Geotagging in social media : exploring the privacy paradox

Menfors, Martina, Fernstedt, Felicia

January 2015

Increasingly, online social media networks allow users to use geotagging. This method of adding location data to various content shared in real time has introduced privacy related issues and threats to the users of such networks. Previous research present opposing findings on whether users actually care about their location privacy or not, and it has also been shown that users often display a behaviour inconsistent with their concerns. When asked, users tend to report high privacy concerns, but in contrast, they will then not let their privacy concerns affect or limit their behaviour online; the privacy paradox is a description of this dichotomy. The problem, however, is not only that location privacy seems to be a paradoxical issue; the sharing of location data provides users with new possibilities that can potentially have negative consequences for them, such as someone else being able to identify one’s identity, home location, habits or other sensitive information. Social media network users communicate that a part of this is due to the lack of control over which information they share, with whom and where.This study employs a qualitative method, using unstructured interviews in a pre-study and a self-completion questionnaire. The purpose of the study is to examine and gain a better understanding of how the privacy paradox can help to better explain users’ location data disclosure preferences in the context of social media networking, and to help social media network developers in order to reduce privacy-related issues in social media networking applications with geotagging capabilities. The findings indicate that the paradox indeed is evident in user’s stated geotagging behaviour, and that users are slightly more worried about their location privacy than their overall online privacy. The conclusions offer a couple of different explanations for the paradox, and we argue that the contradiction of the paradox can be seen as a constant trade-off between benefits and risks of geotagging. We also give some examples of such advantages and disadvantages.

Location Data Privacy

Geotagging

Geo-social Networks (GeoSNs)

Privacy Paradox

Privacy concerns

Computer and Information Sciences

Data- och informationsvetenskap

Public Awareness of Data Privacy and its Effects

Sichel, Grant

04 May 2021

No description available.

Artificial Intelligence

Computer Science

computer science

data privacy

public opinion

artificial intelligence

browser cookies

internet of things

data collection

Fighting the Biggest Lie on the Internet : Improving Readership of Terms of Service and Privacy Policies

Ziegenbein, Marius-Lukas

January 2022

When joining a new service, in order to access its features, users are often required to accept the terms of service and privacy policy. However, the readership of these documents is mostly non-existent, leaving an information asymmetry, the imbalance of knowledge between two parties. Due to this, users are sacrificing their online data privacy without being aware of the consequences. The purpose of this work is to investigate the readership of terms of service and privacy policies among users of social media services. We implemented a prototype called ‘ShareIt’, which resembles a photo-sharing platform to gain insight about readership, behavior and effectiveness of our adjusted presentations of terms of service and privacy policies in regard to readership and comprehension. We conducted a survey experiment using the prototype with 31 participants and concluded, that 80,6% of our participants did not spend more than ten seconds in our terms of serviceand privacy policy. The observed behavior suggests, that social media users are used to sharing information on the internet which in addition to their trust towards online services leads to the aforementioned low readership. We presented adjustments to the presentation of terms of service and privacy policies which showed a slight tendency of higher engagement in comparison to the current way of accessing these documents. This result however, due to the lack of readership examined for our participants, has to remain debatable and needs further investigation.

Readership

data privacy

terms of service

privacy policy

social media

survey research

prototype

user behavior

Information Systems

[pt] O DESIGN DE INTERFACE COMO FACILITADOR NA COMUNICAÇÃO DO PROCESSO DE TRATAMENTO DE DADOS DIGITAIS DOS USUÁRIOS / [en] THE ROLE OF INTERFACE DESIGN AS AN ENABLER IN THE COMMUNICATION OF PERSONAL DATA PROCESSING

ANA LUIZA CASTRO GERVAZONI

30 October 2023

[pt] A adoção de modelos de inteligência artificial está alterando a relação entre organizações e consumidores e o volume de produtos digitais dependentes de dados pessoais cresce a cada dia. As políticas de privacidade são o principal instrumento de informação do cidadão sobre como suas informações serão tratadas por empresas com as quais se relaciona. Porém, atualmente, as interfaces destes instrumentos não comunicam de forma objetiva suas informações. O presente estudo demonstra que a aplicação de diretrizes de design nas políticas de privacidade promove uma experiência mais satisfatória e uma aquisição de informação mais rápida de seu conteúdo pelos usuários. A metodologia do estudo abarcou uma revisão bibliográfica, pesquisa documental, adaptação da escala Internet Users’ Information Privacy Concerns, teste de usabilidade e análise de conteúdo. Literaturas de direito e design foram relacionadas para identificar requisitos legais que poderiam ser melhor atendidos por meio do design, o nível de preocupação com a privacidade dos participantes foi verificado e um teste comparativo de usabilidade foi conduzido. Uma réplica da política do Facebook foi comparada à nova proposta, que contava com elementos que representavam diretrizes de design. Os dados mostraram redução no tempo para localização de informações e na taxa de erro entre os usuários que acessaram a nova proposta, assim como maior frequência de declarações positivas a respeito desta versão. A pesquisa contribui para a ampliação do conhecimento sobre a influência do design de interface na construção destes instrumentos ao esclarecer que a consideração de boas práticas deste campo facilita a aquisição de informação. / [en] The use of artificial intelligence models is changing the relationship between organizations and consumers, and the volume of digital products dependent on personal data is growing every day. Privacy policies are the primary tool for informing citizens about how their information will be handled by companies with which they interact. However, currently, the interfaces of these instruments do not objectively communicate their information. The present study demonstrates that the application of design guidelines in privacy policies promotes a more satisfactory experience and faster user acquisition of information from its content. The study methodology encompassed a bibliographical review, documentary research, adjustment of the Internet Users Information Privacy Concerns scale, usability testing, and content analysis. Literature from law and design fields could be interconnected to identify legal requirements that could be addressed more effectively through design, the level of privacy concern of the study s participants was verified, and a comparative usability test was conducted. A replica of Facebook s policy was compared to a new interface, which included elements that represented design guidelines. The data showed a reduction in the time to find information, the error rate among users who accessed the new proposal, and a higher frequency of positive statements regarding this version. This research enhances the understanding of how interface design affects the creation of such instruments by showing that following best practices in this area facilitates information acquisition.

[pt] DESIGN DE INTERFACE

[pt] USABILIDADE MOVEL

[pt] POLITICAS DE PRIVACIDADE

[pt] PRIVACIDADE DE DADOS

[en] INTERFACE DESIGN

[en] MOBILE USABILITY

[en] PRIVACY POLICY

[en] DATA PRIVACY

Artificial Integrity: Data Privacy and Corporate Responsibility in East Africa

Hansson, Ebba

January 2023

While digital connectivity in East Africa is quickly increasing, the region is underregulated regarding data protection regulations. Moreover, many existing laws are more state-interest-focused than human rights-based. When comprehensive regulations are not in place, more significant regulatory pressure is put on the actors operating in the tech market. Theoretically and conceptually, this accountability can be described through conceptual models such as Corporate Social Responsibility (CSR) and Corporate Digital Responsibility (CDR).  Organisations use the two frameworks to map and manage their impact on society from an economic, environmental, and societal perspective. While CSR deals with their effects from a more general point of view, CDR has recently emerged in the business ethics discourse to discuss the ethical considerations evolving from the exponential growth of digital technologies and data.     Through a multiple case study design, the main objective of this study was to provide practical insight into how actors manage data privacy-related issues in East Africa. Furthermore, the aim was also to evaluate the existing barriers that prevent the actors from fully implementing higher data responsibility ambitions.   The results reveal that the observed actors are aware of the existing risks and mature enough to develop a comprehensive data responsibility agenda. However, there seems to be a gap between developing the policies and implementing them in practice. The lack of context-adjusted approaches to the CSR/CDR-related guidelines and actions can explain the gap.

CDR

CSR

Data Privacy

Digital Rights

East Africa

Övrig annan teknik

Anonymizing Faces without Destroying Information

Rosberg, Felix

January 2024

Anonymization is a broad term. Meaning that personal data, or rather data that identifies a person, is redacted or obscured. In the context of video and image data, the most palpable information is the face. Faces barely change compared to other aspect of a person, such as cloths, and we as people already have a strong sense of recognizing faces. Computers are also adroit at recognizing faces, with facial recognition models being exceptionally powerful at identifying and comparing faces. Therefore it is generally considered important to obscure the faces in video and image when aiming for keeping it anonymized. Traditionally this is simply done through blurring or masking. But this de- stroys useful information such as eye gaze, pose, expression and the fact that it is a face. This is an especial issue, as today our society is data-driven in many aspects. One obvious such aspect is autonomous driving and driver monitoring, where necessary algorithms such as object-detectors rely on deep learning to function. Due to the data hunger of deep learning in conjunction with society’s call for privacy and integrity through regulations such as the General Data Protection Regularization (GDPR), anonymization that preserve useful information becomes important. This Thesis investigates the potential and possible limitation of anonymizing faces without destroying the aforementioned useful information. The base approach to achieve this is through face swapping and face manipulation, where the current research focus on changing the face (or identity) while keeping the original attribute information. All while being incorporated and consistent in an image and/or video. Specifically, will this Thesis demonstrate how target-oriented and subject-agnostic face swapping methodologies can be utilized for realistic anonymization that preserves attributes. Thru this, this Thesis points out several approaches that is: 1) controllable, meaning the proposed models do not naively changes the identity. Meaning that what kind of change of identity and magnitude is adjustable, thus also tunable to guarantee anonymization. 2) subject-agnostic, meaning that the models can handle any identity. 3) fast, meaning that the models is able to run efficiently. Thus having the potential of running in real-time. The end product consist of an anonymizer that achieved state-of-the-art performance on identity transfer, pose retention and expression retention while providing a realism. Apart of identity manipulation, the Thesis demonstrate potential security issues. Specifically reconstruction attacks, where a bad-actor model learns convolutional traces/patterns in the anonymized images in such a way that it is able to completely reconstruct the original identity. The bad-actor networks is able to do this with simple black-box access of the anonymization model by constructing a pair-wise dataset of unanonymized and anonymized faces. To alleviate this issue, different defense measures that disrupts the traces in the anonymized image was investigated. The main take away from this, is that naively using what qualitatively looks convincing of hiding an identity is not necessary the case at all. Making robust quantitative evaluations important.

Anonymization

Data Privacy

Generative AI

Reconstruction Attacks

Deep Fakes

Facial Recognition

Identity Tracking

Biometrics

Signal Processing

Signalbehandling

Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems

Iwaya, Leonardo H

January 2016

Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data. / Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance.

Mobile health

information security

data privacy

data collection

personal health data

Computer and Information Sciences

Data- och informationsvetenskap

Telecommunications

Telekommunikation

Computer Sciences

Datavetenskap (datalogi)

Composing DaaS web services : application to eHealth / Composition des services web DaaS : application à l'eSanté

Barhamgi, Mahmoud

08 October 2010

Dans cette thèse, nous intéressons à l'automatisation de la composition de service Web d'accès aux données (i.e. DaaS Data-gs-g-S..ervice Web services) pour les besoins de partage de données dans les environnements distribués. La composition de service Web permet de répondre aux besoins d'un utilisateur ne pouvant être satisfaits par un seul Web service, alors qu'une intégration de plusieurs le permettrait. La motivation principale de notre travail est que les méthodes de composition, telles qu'elles sont appliquées aux services Web traditionnels (i.e. AaaS Application-as-a-Service Web services), ne permettent pas de prendre en compte la relation sémantique entre les entrées/sorties d'un service Web d'accès aux données, et en conséquence, elles ne sont pas adaptées pour composer les services Web d'accès aux données. Dans ce travail de thèse, nous proposons d'exploiter les principes de base des systèmes d'intégration des données pour composer les services Web d'accès aux données. Plus précisément, nous modélisons les services Web d'accès aux données comme des vues sur des ontologies de domaine. Cela permet de représenter la sémantique d'un service d'une manière déclarative en se basant sur des concepts et des relations dont les sémantiques sont formellement définies dans l'ontologie de domaine. Ensuite, nous utilisons les techniques de réécriture des requêtes pour sélectionner et composer automatiquement les services pour répondre aux requêtes des utilisateurs. Comme les services Web d'accès aux données peuvent être utilisés pour accéder à des données sensibles et privées, nous proposons également un mécanisme basé sur la modification des requêtes pour préserver la confidentialité des données. Ce mécanisme modifie les requêtes en se basant sur des politiques de confidentialité avant leur résolution par 1' algorithme de composition, et il prend en considération les préférences des utilisateurs quant à la divulgation de leurs données privées. Le principal domaine d'application de notre approche est le domaine d'e-santé, où les services Web d'accès aux données sont utilisés pour partager les dossiers médicaux des patients. / In this dissertation, we propose a novel approach for the automatic composition of DaaS Web services (DaaS Data-gs-g-S.ervice Web services). Automatic DaaS Web service composition requires dealing with three major research thrusts: (i) describing the semantics of DaaS Web services, (ii) selecting and combining relevant DaaS Web services, and (iii) generating composite service descriptions (i.e. the compositions' plans). We first propose to model DaaS Web services as RDF views over domain ontologies. An RDF view allows capturing the semantics of the associated DaaS Web service in a "declarative" way based on concepts and relationships whose semantics are formally defined in domain ontologies. The service description files (i.e. WSDL files) are annotated with the defined RDF views using the extensibility feature of the WSDL standard. We then propose to use query rewriting techniques for selecting and composing DaaS Web services. Specifically, we devised an efficient RDF-oriented query rewriting algorithm that selects relevant services based ontheir defined RDF views and combines them to ans~wer a posed query. It also generates an execution plan for the obtained composition/s. Our algorithm takes into account the RDFS semantic constraints (i.e. "subClassOf", "subPropertyOf", "Domain" and "Range") and is able to address both specifie and parameterized queries. Since DaaS Web services may be used to access sensitive and private data; we also extended our DaaS service composition approach to handle data privacy concems. Posed queries are modified to accommodate pertaining privacy conditions from data privacy policies before their resolution by the core composition algorithm. Our proposed privacy preservation model takes user' s privacy preferences into account.

Services Web d'accès aux données

Composition des services web

Intégration des données

Confidentialité

DaaS Web Services

Service composition

Data Integration

Data Privacy

005.7

應用區塊鏈技術設計具資料隱私性之綠色供應鏈管理平台框架 / Using Blockchain Technology to Design a Green Supply Chain Management Information Platform Framework with Data Privacy

黃方佐

Unknown Date

在今日，實施綠色供應鏈管理不僅是遵守法規規範，更積極的是實施綠色供應鏈管理可為企業帶來更多競爭優勢，因此綠色供應鏈管理對企業而言越來越是值得探討與重視的議題。 目前綠色供應鏈管理平台的建立普遍是依賴政府或是第三方機構建立資料交換的機制，或是串接供應鏈上各個企業不同的企業系統達到資料交換的目的，然而這樣的做法有其風險。因為物料資料對企業來說是敏感且有價值的，企業須對提供儲存、資料交換服務的平台有高度信任度，且整個系統亦有中央集權式系統架構之缺陷。運用區塊鏈技術的特性可以解決這樣的問題，區塊鏈技術提供資料永久保存、不可篡改的分散式系統解決方案。本研究更近一步將區塊鏈技術結合加解密機制，讓資料僅有提供者本身以及其同意之查詢者能讀取，如此一來使得區塊鏈系統更具資料隱私之特性，並透過區塊鏈外部儲存系統的設計使儲存空間更易規模化，使得綠色供應鏈中大量、有價值物料資料之儲存、交換且須高度信賴物料資料不被篡改以及綠色認證不被篡改、偽造的這些議題能被解決。 / Nowadays, the implementation of green supply chain management system can bring more competitive advantages for enterprises. This issue is increasingly worthy of discussion. Until now, the establishment of green supply chain management platform generally depends on the government or third parties building the mechanism of exchanging the information, and connecting the various enterprises of different enterprises on supply chain to achieve the purpose of data exchange. However, the approach has risks. The features of blockchain technology can provide permanent preservation and tamper-proof system through the decentralized system solutions. Moreover, this study combines with data-privacy design and off-blockchain storage design to solve the problems of storaging and exchanging the valuable data and ensure material information and green certifications are tamper-proof.

綠色供應鏈管理平台

區塊鏈技術

資料隱私性

Green supply chain management platform

Blockchain technology

Data privacy

Smart Grid security : protecting users' privacy in smart grid applications

Mustafa, Mustafa Asan

January 2015

Smart Grid (SG) is an electrical grid enhanced with information and communication technology capabilities, so it can support two-way electricity and communication flows among various entities in the grid. The aim of SG is to make the electricity industry operate more efficiently and to provide electricity in a more secure, reliable and sustainable manner. Automated Meter Reading (AMR) and Smart Electric Vehicle (SEV) charging are two SG applications tipped to play a major role in achieving this aim. The AMR application allows different SG entities to collect users’ fine-grained metering data measured by users’ Smart Meters (SMs). The SEV charging application allows EVs’ charging parameters to be changed depending on the grid’s state in return for incentives for the EV owners. However, both applications impose risks on users’ privacy. Entities having access to users’ fine-grained metering data may use such data to infer individual users’ personal habits. In addition, users’ private information such as users’/EVs’ identities and charging locations could be exposed when EVs are charged. Entities may use such information to learn users’ whereabouts, thus breach their privacy. This thesis proposes secure and user privacy-preserving protocols to support AMR and SEV charging in an efficient, scalable and cost-effective manner. First, it investigates both applications. For AMR, (1) it specifies an extensive set of functional requirements taking into account the way liberalised electricity markets work and the interests of all SG entities, (2) it performs a comprehensive threat analysis, based on which, (3) it specifies security and privacy requirements, and (4) it proposes to divide users’ data into two types: operational data (used for grid management) and accountable data (used for billing). For SEV charging, (1) it specifies two modes of charging: price-driven mode and price-control-driven mode, and (2) it analyses two use-cases: price-driven roaming SEV charging at home location and price-control-driven roaming SEV charging at home location, by performing threat analysis and specifying sets of functional, security and privacy requirements for each of the two cases. Second, it proposes a novel Decentralized, Efficient, Privacy-preserving and Selective Aggregation (DEP2SA) protocol to allow SG entities to collect users’ fine-grained operational metering data while preserving users’ privacy. DEP2SA uses the homomorphic Paillier cryptosystem to ensure the confidentiality of the metering data during their transit and data aggregation process. To preserve users’ privacy with minimum performance penalty, users’ metering data are classified and aggregated accordingly by their respective local gateways based on the users’ locations and their contracted suppliers. In this way, authorised SG entities can only receive the aggregated data of users they have contracts with. DEP2SA has been analysed in terms of security, computational and communication overheads, and the results show that it is more secure, efficient and scalable as compared with related work. Third, it proposes a novel suite of five protocols to allow (1) suppliers to collect users accountable metering data, and (2) users (i) to access, manage and control their own metering data and (ii) to switch between electricity tariffs and suppliers, in an efficient and scalable manner. The main ideas are: (i) each SM to have a register, named accounting register, dedicated only for storing the user’s accountable data, (ii) this register is updated by design at a low frequency, (iii) the user’s supplier has unlimited access to this register, and (iv) the user cancustomise how often this register is updated with new data. The suite has been analysed in terms of security, computational and communication overheads. Fourth, it proposes a novel protocol, known as Roaming Electric Vehicle Charging and Billing, an Anonymous Multi-User (REVCBAMU) protocol, to support the priced-driven roaming SEV charging at home location. During a charging session, a roaming EV user uses a pseudonym of the EV (known only to the user’s contracted supplier) which is anonymously signed by the user’s private key. This protocol protects the user’s identity privacy from other suppliers as well as the user’s privacy of location from its own supplier. Further, it allows the user’s contracted supplier to authenticate the EV and the user. Using two-factor authentication approach a multi-user EV charging is supported and different legitimate EV users (e.g., family members) can be held accountable for their charging sessions. With each charging session, the EV uses a different pseudonym which prevents adversaries from linking the different charging sessions of the same EV. On an application level, REVCBAMU supports fair user billing, i.e., each user pays only for his/her own energy consumption, and an open EV marketplace in which EV users can safely choose among different remote host suppliers. The protocol has been analysed in terms of security and computational overheads.

621.31