Incognito

Masood, Rahat; Vatsalan, Dinusha; Ikram, Muhammad; Kâafar, Mohamed Ali

doi:10.1145/3178876.3186093

Cited by 18 publications

(11 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, such settings may be confusing for novice users, leading them to involuntarily expose themselves to privacy risks. Throughout this paper, we consider Privacy Risk as defined by Masood et al [27]. A user's privacy is at risk when his or her Web data is distinguishable from other users, has little or no diversity, or is linkable to an individual with high confidence based on the user's Personal Identifiable Information (PII).…”

Section: Motivation and Threat Modelmentioning

confidence: 99%

“…We collect human judgment regarding the sensitivity of 1080 input texts (randomly collected from Reddit and AOL Search Log) using Amazon Mechanical Turk (AMT) 6 . We select input texts belonging to the following topics: politics, religious affairs, legal problems, healthy lifestyle, pets, smoking, and cancer, as per the studies of Biega et al [5] and Masood et al [27]. These texts are between 7 and 35 words long with an average of 16.3 words.…”

Section: Aquilis Accuracymentioning

confidence: 99%

“…We then develop a labelled privacy dataset of over 1000 input texts that considers the privacy risk relative to the exposure level of three applications. On this dataset, Aquilis significantly outperforms state-of-the-art methods (F1 score 8% higher than Incognito [27], 15% higher than R-sensitivity [5], and 40% higher than Entropy [42]) as it is the first solution that considers the exposure level of the application in the privacy risk. Finally, we conclude with a user experiment on 35 participants with high technological literacy and privacy awareness to evaluate the objective (difference between participants and Aquilis estimation of the privacy risk) and subjective accuracy (how much participants agree with Aquilis' recommendations).…”

Section: Introductionmentioning

confidence: 97%

“…There have been many studies on improving the privacy of users online through obfuscation methods. Masood et al [27] propose Incognito, a method for Web data risk prediction combined with an obfuscation technique to protect the users' privacy by adding noise to the data. VACCINE [46] proposes a design methodology for data leakage prevention based on the theory of contextual integrity (CI).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Aquilis

Kumar

Braud

Kwon

et al. 2020

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

Smartphones are nowadays the dominant end-user device. As a result, they have become gateways to all users' communications, including sensitive personal data. In this paper, we present Aquilis, a privacy-preserving system for mobile platforms following the principles of contextual integrity to define the appropriateness of an information flow. Aquilis takes the form of a keyboard that reminds users of potential privacy leakages through a simple three-colour code. Aquilis considers the instantaneous privacy risk related to posting information (Local Sensitivity), the risk induced by repeating information over time (Longitudinal Sensitivity) and on different platforms (Cross-platform Sensitivity). Considering 50% of Aquilis warnings decreases the proportion of inappropriate information by up to 30%. Repeating information over time or in a broader exposure context increases the risk by 340% in a one-to-one context. We develop our own labeled privacy dataset of over 1000 input texts to evaluate Aquilis' accuracy. Aquilis significantly outperforms other state-of-the-art methods (F-1-0.76). Finally, we perform a user study with 35 highly privacy-aware participants. Aquilis privacy metric is close to users' privacy preferences (average divergence of 1.28/5). Users found Aquilis useful (4.41/5), easy to use (4.4/5), and agreed that Aquilis improves their online privacy awareness (4.04/5).

show abstract

Section: Motivation and Threat Modelmentioning

confidence: 99%

Section: Aquilis Accuracymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Aquilis

Kumar

Braud

Kwon

et al. 2020

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

show abstract

“…With the above in mind, we then proceed to inspect if suspicious or even potentially malicious third-parties are loaded via these long dependency chains (Section 4). We do not limit this to just traditional malware, but also include third-parties that are known to mishandle user data and risk privacy leaks [5,8,16,41,43,52]. Example threats include the re-identification of users in the anonymised AOL search histories, the Netflix training data that was attacked, and the Massachusetts hospital discharge data [16,43,52].…”

Section: Introductionmentioning

confidence: 99%

Measuring and Analysing the Chain of Implicit Trust

Ikram

Masood

Tyson

et al. 2020

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware.

show abstract

Tracking and Personalization

Masood

Berkovsky

Kâafar

2021

Modern Socio-Technical Perspectives on Privacy

Self Cite

View full text Add to dashboard Cite

This chapter studies the relationship between two important, often conflicting paradigms of online services: personalization and tracking. The chapter initially focuses on the categories and levels of online personalization, briefly overviewing algorithmic methods applied to achieve these. Then, the chapter turns to online tracking specific to mobile and web technologies, as well as the more advanced behavioral tracking. Following this, the chapter ties the streams of personalization and tracking together and discusses various aspects of their relationships, including the currently deployed tracking methods for personalization. Privacy implications of personalization via online tracking, highlighted by organizations and researchers, are also illustrated. Lastly, this chapter discusses the ways to balance personalization benefits and privacy concerns. This includes the state-of-the-art practices, current challenges, and practical recommendations for system developers willing to strike this balance.

show abstract

Incognito

Cited by 18 publications

References 32 publications

Aquilis

Aquilis

Measuring and Analysing the Chain of Implicit Trust

Tracking and Personalization

Contact Info

Product

Resources

About