenging to be drawn upon easily. When encountering a new scenario, it takes significant additional efforts to redesign a scheme due to the low referability of previous works. To tackle this issue, we explore commonalities among existing works and propose a generalized framework to meet the demand for visual privacy protection in various scenarios. Our framework is elaborately organized into several crucial steps, including privacy definition, scenario abstraction, algorithm design, and effect evaluation. It serves as a guide for researchers to efficiently design visual privacy protection schemes. In our framework, we establish a unified standard for quantifying privacy and introduce a novel constrained optimization theory to balance privacy and usability, which contributes to a broader understanding of visual privacy protection. Furthermore, we present an instance under the guidance of the framework that can support identity protection and attribute control scenarios through a diffusion-based model. Extensive experimental results demonstrate the effectiveness of our framework.

computer science, theory & methods,engineering, electrical & electronic

Chi Liu,Tianqing Zhu,Jun Zhang,Wanlei Zhou

DOI: https://doi.org/10.1145/3547299

IF: 16.6

2022-12-24

ACM Computing Surveys

Abstract:Image sharing on online social networks (OSNs) has become an indispensable part of daily social activities, but it has also increased the risk of privacy invasion. An online image can reveal various types of sensitive information, prompting the public to rethink individual privacy needs in OSN image sharing critically. However, the interaction of images and OSN makes the privacy issues significantly complicated. The current real-world solutions for privacy management fail to provide adequate personalized, accurate, and flexible privacy protection. Constructing a more intelligent environment for privacy-friendly OSN image sharing is urgent in the near future. Meanwhile, given the dynamics in both users’ privacy needs and OSN context, a comprehensive understanding of OSN image privacy throughout the entire sharing process is preferable to any views from a single side, dimension, or level. To fill this gap, we contribute a survey of “privacy intelligence” that targets modern privacy issues in dynamic OSN image sharing from a user-centric perspective. Specifically, we present the important properties and a taxonomy of OSN image privacy, along with a high-level privacy analysis framework based on the lifecycle of OSN image sharing. The framework consists of three stages with different principles of privacy by design. At each stage, we identify typical user behaviors in OSN image sharing and their associated privacy issues. Then a systematic review of representative intelligent solutions to those privacy issues is conducted, also in a stage-based manner. The analysis results in an intelligent “privacy firewall” for closed-loop privacy management. Challenges and future directions in this area are also discussed.

computer science, theory & methods

Wei Xu,Sencun Zhu,Heng Xu

DOI: https://doi.org/10.1007/978-3-642-13708-2_31

2010-01-01

Abstract:We propose COP, a client-side system for protecting children’s online privacy and empowering parental control over children’s information disclosure with little manual effort. COP is compliant with the Children’s Online Privacy Protection Act (COPPA) in the United States and it implements acquisition of parental consent before any private information submitted online by children, e.g., registration to a Web service. Instead of restricting access to certain Web services or blocking sensitive data from websites, COP employs perturbation techniques over personal data with the goal of concealing the sensitive information while providing certain usability of the data to the websites. We address several challenges in the implementation of COP, e.g., perturbation of different types of data, parsing user input and retaining transparency to children without obstructing their normal Web surfing activities. We apply COP in registrations to 23 most popular websites. The results indicate COP’s effectiveness as a privacy protection tool. We also discuss some potential security attacks against COP’s design and provide our countermeasures.

Donia Waseem,Shijiao Chen,Zhenhua Xia,Nripendra P. Rana,Balkrushna Potdar,Khai Trieu Tran,Shijiao (Joseph) Chen,Zhenhua (Raymond) Xia

DOI: https://doi.org/10.1108/intr-01-2023-0056

IF: 5.9

2024-02-17

Internet Research

Abstract:Purpose In the online environment, consumers increasingly feel vulnerable due to firms' expanding capabilities of collecting and using their data in an unsanctioned manner. Drawing from gossip theory, this research focuses on two key suppressors of consumer vulnerability: transparency and control. Previous studies conceptualize transparency and control from rationalistic approaches that overlook individual experiences and present a unidimensional conceptualization. This research aims to understand how individuals interpret transparency and control concerning privacy vulnerability in the online environment. Additionally, it explores strategic approaches to communicating the value of transparency and control. Design/methodology/approach An interpretivism paradigm and phenomenology were adopted in the research design. Data were collected through semi-structured interviews with 41 participants, including consumers and experts, and analyzed through thematic analysis. Findings The findings identify key conceptual dimensions of transparency and control by adapting justice theory. They also reveal that firms can communicate assurance, functional, technical and social values of transparency and control to address consumer vulnerability. Originality/value This research makes the following contributions to the data privacy literature. The findings exhibit multidimensional and comprehensive conceptualizations of transparency and control, including user, firm and information perspectives. Additionally, the conceptual framework combines empirical insights from both experiencers and observers to offer an understanding of how transparency and control serve as justice mechanisms to effectively tackle the issue of unsanctioned transmission of personal information and subsequently address vulnerability. Lastly, the findings provide strategic approaches to communicating the value of transparency and control.

computer science, information systems,telecommunications,business

Wenqiang Ruan,Mingxin Xu,Haoyang Jia,Zhenhuan Wu,Lushan Song,Weili Han

DOI: https://doi.org/10.1109/msec.2021.3078218

IF: 3.105

2021-01-01

IEEE Security & Privacy

Abstract:Personal information (PI) is valuable to web-based service providers, but its mishandling can be costly due to emerging laws. This article identifies nine legal requirements for privacy compliance in five stages of PI handling and discusses potential technical solutions.

James Taylor,Jane Henriksen-Bulmer,Cagatay Yucel

DOI: https://doi.org/10.3390/electronics13122263

IF: 2.9

2024-06-10

Electronics

Abstract:Following a series of legislative changes around privacy over the past 25 years, this study highlights data protection regulations and the complexities of applying these frameworks. To address this, we created a privacy framework to guide organisations in what steps they need to undertake to achieve compliance with the UK GDPR, highlighting the existing privacy frameworks for best practice and the requirements from the Information Commissioners Office. We applied our framework to a UK charity sector; to account for the specific nuances that working in a charity brings, we worked closely with local charities to understand their requirements, and interviewed privacy experts to develop a framework that is readily accessible and provides genuine value. Feeding the results into our privacy framework, a decision tree artefact has been developed for compliance. The artefact has been tested against black-box tests, System Usability Tests and UX Honeycomb tests. Results show that Privacy Essentials! provides the foundation of a data protection management framework and offers organisations the catalyst to start, enhance, or even validate a solid and effective data privacy programme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jianning Geng,Lin Liu,Barrett R. Bryant

DOI: https://doi.org/10.1145/1809100.1809109

2010-01-01

Abstract:Privacy policies which are stated by the service provider are intended to convey to the users the information how their personal data will be protected. Thus, letting the user understand the privacy policy and trust the service provider is a crucial task. This paper proposes a personalized privacy management framework with which users can participate in the privacy management. Existing privacy policies are analyzed and improved. Within this framework, the privacy policy can not only be regulated, but also can be easily understood by users at a glance.

Zude Li,Xiaojun Ye

DOI: https://doi.org/10.4018/jisp.2008100101

2008-01-01

International Journal of Information Security and Privacy

Abstract:This article introduces a formal study on access-unrestricted data anonymity. It includes four aspects: (1) analyzes the impacts of anonymity on data usability; (2) quantitatively measures privacy disclosure risks in practical environment; (3) discusses the factors resulting in privacy disclosure; and (4) proposes the improved anonymity solutions within typical k-anonymity model, which can effectively prevent privacy disclosure that is related with the published data properties, anonymity principles, and anonymization rules. With the experiments, the authors have proven the existence of these potential privacy inference violations as well as the enhanced privacy effect by the new anti-inference policies for access-unrestricted data publication.

Bailing Liu,Paul A. Pavlou,Xiufeng Cheng

DOI: https://doi.org/10.1287/isre.2021.1045

IF: 4.9

2022-03-01

Information Systems Research

Abstract:Companies face a trade-off between creating stronger privacy protection policies for consumers and employing more sophisticated data collection methods. Justice-driven privacy protection outlines a method to manage this trade-off. We built on the theoretical lens of justice theory to integrate justice provision with two key privacy protection features, negotiation and active-recommendation, and proposed an information technology (IT) solution to balance the trade-off between privacy protection and consumer data collection. In the context of mobile banking applications, we prototyped a theory-driven IT solution, referred to as negotiation, active-recommendation privacy policy application, which enables customer service agents to interact with and actively recommend personalized privacy policies to consumers. We benchmarked our solution through a field experiment relative to two conventional applications: an online privacy statement and a privacy policy with only a simple negotiation feature. The results showed that the proposed IT solution improved consumers’ perceived procedural justice, interactive justice, and distributive justice and increased their psychological comfort in using our application design and in turn reduced their privacy concerns, enhanced their privacy awareness, and increased their information disclosure intentions and actual disclosure behavior in practice. Our proposed design can provide consumers better privacy protection while ensuring that consumers voluntarily disclose personal information desirable for companies.

information science & library science,management

Jaseff Raziel Yauri Miranda

DOI: https://doi.org/10.1080/23745118.2018.1542771

2018-11-04

European Politics and Society

Abstract:Digital personal data could be used in different ways to administrate populations, as in the case of commercial exploitation and surveillance to regulate individuals’ preferences and behavior. In that sense, this article questions whether accountability can transform this kind of usage in two fronts: (a) to guarantee a certain degree of privacy and individual autonomy, and, (b) to replenish the asymmetries of power between personal data subjects and data processors. In order to do so, we analyze the accountability of personal data in three domains at European Level: state-rooted regulations, market principles, and civic agency strategies. The conclusion explores new forms to redefine the use of personal data through the production, consumption, and control of this information, analyzing the limits and potentials of accountability in each domain.

English Else

Malik Imran-Daud

DOI: https://doi.org/10.48550/arXiv.1612.09527

2016-12-30

Cryptography and Security

Abstract:Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e.g., corporate, individuals etc.) by hosting customized user applications and systems, providing ubiquitous access to the shared resources and requiring less administrative efforts; as a result, they enable users and companies to increase their productivity. Unfortunately, sharing of resources in open environments has significantly increased the privacy threats to the users. Indeed, shared electronic data may be exploited by third parties, such as Data Brokers, which may aggregate, infer and redistribute (sensitive) personal features, thus potentially impairing the privacy of the individuals. A way to palliate this problem consists on controlling the access of users over the potentially sensitive resources. Specifically, access control management regulates the access to the shared resources according to the credentials of the users, the type of resource and the privacy preferences of the resource/data owners. The efficient management of access control is crucial in large and dynamic environments. Moreover, in order to propose a feasible and scalable solution, we need to get rid of manual management of rules/constraints (in which most available solutions rely) that constitutes a serious burden for the users and the administrators. Finally, access control management should be intuitive for the end users, who usually lack technical expertise, and they may find access control mechanism more difficult to understand and rigid to apply due to its complex configuration settings.

LI Feng-hua,LI Hui,JIA Yan,YU Neng-hai,WENG Jian

DOI: https://doi.org/10.11959/j.issn.1000-436x.2016078

2016-01-01

Abstract:s: With the widespread application of mobile Internet, cloud computing and big data technologies, people enjoy the convenience of electronic business, information retrieval, social network and other services, whereas the threats of privacy leaks are ever growing due to the use of big data analytics. The differences of privacy protection strategy and ability in different systems bring more difficulties in privacy extended management. In addition, the requirements of pro-tecting the same information at different time need the combination of various privacy protection schemes. However, nearly all the current privacy protection schemes are ing at a single case, which lacks systematic and quantized pri-vacy characterization. Furthermore, there is no systematic computing model describing the relationship between the pro-tection level, profit and loss of privacy leaks and the complexity of integrated privacy protection methods. Based on the analysis on the research status of privacy protection, the concept and connotation of privacy computing is proposed and defined. Then the privacy computing research category will be discussed from the whole life cycle of information privacy protection. Finally, some research directions of privacy computing are given, including privacy computing model, context adaptive cryptology for privacy protection, big data a lytics resisted privacy control and protection, privacy protection based on information hiding and system architecture for high concurrent privacy preserving services.

Guangdong Bai,Lin Yan,Liang Gu,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1002/sec.424

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:The Web of Things (WoT), inherited from the Internet of Things (IoT), encapsulates functionalities into publishable services on the Web to enable the IoT a seamless integration with the Web. The openness of the Web, in turn, directly exposes WoT to existing attacks from the Web. In addition, WoT possesses characteristics of high security and privacy concerns, mobility, and limited capabilities, which require specific and additional security and privacy protection beyond existing mechanisms. More importantly, WoT is inherently connected to its context, so context information must be taken into account in its security and privacy measures. To address these challenges, we propose a context-aware usage control model (ConUCON), which leverages the context information to enhance data, resource, and service protection for WoT. On the basis of ConUCON, we also design and implement a context-aware usage control framework on the middleware layer in our ongoing SmartHome project, to provide security and privacy protection. ConUCON is designed specifically to express the context-aware usage policy specification, such that security and privacy requirements can be easily specified and enforced with the proposed model and framework. Finally, we apply ConUCON to a remote appliance management prototype, as a case study, to demonstrates its feasibility in a real environment. Copyright © 2012 John Wiley & Sons, Ltd.