Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12

Jun, Tang; Korolova, Aleksandra; Bai, Xiaolong; Wang, Xueqiang; Wang, Xiaofeng

doi:10.48550/arxiv.1709.02753

Cited by 85 publications

(83 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, this question is linked to the problem of how to establish the value of . Researchers have debated how to choose this value since the introduction of differential privacy, and there have been several proposals [2,9,13,19]. In particular, [13] showed that the privacy protection level by an arbitrary can be infringed by inference attacks, and it proposed a method for setting based on the posterior belief.…”

Section: Related Workmentioning

confidence: 99%

Establishing the Price of Privacy in Federated Data Trading

Jung,

Biswas,

Palamidessi

2021

Preprint

View full text Add to dashboard Cite

Personal data is becoming one of the most essential resources in today's information-based society. Accordingly, there is a growing interest in data markets, which operate data trading services between data providers and data consumers. One issue the data markets have to address is that of the potential threats to privacy. Usually some kind of protection must be provided, which generally comes to the detriment of utility. A correct pricing mechanism for private data should therefore depend on the level of privacy. In this paper, we propose a model of data federation in which data providers, who are, generally, less influential on the market than data consumers, form a coalition for trading their data, simultaneously shielding against privacy threats by means of differential privacy. Additionally, we propose a technique to price private data, and an revenue-distribution mechanism to distribute the revenue fairly in such federation data trading environments. Our model also motivates the data providers to cooperate with their respective federations, facilitating a fair and swift private data trading process. We validate our result through various experiments, showing that the proposed methods provide benefits to both data providers and consumers.

show abstract

Section: Related Workmentioning

confidence: 99%

Establishing the Price of Privacy in Federated Data Trading

Jung,

Biswas,

Palamidessi

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Erlingsson et al 2014), Apple (e.g. Tang et al 2017), Microsoft (e.g. Ding et al 2017), and pressure from regulatory bodies (e.g.…”

Section: Introductionmentioning

confidence: 99%

On robustness and local differential privacy

Li¹,

Berrett²,

Chen³

2022

Preprint

View full text Add to dashboard Cite

It is of soaring demand to develop statistical analysis tools that are robust against contamination as well as preserving individual data owners' privacy. In spite of the fact that both topics host a rich body of literature, to the best of our knowledge, we are the first to systematically study the connections between the optimality under Huber's contamination model and the local differential privacy (LDP) constraints.In this paper, we start with a general minimax lower bound result, which disentangles the costs of being robust against Huber's contamination and preserving LDP. We further study three concrete examples: a two-point testing problem, a potentially-diverging mean estimation problem and a nonparametric density estimation problem. For each problem, we demonstrate procedures that are optimal in the presence of both contamination and LDP constraints, comment on the connections with the state-of-the-art methods that are only studied under either contamination or privacy constraints, and unveil the connections between robustness and LDP via partially answering whether LDP procedures are robust and whether robust procedures can be efficiently privatised. Overall, our work showcases a promising prospect of joint study for robustness and local differential privacy.

show abstract

“…As more data is collected, analyzed, and published by researchers, companies, and government agencies, concerns about the privacy of the participating individuals have become more prominent (Lane et al, 2014). While there have been many methods of statistical disclosure control to combat this problem (Hundepool et al, 2012), differential privacy (DP) (Dwork et al, 2006) has arisen as the state-of-the-art framework for privacy protection, and is currently being implemented by Google (Erlingsson et al, 2014), Apple (Tang et al, 2017), Microsoft (Ding et al, 2017), and the US Census (Abowd, 2018). Differential privacy is based on a notion of plausible deniability, and requires the introduction of additional noise, beyond sampling, into the analysis procedure.…”

Section: Introductionmentioning

confidence: 99%

Privacy-Aware Rejection Sampling

Awan¹,

Rao²

2021

Preprint

View full text Add to dashboard Cite

Differential privacy (DP) offers strong theoretical privacy guarantees, but implementations of DP mechanisms may be vulnerable to side-channel attacks, such as timing attacks. When sampling methods such as MCMC or rejection sampling are used to implement a mechanism, the runtime can leak privacy. We characterize the additional privacy cost due to the runtime of a rejection sampler in terms of both ( , δ)-DP as well as f -DP. We also show that unless the acceptance probability is constant across databases, the runtime of a rejection sampler does not satisfy -DP for any . We show that there is a similar breakdown in privacy with adaptive rejection samplers. We propose three modifications to the rejection sampling algorithm, with varying assumptions, to protect against timing attacks by making the runtime independent of the data. The modification with the weakest assumptions is an approximate sampler, introducing a small increase in the privacy cost, whereas the other modifications give perfect samplers. We also use our techniques to develop an adaptive rejection sampler for log-Hölder densities, which also has data-independent runtime. We give several examples of DP mechanisms that fit the assumptions of our methods and can thus be implemented using our samplers.

show abstract

Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12

Cited by 85 publications

References 10 publications

Establishing the Price of Privacy in Federated Data Trading

Establishing the Price of Privacy in Federated Data Trading

On robustness and local differential privacy

Privacy-Aware Rejection Sampling

Contact Info

Product

Resources

About