SLIDE 1
Data-Driven
Hamza Harkous, Rameez Rahman, Karl Aberer
Privacy Indicators
EPFL, Switzerland
Workshop on Privacy Indicators, SOUPS 2016Permissions in 3rd Party Apps
Android Facebook
Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl - - PowerPoint PPT Presentation
Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl - - PowerPoint PPT Presentation
Data-Driven Privacy Indicators Hamza Harkous , Rameez Rahman, Karl Aberer EPFL, Switzerland Workshop on Privacy Indicators, SOUPS 2016 Permissions in 3rd Party Apps Facebook Android 2 Permissions in 3rd Party Apps 11/26/2015 Request for
SLIDE 2 2
SLIDE 3 3
Permissions in 3rd Party Apps
Dropbox
11/26/2015 Request for Permission https://accounts.google.com/o/oauth2/auth?client_id=372897164722-ssp2tb8m4sgvhn2s15jtt8dtuhtocbsi.apps.googleusercontent.com&scope=https%3A%2F%2… 1/1 Allow Deny Pdf Merger would like to: View and manage Google Drive files and folders that you have opened or created with this app View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time.Google Drive
SLIDE 4 3
Permissions in 3rd Party Apps
Dropbox
Allow Deny Pdf Merger would like to: View and manage Google Drive files and folders that you have opened or created with this app View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time.Google Drive
SLIDE 5 3
Permissions in 3rd Party Apps
Dropbox
Allow Deny Pdf Merger would like to: View and manage Google Drive files and folders that you have opened or created with this app View and manage the files in your Google Drive By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time.Google Drive
Challenges
One size fits all Habituation effects Different from user expectations
SLIDE 6 4
Data-Driven Privacy Indicators (DDPIS)
Dynamic indicators as a function of users’ data
SLIDE 7 4
Data-Driven Privacy Indicators (DDPIS)
Dynamic indicators as a function of users’ data
Service provider delivers insights that help users make privacy-aware decisions.
SLIDE 8 5
Focus on 3rd Party Cloud Apps
SLIDE 9 6
Your Files
CSPs 3rd party apps Files
SLIDE 10 7
Problem 1: Dealing with App Over-privilege
SLIDE 11 8
Dealing with App Over-privilege
64%
- f 3rd party apps request
more data than needed*
*H. Harkous, R. Rahman, B. Karlas, and K. Aberer. "The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps", PoPETs SLIDE 12
ZIP Extractor wants to:
Current Interface
View your basic profile info View your email address View and manage Google Drive files and folders that you have opened or created with this app. View the files in your Google Drive
9per-file access full access
SLIDE 13
ZIP Extractor wants to:
View your basic profile info View your email address View and manage Google Drive files and folders that you have opened or created with this app. View the files in your Google Drive
- btain permissions it needs to function
- btain permissions it doesn't need
SLIDE 14
ZIP Extractor wants to:
View your basic profile info View your email address View and manage Google Drive files and folders that you have opened or created with this app. View the files in your Google Drive
- btain permissions it needs to function
- btain permissions it doesn't need
Labelling
9 SLIDE 15 10
privyseal.epfl.ch
SLIDE 16
Immediate Insights (examples) from your Data 1- Immediate Insights
10 privyseal.epfl.ch SLIDE 17 11
They tell the app that you have the below image, named ‘brithday21.jpg':
2- Immediate Insights 1- Immediate Insights
privyseal.epfl.ch SLIDE 18 12
They tell the app that you have an image, named ‘dinner.jpg’ , which was captured at this location:
2- Immediate Insights 1- Immediate Insights
privyseal.epfl.ch SLIDE 19
Far-reaching Insights from your Data 2- Far-reaching Insights
13 privyseal.epfl.ch SLIDE 20
Far-reaching Insights from your Data 2- Far-reaching Insights
13 privyseal.epfl.ch SLIDE 21 14
…with Entities/Concepts/Topics 3- Far-reaching Insights 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 22 15
…Sentiments 3- Far-reaching Insights 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 23 16
…Top Collaborators 3- Far-reaching Insights 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 24 17
…Shared Interests 3- Far-reaching Insights 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 25 18
3- Far-reaching Insights …Faces with Context 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 26 19
3- Far-reaching Insights …Faces on Map 2- Far-reaching Insights
privyseal.epfl.ch SLIDE 27 20
Inefficacy of Baseline Permissions
16% 23% 39% Baseline Immediate Far-reaching
Acceptance Likelihood
(Percentage of users who would still accept over-privileged apps)
- Online experiment
- Actual user’s data
- 160 participants in 3 groups
- GLMMs for significance tests
SLIDE 28 21
The Power of Relational Insights
<
They tell the app that you have the below image, named ‘brithday21.jpg':Acceptance Likelihood
SLIDE 29 22
Impact of Face Recognition
<
Acceptance Likelihood
8% 21%
SLIDE 30 23
Problem 2: Minimizing Interdependent Privacy
SLIDE 31 Company 1 Company 2 Company 3 Company 4 Company 5 Company 6
24
SLIDE 32 Company 1 Company 2 Company 3 Company 4 Company 5 Company 6
Too Many Shareholders → Larger Attack Surface
24 SLIDE 33
Company 1 Company 2 Company 3
25 SLIDE 34
Company 1 Company 2 Company 3
Fewer Shareholders → Better Privacy
25 SLIDE 35 26
History-based Insights
Keep data with a minimum number of vendors When possible, install apps from vendors that already have access to your data, either directly or from collaborators.
SLIDE 36 27
Baseline Permission Model
SLIDE 37 28
History-based (HB) Insights Model
SLIDE 38 29
Findings
SLIDE 39 30
Superiority of the HB Insights
75-84% 42-56% Baseline History-based
(Percentage of users who would favor the app with existing access to their data)
- Online experiment (CrowdFlower)
- Role-playing scenario
- 141 participants in 2 groups
- Fisher’s test for significance
SLIDE 40 31
User Motivations
cross-app compatibility interface familiarity satisfaction with the previous vendor
SLIDE 41 31
User Motivations
cross-app compatibility interface familiarity satisfaction with the previous vendor
Users’ data can be used to highlight the other advantages of taking privacy-aware decisions
SLIDE 42 32
Further Applications of DDPIs
SLIDE 43 33
Extensions of FR and HB Insights
mobile/social networking platforms browser extensions (visualize browser history contents) visualize the power of 4th party ad providers
SLIDE 44 34
New DDPIs
consequences of privacy settings how others view my encrypted data visualize which of the user’s apps still operate with encryption
SLIDE 45 35
Post-installation Scenario
insights based on downloaded files insights based on accessed location*
* H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. CHI 2015 SLIDE 46
Limitations
36 SLIDE 47 37
The Business Case
The provider is interested in strengthening the ecosystem Could privacy be the selling point?
SLIDE 48 38
The Economic Cost
extra computational cost data analysis already run for other purposes (e.g. search)
SLIDE 49 39
Usability Challenges
How to stay minimize information overload? How to prioritize messages when multiple optimizations are possible?
SLIDE 50 40
DDPIS Privacy Assistants
What’s Next?
SLIDE 51 41
Questions/Feedback?
hamza.harkous@gmail.com hamzaharkous.com
SLIDE 52 42
Image/Media Credits
Markus Magnusson: slide 8 David Holm: slide 24 Freepik: slide 23 Fab Design: slide 41